Completed
Spectre (variant 2): indirect branches
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Wrangling with the Ghost - An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Exploring a new vulnerability class Microsoft first learned about these issues in June, 2017 when a CPU partner notified us
- 3 Why does Microsoft care about these issues?
- 4 Parallelism and speculation
- 5 Out-of-order execution
- 6 General definition of speculative execution
- 7 Spectre and Meltdown
- 8 Spectre (variant 1): conditional branches
- 9 Spectre (variant 2): indirect branches
- 10 Meltdown (variant 3): exception deferral
- 11 Why create a taxonomy? • Designing robust mitigations requires a systematic approach
- 12 1. Gaining speculation: speculation primitives
- 13 2. Maintaining speculation: windowing gadgets
- 14 Observing the results: disclosure primitives . Finally the attacker needs to read the results from the side channel • Example: check if a cache line was loaded
- 15 The four components of speculation techniques
- 16 Relevance to software security models
- 17 Defining our mitigation tactics The systematization we developed provides the basis for defining our mitigation tactics
- 18 Speculation barrier via execution serializing instruction
- 19 Security domain CPU core isolation
- 20 Indirect branch speculation barrier on demand & mode change
- 21 Split user and kernel page tables (KVA Shadow)
- 22 Decrease browser timer precision
- 23 Mitigation relationship to attack scenarios & primitives
- 24 New variants & mitigations
- 25 Resources • Microsoft Speculative Execution Side Channel Bounty
