YoVDO

Rage Against The Machine Clear

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Hardware Security Courses Microarchitectural Attacks Courses

Course Description

Overview

Explore the latest developments in transient execution attacks and their root causes in this 40-minute conference talk from the Hack In The Box Security Conference. Delve into previously unexplored machine clear events, including Floating Point MC, Self-Modifying Code MC, Memory Ordering MC, and Memory Disambiguation MC. Discover new attack primitives like Floating Point Value Injection (FPVI) and Speculative Code Store Bypass (SCSB), and learn about an end-to-end FPVI exploit on the Mozilla SpiderMonkey JavaScript engine. Examine proposed mitigations for these attack primitives and their performance impact. Gain insights into a new root cause-based classification of known transient execution paths, presented by Ph.D. researchers Enrico Barberis and Hany Ragab from the System Security Group at Vrije Universiteit Amsterdam.

Syllabus

Intro
Side Channels 101
Bad Speculation
Rage Against The Machine Clear
Security Analysis of Machine Clear
Self-Modifying Code Machine Clear
Speculative Code Store Bypass (SCSB)
Memory Ordering Machine Clear
Floating-Point Machine Clear
3. Memory Leak
4. ASLR Bypass
Floating-Point Value Injection (FPVI)
Memory Disambiguation Machine Clear
Transient Execution Capabilities
Root-Cause Classification of Transient Execution
Disclosure & Affected CPUs


Taught by

Hack In The Box Security Conference

Related Courses

Browser Hacking With ANGLE
Hack In The Box Security Conference via YouTube
Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube
Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube
ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube
Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube