Overview
This course aims to teach learners about Downfall attacks, a type of transient execution attack that compromises the security of computers. By exploiting the gather instruction on high-performance x86 CPUs, students will learn how to leak data across various boundaries, such as user-kernel, processes, virtual machines, and trusted execution environments. The course covers practical attacks to steal cryptographic keys, program runtime data, and even data at rest. Participants will also explore exploitation techniques that surpass previous defenses, highlighting the need for critical hardware fixes and security updates. The intended audience for this course includes cybersecurity professionals, computer science students, and individuals interested in computer security.
Syllabus
USENIX Security '23 - Downfall: Exploiting Speculative Data Gathering
Taught by
USENIX