RIDL: Rogue In-Flight Data Load
Speaker: Sebastian Österlund
Speculative execution bugs in modern CPUs popped up out of nowhere, but the worst of the nightmare appears to be over. While Spectre-style attacks will be with us forever, a variety of mitigations have been implemented to protect us against Intel CPU vulnerabilities such as Meltdown and Foreshadow. Browser vendors have implemented process isolation, and Intel even have silicon fixes in their latest CPUs. Do you feel safe?
We destroy these mitigations by taking a skeptical look at their
assumptions, and reveal that unprivileged userspace applications
can steal data by simply ignoring security boundaries -- after
all, what do address spaces and privilege levels mean to Intel's CPU
pipeline? Using our RIDL attacks, we'll steal secrets from SGX using
Sebastian is a Ph.D. student in the Systems and Network Security Group (VUSec) at the Vrije Universiteit Amsterdam. His interests include memory safety, operating systems defenses, and Fuzzing.
Previously he has worked on kMVX, a comprehensive kernel defense against information leaks using multi-variant execution, and more recently has worked on finding software bugs through directed fuzzing.