This talk focuses on speculative execution attacks, a recent class of vulnerabilities that has disrupted the computer security landscape. We present methodology and tooling to analyse the speculative behaviour of the CPU and study the effectiveness of attacks and defences. Methodology and tooling help us discover new ways in which an adversary may disrupt the speculative control flow of a victim, and new ways in which it can extract sensitive information from a target system. This is joint work between the security group of IBM Research - Zurich, EPFL and Northeastern University.
- Полезное видео