Security Update:Meltdown and Spectre Side-Channel Vulnerabilities
ثبت نشده
چکیده
منابع مشابه
SPECTRE: A Tool for Inferring, Specifying and Enforcing Web-Security Policies
Implementing web-applications securely is a laborious and error-prone task; as a result a large number of (professionally designed) websites suffer from serious application-level security vulnerabilities. In this paper we describe SPECTRE, a tool which helps to secure dynamic web-applications. As well as aiding in the development process of new applications SPECTRE can also be used to fix vulne...
متن کاملMeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols
The recent Meltdown [9] and Spectre [8] attacks highlight the importance of automated verification techniques for identifying hardware security vulnerabilities. We have developed a tool for automatically synthesizing microarchitecture-specific programs capable of producing any user-specified hardware execution pattern of interest. Our tool takes two inputs: (i) a formal description of a microar...
متن کاملSoftware mitigations to hedge AES against cache-based software side channel vulnerabilities
Hardware side channel vulnerabilities have been studied for many years in embedded silicon-security arena including SmartCards, SetTop-boxes, etc. However, because various recent security activities have goals of improving the software isolation properties of PC platforms, software side channels have become a subject of interest. Recent publications discussed cache-based software side channel v...
متن کاملTransforming Out Timing Leaks, More or Less
We experimentally evaluate program transformations for removing timing side-channel vulnerabilities wrt. security and overhead. Our study of four well-known transformations confirms that their performance overhead differs substantially. A novelty of our work is the empirical investigation of channel bandwidths, which clarifies that the transformations also differ wrt. how much security they add...
متن کاملStatic Detection of Asymptotic Resource Side-Channel Vulnerabilities in Web Application
Web applications can leak confidential user information due to the presence of unintended side-channel vulnerabilities in code. One particularly subtle class of side-channel vulnerabilities arises due to resource usage imbalances along different execution paths of a program. Such side-channel vulnerabilities are especially severe if the resource usage imbalance is asymptotic. This paper formali...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2018