Explore a groundbreaking security presentation from USENIX Security '23 that unveils the Downfall attacks, a new class of transient execution vulnerabilities affecting high-performance x86 CPUs. Learn how these attacks exploit the gather instruction to breach security boundaries between user-kernel, processes, virtual machines, and trusted execution environments. Discover the practical implications as the presenter demonstrates end-to-end attacks capable of stealing cryptographic keys, runtime data, and even arbitrary data at rest. Understand why these findings render previous defenses obsolete and necessitate critical hardware fixes and security updates for widely-used client and server computers. Gain valuable insights into the evolving landscape of computer security and the ongoing challenges in protecting against sophisticated exploits.
Overview
Syllabus
USENIX Security '23 - Downfall: Exploiting Speculative Data Gathering
Taught by
USENIX
Related Courses
-
Single Instruction Multiple Data Leaks in Cutting-edge CPUs - AKA Downfall
-
Foreshadow - Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
-
EPF - Evil Packet Filter
-
Shesha: Multi-head Microarchitectural Leakage Discovery in New-generation Intel Processors
-
Exploiting Unprotected I/O Operations in AMD's Secure Encrypted Virtualization
-
RIDL - Rogue In Flight Data Load
