YoVDO

Port Contention for Fun and Profit

Offered By: IEEE via YouTube

Tags

Side Channel Attacks Courses Cybersecurity Courses TLS Courses Intel SGX Courses

Course Description

Overview

Explore the intricacies of Simultaneous Multithreading (SMT) architectures as potential targets for side-channel attacks in this 22-minute IEEE conference talk. Delve into the concept of port contention as a high-resolution timing side-channel leakage source, which doesn't rely on the memory subsystem. Learn about an end-to-end attack implementation on Intel Skylake and Kaby Lake architectures with Hyper-Threading, demonstrating the recovery of a P-384 private key from an OpenSSL-powered TLS server. Discover how this attack method can be applied to shared libraries, static builds, and SGX enclaves, highlighting its wide-ranging implications. Gain insights into modern microarchitecture, execution engines, spatial resolution, and potential mitigations for this security vulnerability.

Syllabus

Introduction
Port Smash
Modern Microarchitecture
Execution Engine
Port Contention
Spy Process
Victim Process
Spatial Resolution
Proof of Attack
TLS
Intel SGX
Mitigations
Takeaway
Questions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Hardware Security
University of Maryland, College Park via Coursera
Cryptography and Information Theory
University of Colorado System via Coursera
Introduction to Software Side Channels and Mitigations
Graz University of Technology via edX
Side-Channel Security: Developing a Side-Channel Mindset
Graz University of Technology via edX
Physical and Advanced Side-Channel Attacks
Graz University of Technology via edX