Seminars

NO.215 Microarchitectural Attacks and Defenses

Shonan Village Center

July 22 - 25, 2024 (Check-in: July 21, 2024 )

Organizers

  • Sebastien Bardin
    • Commissariat à l'Energie Atomique (CEA), France
  • Tamara Rezk
    • INRIA, France
  • Yuval Yarom
    • University of Adelaide, Australia
    • Ruhr University Bochum, Germany

Overview

Overview

In January 2018, two attacks called Spectre [1] and Meltdown [2] were made public and moved the history of cybersecurity to a new era. Indeed, Spectre and Meltdown, which were quickly followed by many other attacks [3] of the same class coined as transient execution attacks, demonstrated how an attacker could make use of speculative execution to exfiltrate secrets that were otherwise highly protected at the architectural level. The consequences of these attacks can be devastating and they affect most existing modern processors.

 Challenges regarding transient execution attacks and defenses include the consideration of hardware speculations, which are microarchitecture optimizations mostly ignored in the area of security before 2018. Hardware speculations are extremely complex to reason about (either for humans or for program analyzers) as they yield a dramatic explosion of the number of potential behaviours to consider [4] and they are complex mechanisms not always well documented by hardware providers. Hardware manufacturers and developers are facing an unprecedented need of security mechanisms to help identify, mitigate, and remove microarchitectural vulnerabilities.

 A first seminar on this topic is to be organized in Europe in November 2023 [5]. Our proposal aims at organizing a similar seminar in Asia in 2024. Our seminar proposal is to gather and encourage discussions among researchers and industry leaders in the area.

The aim of this meeting is to provide a forum to:

  • Discuss recent developments and issues regarding transient execution attacks, and more in general, microarchitectural attacks (a bigger class that include transient execution attacks);
  • Discuss the effectiveness of various security mechanisms, at the hardware, system, and software levels, in the face of the current overall vulnerability landscape.

  To achieve this aim we plan to bring together leading researchers and practitioners from three different domains: (1) microarchitectureal attacks, (2) system designers, and (3) formal methods. We expect that close interaction between these communities will facilitate better understanding of the area and initiate solutions that will allow broad defenses against this class of attacks.

 In particular, we plan to address the following questions: What are the latest trends in micro-architectural attacks and hardware speculation mechanisms? Which are the formal semantics appropriate to capture these attacks and speculations? Is it possible to design program analysis techniques that detect these attacks and/or prove their absence ? Which defenses are effective against different kinds of transient execution attacks? Which new hardware or software mechanisms could help mitigate these attacks?

 Finally, to promote discussions, we plan to organize breakout sessions with time to discuss different topics. We will encourage tutorials, brainstorming and working-group sessions rather than mere conference-like presentations.

  The organizers are well established researchers in the area. In particular, Yuval Yarom is one of the discoverers of Spectre [1] and Meltdown [2].

References

[1] Spectre Attacks: Exploiting Speculative Execution. Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom. https://meltdownattack.com/

[2] Meltdown: Reading Kernel Memory from User Space. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg. https://meltdownattack.com/

[3] A Systematic Evaluation of Transient Execution Attacks and Defenses. Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss. USENIX Security Symposium 2019.

[4] Hunting the Haunter - Efficient Relational Symbolic Execution for Spectre with Haunted RelSE. Lesly-Ann Daniel, S´ebastien Bardin, Tamara Rezk. NDSS 2021.

[5] MAD: Microarchitectural Attacks and Defenses Christopher W. Fletcher (University of Illinois – Urbana-Champaign, US) Marco Guarnieri (IMDEA Software Institute – Madrid, ES) David Kohlbrenner (University of Washington – Seattle, US) Cl´ementine Maurice (INRIA Lille, FR) Dagstuhl 2023. https://www.dagstuhl.de/en/program/calendar/semhp/?semnr=23481