Created
September 5, 2019 17:52
-
-
Save renxida/4134a6ef954bc9d16eef5b0e6e5815ea to your computer and use it in GitHub Desktop.
Notes on Intel Whitepaper: Speculative execution side channel mitigations
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Introduction | |
| The whitepaper can be found at | |
| https://software.intel.com/security-software-guidance/api-app/sites/default/files/336996-Speculative-Execution-Side-Channel-Mitigations.pdf | |
| This paper describes 3 main side channel attacks, and ways to mitigate them. | |
| # Attacks | |
| ## Branch Target Injection | |
| ### The optimization: indirect branch prediction. | |
| By predicting which branch is taken and speculatively executing instructions before knowing which branch is going to be taken, branch prediction results in better use of superscaler (pipelined) processors. | |
| Indirect, in the sense that the address to jump to is not encoded in the assembler code. For example, writing the program counter register, or jumping to the address stored in another register. | |
| ### The exploit: branch target injection | |
| The attacker chooses code that could leak information when speculatively executed, then leads the branch predictor to speculatively branch onto that code, thereby gaining information on program secrets. | |
| The reason why this works has to do with hyperthreading, whereby | |
| ### The mitigations | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment