ICSA Faculty Talk - 27/10/2020
Talk Title: How do you solve a problem like a Spectre?
Abstract: At the start of 2018, the entire microprocessor industry was rocked by the revelation that out-of-order speculation, a technique ubiquitous since the early 1990s, was, and remains, a fundamental security flaw. An attacker can trick a victim, in an otherwise entirely correct program, into leaking its secrets through the effects of misspeculated execution, in a way that is entirely invisible to the programmer's model. This has serious implications for application sandboxing and inter process communication.
Given that out-of-order speculation is so fundamental to high-performance processors, designing efficient mitigations has been a significant challenge. I will first present MuonTrap, published at ISCA 2020, a technique that hides misspeculation across process boundaries by placing it in filter caches that can easily be wiped to prevent information leakage. I will then demonstrate why more comprehensive protection against all Spectre attacks is so challenging, with the latest attacks that can break most speculation-hiding mechanisms. Finally, I will demonstrate Strictness Ordering, a new constraint system that shows how we can entirely eliminate speculative side channel attacks, while still allowing complex speculation and data forwarding between speculative instructions.
Biography: Sam is a Lecturer in Systems and Hardware Security at the University of Edinburgh. His research involves new techniques for security, reliability and memory system performance across the hardware-software stack. This includes the MarkUs temporally safe allocator (S&P 2020), MuonTrap Spectre mitigations (ISCA 2020), The Guardian Council programmable security monitors (ASPLOS 2020), ParaMedic heterogeneous processor fault tolerance (DSN 2019) and Event-triggered Programmable Prefetchers (ASPLOS 2018). He received his PhD in 2018 and BA in 2014, both at Churchill College, University of Cambridge.