YoVDO

Hardware Side Channels in Virtualized Environments

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Hardware Security Courses Side Channel Attacks Courses Cloud Security Courses Cache Attacks Courses

Course Description

Overview

Explore hardware side channel vulnerabilities in virtualized environments through this closing keynote from the Hack In The Box Security Conference. Delve into the landscape of side channel vulnerabilities, examining types possible under different virtualization scenarios and the fundamental principles of side-channel attacks. Contrast these against specific exploitations in cloud-based environments. Examine the attack surface of common cloud-based hardware side channels, including shared hardware stacks between supposedly isolated hosts. Witness demonstrations of two separate attacks - one in the cache and a novel side channel across the pipeline - to illustrate the discussed theories. Review potential mitigations at hardware, hypervisor, and client software levels, and gain insights into the future of side channels in cloud computing. Learn from security researcher Sophia D'Antoine, who shares her expertise in malicious applications of hardware side channels in virtualized environments, drawing from her graduate research at Rensselaer Polytechnic Institute and her work with LLVM on automated analysis, obfuscation, and transformation of execution paths.

Syllabus

#HITB2016AMS CLOSING KEYNOTE - Hardware Side Channels in Virtualized Environments - Sophia D'Antoine


Taught by

Hack In The Box Security Conference

Related Courses

Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
TheIACR via YouTube
When Good Turns Evil - Using Intel SGX to Stealthily Steal Bitcoins
Black Hat via YouTube
Dragonblood - Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd
IEEE via YouTube
NetCAT - Practical Cache Attacks from the Network
IEEE via YouTube
The 9 Lives of Bleichenbacher's CAT - New Cache Attacks on TLS Implementations
IEEE via YouTube