CS Colloquium - Daniel Gruss: Software-based Microarchitectural Attacks: What do we learn from Meltdown and Spectre?
In this talk, we will discuss software-based microarchitectural attacks, with a focus on Meltdown and Spectre.
Info about event
Time
Location
Nygaard-016 (5335-016). Åbogade 34, 8200 Aarhus N
Organizer
Abstract
In this talk, we will discuss software-based microarchitectural attacks, with a focus on Meltdown and Spectre. We will discuss memory timing and cache attacks. After building our first cache attack we will directly continue with Meltdown and Spectre. The talk will provide a detailed explanation of how these attacks fundamentally work. We will discuss countermeasures to protect against these attacks. Finally, we will discuss how we got into this situation with microarchitectural attacks and what we can learn from this development.
Bio
Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than 3 years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating systems. He implemented the first remote fault attack running in a website, known as Rowhammer.js. He frequently speaks at top international venues, such as Black Hat, Usenix Security, IEEE S&P, ACM CCS, Chaos Communication Congress, and others. His research team was one of the teams that found the Meltdown and Spectre bugs published in early 2018.