ABSTRACT: In this talk we will deepen our understanding of transient execution attacks and defenses. We will discuss the differences between all the Spectre variants in terms of microarchitectural (prediction) elements, the attacker model, and the attack strategy. We will discuss blank spots that we should look at in the future.
With this knowledge we are prepared to discuss which defenses against transient execution attacks are effective. We will see that there are good defenses, but most are neither effective nor efficient. Finally we will discuss open problems for defenses.
Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than 3 years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. He frequently speaks at top international venues, such as Black Hat, Usenix Security, IEEE S&P, ACM CCS, Chaos Communication Congress, and others. His research team was one of the teams that found the Meltdown and Spectre bugs published in early 2018.