YoVDO

Mitigating Spectre Attacks Using CFI Informed Speculation

Offered By: IEEE via YouTube

Tags

Control-Flow Integrity Courses Cybersecurity Courses Performance Evaluation Courses Software Security Courses CPU Architecture Courses Speculative Execution Courses

Course Description

Overview

Explore a comprehensive conference talk on SPECCFI, a novel approach to mitigating Spectre attacks using Control-Flow Integrity (CFI) informed speculation. Delve into the intricacies of this security technique designed to prevent speculative control-flow hijacking in modern CPUs. Learn about the implementation of CFI principles to constrain illegal control-flow during speculative execution, focusing on both forward and backward control-flow paths. Discover how SPECCFI combines with existing solutions to address all known non-vendor-specific Spectre vulnerabilities. Examine the talk's coverage of micro-architectural attacks, Spectre attack steps, related work, and ISA extensions. Gain insights into the main design, including CFG computation, SPECCFI under attack scenarios, and backward-edge defense mechanisms. Analyze the implementation details, security evaluation, and performance assessment of this innovative approach to enhancing CPU security against speculative execution vulnerabilities.

Syllabus

Intro
Micro-Architectural Attacks
Spectre Attack Steps
Related Work
Instructions Set Architecture (ISA) Extension
Main design: compute CFG(2)
SPECCFI Under Attack
Backward-edge Defense
Implementation
Security Evaluation
Performance Evaluation


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network