SecAppDev 2019 has ended
Back To Schedule
Friday, February 22 • 09:00 - 10:30
The Foreshadow attack - from a simple oversight to a technological nightmare

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

2018 was the year speculative execution vulnerabilities caused havoc in the IT industry. In this talk, we discuss the Foreshadow/L1TF vulnerability, its cause, its impact and how to mitigate it.

Today's societies rely heavily on isolation mechanisms provided by microprocessors. Unfortunately, this year it became clear that chip designers made serious security errors during the design of their processors. By exploiting subtle design flaws, attackers can break such fundamental isolation primitives.

Last August, we disclosed our Foreshadow attack after going through an 8-month coordinated disclosure process with Intel. This attack enables attackers to access any data present in the L1D cache, even across protection domains. This required both microcode patches as significant changes in the process and virtual machine scheduler. The total cost of these defenses runs in the billions of dollars. In this session, we will discuss how Foreshadow and related speculative execution attacks operate, how the vulnerabilities they exploit got introduced in the first place, and how they got mitigated. We will also discuss how the industry as a whole should prepare for any future attacks to come.

This session is intended for anyone interested in how low-level security architectures can be bypassed by speculative execution side-channels.


Raoul Strackx

Post-doc, KU Leuven

Friday February 22, 2019 09:00 - 10:30 CET
West wing (room Lemaître)