Overview
This course aims to explore the root causes of transient execution attacks, specifically focusing on machine clears. By analyzing various types of machine clears such as Floating Point MC, Self-Modifying Code MC, Memory Ordering MC, and Memory Disambiguation MC, participants will learn how these events create new transient execution windows and attack primitives. The course covers topics like FPVI, SCSB, memory leaks, ASLR bypass, and provides insights into mitigations for these attack primitives. The teaching method involves in-depth security analysis, case studies, and proposing mitigations with performance evaluations. This course is intended for individuals interested in hardware security, microarchitectural attacks, and system vulnerabilities.
Syllabus
Intro
Side Channels 101
Bad Speculation
Rage Against The Machine Clear
Security Analysis of Machine Clear
Self-Modifying Code Machine Clear
Speculative Code Store Bypass (SCSB)
Memory Ordering Machine Clear
Floating-Point Machine Clear
3. Memory Leak
4. ASLR Bypass
Floating-Point Value Injection (FPVI)
Memory Disambiguation Machine Clear
Transient Execution Capabilities
Root-Cause Classification of Transient Execution
Disclosure & Affected CPUs
Taught by
Hack In The Box Security Conference