BloomTech’s Downfall: A Long Time Coming

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Wrangling with the Ghost - An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities

Black Hat via YouTube

Start learning Write review

Overview

This course delves into Microsoft's approach to researching and mitigating speculative execution side channel vulnerabilities. The learning outcomes include understanding the importance of these vulnerabilities, exploring different types such as Spectre and Meltdown, and creating a taxonomy for designing robust mitigations. The course teaches skills like speculation primitives, windowing gadgets, and mitigation tactics such as speculation barriers and CPU core isolation. The teaching method involves a presentation by industry experts. The intended audience includes cybersecurity professionals, software developers, and individuals interested in software security and system vulnerabilities.

Syllabus

Intro
Exploring a new vulnerability class Microsoft first learned about these issues in June, 2017 when a CPU partner notified us
Why does Microsoft care about these issues?
Parallelism and speculation
Out-of-order execution
General definition of speculative execution
Spectre and Meltdown
Spectre (variant 1): conditional branches
Spectre (variant 2): indirect branches
Meltdown (variant 3): exception deferral
Why create a taxonomy? • Designing robust mitigations requires a systematic approach
1. Gaining speculation: speculation primitives
2. Maintaining speculation: windowing gadgets
Observing the results: disclosure primitives . Finally the attacker needs to read the results from the side channel • Example: check if a cache line was loaded
The four components of speculation techniques
Relevance to software security models
Defining our mitigation tactics The systematization we developed provides the basis for defining our mitigation tactics
Speculation barrier via execution serializing instruction
Security domain CPU core isolation
Indirect branch speculation barrier on demand & mode change
Split user and kernel page tables (KVA Shadow)
Decrease browser timer precision
Mitigation relationship to attack scenarios & primitives
New variants & mitigations
Resources • Microsoft Speculative Execution Side Channel Bounty

Taught by

Black Hat

Reviews

Start your review of Wrangling with the Ghost - An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.