Speculator: Towards speculative execution debugging

Thu 24Oct2019
Since June 2016 you need to have a valid API key enabled to display Google maps, see plugin settings

Andrea Mambretti, Northeastern University

From 12.00 until 13.30

At CNB/F/110 (Lunch) + CAB/F/100.9 (Seminar), ETH Zurich

Universitätstrasse 6, 8092 Zurich


Since early 2018, with Spectre and Meltdown, a novel attack surface concerning speculative execution was discovered and successfully exploited. These new attacks are able to break privilege boundaries and leak sensitive data. New attacks and variants were presented ever since, but I believe much of the attack surface is still unexplored due to the different environment these attacks take place and the lack of tools to proper explore and debug such attacks.

In this talk, I present two new techniques to exploit speculative execution through Branch Target Injection (BTI) and a novel tool, SPECULATOR, that leverage performance counters with the specific purpose of studying speculative execution. Furthermore, I present further findings on CPU behaviors, current mitigations and other attacks techniques I explored using SPECULATOR.

Download Event to Calendar