RISC-V Summit 2022 has ended
December 13-14, 2022 | San Jose, CA + Virtual
Learn More & Register Now
Virtual Event Access
Back To Schedule
Thursday, December 15 • 9:00am - 9:55am
Tutorial: Side-Channel Attacks and Transient Execution Vulnerabilities & RISC-V CFI - Allison Randal, Rivos & Giorgos Christou, Forth

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Side Channel
An unfortunate truth of modern hardware security is that secure ISA design is not sufficient to guarantee the security of the system. Microarchitectural techniques for violating confidentiality and integrity are on the rise, including a disturbing variety of software-induced hardware attacks. The basic idea of leaking secrets through side channels has been around for a long time, but the earliest forms of these attacks were regarded as too difficult to exploit, and so were often ignored by hardware designers and vendors. Side-channel attack techniques have continued to evolve over the decades to use different channels (such as, power analysis, EM analysis, fault analysis, and timing analysis), to be easier to exploit, and to leak more information more rapidly. A series of vulnerabilities related to transient (speculative) execution rose to attention in 2018, called Spectre and Meltdown. These vulnerabilities used side-channel attack techniques, but combined them in a more sophisticated way, and with a more severe security impact, than previously considered possible. 5 years on, it turns out that Meltdown-type attacks are relatively easy to prevent with a small but intelligent change to the microarchitecture design. Spectre-type attacks have proven more difficult to tackle, not because preventing them is impossible, but because the solutions that actually work have untenable performance penalties. New varieties of transient execution vulnerabilities continue to be discovered on a regular basis, and the industry has only barely scratched the surface of vulnerabilities that are possible using new side-channel attack techniques. Consideration of microarchitecural side channels has become a necessity in modern hardware design, and vendors are faced with tough choices in the trade-offs between security, performance, power, and die area. This tutorial captures essential knowledge that every hardware engineer should have about side-channel attacks and the transient execution vulnerabilities, as well as approaches to limit their impact for CPU and SoC designers, system integrators, and end users.

Software exploitation is a major issue in computer systems for decades. Nowadays exploiting software is not as trivial as smashing the stack, but attackers come up with more and more sophisticated techniques in order to bypass deployed defenses. In this tutorial we are going to review the discussions that took part during the Control Flow Integrity Special Interest Group meetings. We will first present how the attacks evolved in order to bypass deployed defenses. Following, we will discuss notable detection and protection techniques presented in academia. Next, we will present extensions included in recent processors as well as their benefits and disadvantages. Finally, we will present a short overview of what we propose for RISC-V architecture.


Giorgos Christou

PhD student, Forth
George Christou received his BSc and MSc degree in Computer Science from the University of Crete in 2014 and 2017 respectively. He is currently a Ph.D. candidate in the Computer Science Department of University of Crete under the supervision of Prof. Sotiris Ioannidis. He has been... Read More →

Allison Randal

Principal MTS, Rivos
Allison is an open source/hardware strategist. She is co-chair of the Microarchitecture Side Channels SIG at RISC-V International, a board member at the Open Infrastructure Foundation, a board member at the Software Freedom Conservancy, and a board member at Open Usage Commons. At... Read More →

Thursday December 15, 2022 9:00am - 9:55am PST
Grand Ballroom 220 B