Explore the groundbreaking research on Rogue In-Flight Data Load (RIDL), a new class of speculative execution attacks, presented at the 2019 IEEE Symposium on Security & Privacy. Delve into the vulnerabilities originating from micro-optimizations in commodity processors, particularly Intel, which allow unprivileged attackers to leak arbitrary data across address spaces and privilege boundaries. Understand how RIDL differs from other speculative execution attacks like Spectre, Meltdown, and Foreshadow by exploiting CPU-internal in-flight data without relying on cache or translation data structure states. Examine the worrisome implications of RIDL attacks, including their ability to be implemented from linear execution without invalid page faults, enabling system-wide attacks from unprivileged code. Learn about practical exploits demonstrating RIDL's capability to leak sensitive information from various sources, including victim processes, virtual machines, kernel, SGX, and CPU-internal components. Discover why RIDL bypasses existing software and hardware mitigations, challenging the effectiveness of per-variant, spot mitigation strategies and highlighting the need for more fundamental defenses against emerging speculative execution attacks.
Overview
Syllabus
RIDL: Rogue In-Flight Data Load
Taught by
IEEE Symposium on Security and Privacy