Completed
Defining our mitigation tactics The systematization we developed provides the basis for defining our mitigation tactics
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Wrangling with the Ghost - An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Exploring a new vulnerability class Microsoft first learned about these issues in June, 2017 when a CPU partner notified us
- 3 Why does Microsoft care about these issues?
- 4 Parallelism and speculation
- 5 Out-of-order execution
- 6 General definition of speculative execution
- 7 Spectre and Meltdown
- 8 Spectre (variant 1): conditional branches
- 9 Spectre (variant 2): indirect branches
- 10 Meltdown (variant 3): exception deferral
- 11 Why create a taxonomy? • Designing robust mitigations requires a systematic approach
- 12 1. Gaining speculation: speculation primitives
- 13 2. Maintaining speculation: windowing gadgets
- 14 Observing the results: disclosure primitives . Finally the attacker needs to read the results from the side channel • Example: check if a cache line was loaded
- 15 The four components of speculation techniques
- 16 Relevance to software security models
- 17 Defining our mitigation tactics The systematization we developed provides the basis for defining our mitigation tactics
- 18 Speculation barrier via execution serializing instruction
- 19 Security domain CPU core isolation
- 20 Indirect branch speculation barrier on demand & mode change
- 21 Split user and kernel page tables (KVA Shadow)
- 22 Decrease browser timer precision
- 23 Mitigation relationship to attack scenarios & primitives
- 24 New variants & mitigations
- 25 Resources • Microsoft Speculative Execution Side Channel Bounty
