Paul Harvey Profile picture
Jan 3, 2018 13 tweets 6 min read Read on X
Inspired by the #kpti #kaiser shenanigans of late - I collect (many!) papers, so here's a small selection/timeline relating to research on CPU side-channels over the years (by 2016 it got crazy so this is nowhere near complete):
- 2013-05-19 - "Practical Timing Side Channel Attacks against Kernel Space ASLR" by Hund et al. ieee-security.org/TC/SP2013/pape…
- 2014-01-01 - "CACHE-BASED SIDE-CHANNEL ATTACKS IN MULTI-TENANT PUBLIC CLOUDS AND THEIR COUNTERMEASURES" by Zhang pdfs.semanticscholar.org/95a2/40ac8a7bb…
- 2014-11-03 - "The Last Mile An Empirical Study of Timing Channels on seL4" by Cock et al research.davidcock.fastmail.fm/papers/Cock_GM… 2015-05-17 - "Last-Level Cache Side-Channel Attacks are Practical" by Liu et al palms.ee.princeton.edu/system/files/S…
- 2015-05-17 - "S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES" - by Irazoqui et al users.wpi.edu/~teisenbarth/p…
- 2016-03-07 - "Rigorous Analysis of Software Countermeasures against Cache Attacks" by Doychev et al. arxiv.org/pdf/1603.02187…
- 2017-03-20 - "CacheZoom: How SGX Amplifies The Power of Cache Attacks" by Moghimi - arxiv.org/pdf/1703.06986…
- 2016-10-?? - "Breaking Kernel Address Space Layout Randomization with Intel TSX" by Jang et al. sslab.gtisc.gatech.edu/assets/papers/…
- 2016-10-?? - "A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware" by Qian Ge et al eprint.iacr.org/2016/613
- 2016-10-24 - "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" by Gruss et al gruss.cc/files/prefetch…
- 2017-02-27 - "ASLR on the Line: Practical Cache Attacks on the MMU" by Gras & Kaveh et al cs.vu.nl/~herbertb/down…
- 2017-05-20 - "Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX" by Wang et al arxiv.org/pdf/1705.07289…
- 2017-06-24 - "Kaslr is dead: long live kaslr", "the KAISER paper" by Gruss et al gruss.cc/files/kaiser.p…
- 2017-10-?? - "LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization" by Gens et al jin.ece.ufl.edu/papers/RAID17.…
- 2017-06-?? - "Software-based Microarchitectural Attacks" by Gruss arxiv.org/abs/1706.05973 <--- Mr @lavados PhD thesis :)
... Apologies they're not quite chronological, these are scattered all over my zotero database; and most of all apologies for the lack of actually old papers on these topics, I'm sure at least some of these papers cite them or @cynicalsecurity knows them
I've been pulling together 30-odd papers I was going to write up, but I rediscovered MASCAB: a Micro-Architectural Side-Channel Attack Bibliography, which is a daunting, far more impressive list mainly related to attacks relevant to crypto implementation github.com/danpage/mascab/

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Paul Harvey

Paul Harvey Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(