| Date | Feb. 18th, 2020 |
|---|---|
| Speaker | Nael Abu-Ghazaleh UC Riverside |
| Title | Secure speculative execution in the age of Spectre and Meltdown |
| Abstract |
Modern computing systems are under attack by increasingly motivated and sophisticated attackers. Recently, the Meltdown and Spectre attacks have demonstrated that security is not only a software problem, but that the hardware components can expose software-exploitable vulnerabilities. These attacks exploit the core paradigm used to build modern high performance CPUs: speculative out of order execution. It is not clear how to build CPUs that are both secure and performant. In this talk, I will first introduce these attacks using examples of SpectreRSB, a speculation attack that exploits the Return Stack Buffer, which is a structure in modern processors used to predict the return address of a function. I will then discuss two ideas to build next generation CPUs to enable secure speculation without sacrificing performance. In particular, SafeSpec hides the effects of speculation until an instruction is committed. In contrast, SpecCFI leverages principles of control flow integrity to restrict speculation to occur only to legal points within the program. |
| Bio | Nael Abu-Ghazaleh is a Professor in the Computer Science and Engineering as well as the Electrical and Computer Engineering Departments at the University of California, Riverside. He also serves as the director for the Computer Engineering Program. His research is in architecture support for computer system security, high performance computing, and networked and distributed systems. He has published around 200 papers in these areas, several of which have been recognized with best paper awards or nominations. His hardware security research has resulted in the discovery of several new attacks that have been disclosed to companies including Intel, AMD, ARM, Apple, Microsoft and Nvidia, and received wide coverage from technical news outlets. |
| Resources |