Seonglae ChoSpeculative Attack (is also Side channel attack)
If the CPU is convinced speculatively executes an instruction that operates on a secret, an attacker might be able to read this secret using a side-channel attack to access the side effect. This is the foundation for the transient execution attacks that follow.
효율적인 security 공격방법은 hardware상 해결을 위해서는 많은 performance를 희생해야하는, 즉 설계상 많은 퍼포먼스 이득을 가져다 주는 부분을 이용하면 공격이 쉽다. Speculative Execution 이나 Branch Prediction 처럼 해당 level에서 performance에 핵심적인 부분 파악이 중요하다.
Transient execution Attacks
- TLBleed
- TLB footprint used as side channel
- NetSpectre
- Spectre over the network
- Foreshadow (L1 Terminal Fault Attack)
- Compromises the promised security of SGX enclaves
Answering your questions about “Meltdown” and “Spectre” | Google Cloud Blog
This week, security vulnerabilities dubbed “Spectre” and “Meltdown” made news headlines. On Wednesday, we explained what these vulnerabilities are and how we're protecting you against them.
https://cloud.google.com/blog/topics/inside-google-cloud/answering-your-questions-about-meltdown-and-spectre?hl=en
Transient execution attacks
라온화이트햇 핵심연구팀 조진호
https://core-research-team.github.io/2020-07-01/Transient-execution-attacks
Mitigating Side-Channel Attacks
https://www.chromium.org/Home/chromium-security/ssca/