Speculative Attack (is also Side channel attack)
If the CPU is convinced speculatively executes an instruction that operates on a secret, an attacker might be able to read this secret using a side-channel attack to access the side effect. This is the foundation for the transient execution attacks that follow.
효율적인 security 공격방법은 hardware상 해결을 위해서는 많은 performance를 희생해야하는, 즉 설계상 많은 퍼포먼스 이득을 가져다 주는 부분을 이용하면 공격이 쉽다. Speculative Execution 이나 Branch Prediction 처럼 해당 level에서 performance에 핵심적인 부분 파악이 중요하다.
Transient execution Attacks
- TLBleed
- TLB footprint used as side channel
- NetSpectre
- Spectre over the network
- Foreshadow (L1 Terminal Fault Attack)
- Compromises the promised security of SGX enclaves
