Talk Title:

Side Channel Attacks: Lessons Learned or Troubles Ahead?

Abstract:

The security and architecture communities will remember the past five years as the era of side channels. Starting from Spectre and Meltdown, time and again we have seen how basic performance-improving features can be exploited to violate fundamental security guarantees. Making things worse, the rise of side channels points to a much larger problem, namely the presence of large gaps in the hardware-software execution contract on modern hardware.

In this talk, I will give an overview of this gap, focusing on new security issues on emerging CPUs. First, I will give a high-level survey on speculative execution attacks such as Spectre and Meltdown. I will then talk about iLeakage, showing how speculative attacks are still a threat to browser isolation primitives, despite numerous mitigation attempts. Finally, I will discuss security issues involving violation of constant time guarantees due to data-memory prefetching, resulting in the GoFetch attack.

The talk will be interactive and include attack demonstrations.

Speaker Bio:

Daniel Genkin is an Alan and Anne Taetle Early Career Associate Professor at the School of Cybersecurity and Privacy at Georgia Tech. Daniel’s research interests are in hardware and system security, with particular focus on side channel attacks and defenses. Daniel’s work has been recognized by multiple academic and industry venues, as well as covered by national and scientific press. Recently, Daniel has been part of the team performing the first analysis of speculative and transient execution, resulting in the discovery of Spectre, Meltdown and follow ups. Daniel has a PhD in Computer Science from the Technion - Israel Institute of Technology and has been awarded the 2024 Alfred P. Sloan Research Fellowship.