Andrea Mambretti, Northeastern University
From 12.00 until 13.30
At CNB/F/110 (Lunch) + CAB/F/100.9 (Seminar), ETH Zurich
Universitätstrasse 6, 8092 Zurich
Since early 2018, with Spectre and Meltdown, a novel attack surface concerning speculative execution was discovered and successfully exploited. These new attacks are able to break privilege boundaries and leak sensitive data. New attacks and variants were presented ever since, but I believe much of the attack surface is still unexplored due to the different environment these attacks take place and the lack of tools to proper explore and debug such attacks.
In this talk, I present two new techniques to exploit speculative execution through Branch Target Injection (BTI) and a novel tool, SPECULATOR, that leverage performance counters with the specific purpose of studying speculative execution. Furthermore, I present further findings on CPU behaviors, current mitigations and other attacks techniques I explored using SPECULATOR.