On Subnormal Floating Point and Abnormal Timing

Explore a critical security vulnerability in modern x86 processors through this 23-minute IEEE conference talk. Delve into the timing channel discovered in floating point instructions, where addition and multiplication operations can vary drastically in execution time based on their operands. Examine the benchmark developed to measure this timing variability and its implications. Witness practical attacks demonstrated on Firefox browser versions 23-27 and the Fuzz differentially private database, exploiting this vulnerability. Learn about the initial efforts to mitigate floating point data timing channels through the introduction of libfixedtimefixedpoint, a constant-time math library. Gain insights into the complexity and subtlety of modern floating point standards and implementations, emphasizing the need for increased awareness in the security community and further research on the security implications of floating point instructions in critical software.