The Code That Never Ran - Modeling Attacks on Speculative Evaluation
Offered By: IEEE via YouTube
Course Description
Overview
Explore a 17-minute IEEE conference talk that delves into modeling attacks on speculative evaluation. Gain insights into the Spectre attack and its exploitation of dynamic security checks, speculative evaluation, and cache timing. Discover a proposed pomset-based model designed to capture speculative evaluation, which is abstract enough to express known attacks like Spectre and Prime+Abort while verifying their countermeasures. Learn about the model's potential to predict new information flow attacks, including two novel attacks exploiting compiler optimizations. Understand how these attacks were experimentally validated against gcc and clang, and grasp the importance of formal modeling in identifying and mitigating security vulnerabilities in modern computer architectures.
Syllabus
The Code That Never Ran: Modeling Attacks on Speculative Evaluation
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight