Speculative Execution and Cache Attacks
Speculative Execution and Cache Attacks
Speculative execution is a strategy to improve CPUs' performance by executing instructions prior to knowing whether those instructions will need to be executed. While originally considered to be innocuous, speculative execution was brought into the spotlight with the 2018 publication of the Spectre and Meltdown attacks. Those attacks demonstrated that microarchitectural side channels can leak sensitive data accessed by speculatively executed instructions that are not part of the normal program execution. In this talk, I will present the investigation on speculative execution and cache attacks. The first part will focus on exploiting transient execution to improve cache attacks. I will introduce the Prime+Store attack that decouples the sampling of cache states from the measurement of said states. This enables a high-resolution cache attack with a low-resolution timer, demonstrating that reducing a timer resolution does not protect against cache attacks. The second part will focus on speculative out-of-order execution, and I will introduce the Evict+Spec+Time attack. It is an order of magnitude more efficient than Evict+Time when attacking a T-table-based implementation of AES. For attacking an S-box-based implementation of AES, the Evict+Spec+Time attack is possible even with generic features of out-of-order execution, which is in contrast to previous works that require fine-grained control of victim execution.
Based on the following work:
- Daniel Katzman, William Kosasih, Chitchanok Chuengsatiansup, Eyal Ronen, and Yuval Yarom. 'The Gates of Time: Improving Cache Attacks with Transient Execution', USENIX Security 2023.
- Shing Hing William Cheng, Chitchanok Chuengsatiansup, Daniel Genkin, Dallas McNeil, Toby Murray, Yuval Yarom, and Zhiyuan Zhang. 'Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks', TCHES 2024 (to appear).
Click the link below to join the seminar at the following time
Melbourne (AEST) : 6 Aug 2024 11:00 AM
Japan (JST) : 6 Aug 2024 10:00 AM
China (CST) : 6 Aug 2024 9:00 AM
India (IST) : 6 Aug 2024 6:30 AM
Central Europe (CEST) : 6 Aug 2024 3:00 AM
New York (EDT) : 5 Aug 2024 9:00 PM
Los Angeles (PDT) : 5 Aug 2024 6:00 PM
Join seminar
Webinar passcode: 720709 (if asked when joining the seminar)
About the speaker
Senior Lecturer, University of Melbourne
Dr. Chitchanok Chuengsatiansup is a Senior Lecturer at University of Melbourne. Her research covers cryptographic engineering, side-channel analysis, and high-assurance software, where she attracts competitive research funding such as Google Research Scholar, ARC DP, and NISDRG. She received the Distinguished Paper Award (PLDI 2023) and the Humies Gold Award (GECCO 2023) for her work on automatic cryptographic code generation, CryptOpt, which has been integrated into Google's products. Her work on the post-quantum scheme NTRU Prime has been selected as an alternative candidate in the NIST Post-Quantum Cryptography Standardization and is now a default option in OpenSSH.
Monash University values the privacy of every individual's personal information and is committed to the protection of that information from unauthorised use and disclosure except where permitted by law. For information about the handling of your personal information please see Data Protection and Privacy Procedure and the relevant Data Protection and Privacy Collection Statement that applies to you depending on the nature of your interaction with us.
If you have any questions about how Monash University is collecting and handling your personal information, please contact our Data Protection and Privacy Office at dataprotectionofficer@monash.edu.