Explore the latest developments in transient execution attacks and their root causes in this 40-minute conference talk from the Hack In The Box Security Conference. Delve into previously unexplored machine clear events, including Floating Point MC, Self-Modifying Code MC, Memory Ordering MC, and Memory Disambiguation MC. Discover new attack primitives like Floating Point Value Injection (FPVI) and Speculative Code Store Bypass (SCSB), and learn about an end-to-end FPVI exploit on the Mozilla SpiderMonkey JavaScript engine. Examine proposed mitigations for these attack primitives and their performance impact. Gain insights into a new root cause-based classification of known transient execution paths, presented by Ph.D. researchers Enrico Barberis and Hany Ragab from the System Security Group at Vrije Universiteit Amsterdam.
Overview
Syllabus
Intro
Side Channels 101
Bad Speculation
Rage Against The Machine Clear
Security Analysis of Machine Clear
Self-Modifying Code Machine Clear
Speculative Code Store Bypass (SCSB)
Memory Ordering Machine Clear
Floating-Point Machine Clear
3. Memory Leak
4. ASLR Bypass
Floating-Point Value Injection (FPVI)
Memory Disambiguation Machine Clear
Transient Execution Capabilities
Root-Cause Classification of Transient Execution
Disclosure & Affected CPUs
Taught by
Hack In The Box Security Conference
