Read on Twitter
Inspired by the #kpti #kaiser shenanigans of late - I collect (many!) papers, so here's a small selection/timeline relating to research on CPU side-channels over the years (by 2016 it got crazy so this is nowhere near complete):
- 2013-05-19 - "Practical Timing Side Channel Attacks against Kernel Space ASLR" by Hund et al. ieee-security.org/TC/SP2013/pape…
- 2014-01-01 - "CACHE-BASED SIDE-CHANNEL ATTACKS IN MULTI-TENANT PUBLIC CLOUDS AND THEIR COUNTERMEASURES" by Zhang pdfs.semanticscholar.org/95a2/40ac8a7bb…
- 2014-01-01 - "CACHE-BASED SIDE-CHANNEL ATTACKS IN MULTI-TENANT PUBLIC CLOUDS AND THEIR COUNTERMEASURES" by Zhang pdfs.semanticscholar.org/95a2/40ac8a7bb…
- 2014-11-03 - "The Last Mile An Empirical Study of Timing Channels on seL4" by Cock et al research.davidcock.fastmail.fm/papers/Cock_GM… 2015-05-17 - "Last-Level Cache Side-Channel Attacks are Practical" by Liu et al palms.ee.princeton.edu/system/files/S…
- 2015-05-17 - "S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES" - by Irazoqui et al users.wpi.edu/~teisenbarth/p…
- 2016-03-07 - "Rigorous Analysis of Software Countermeasures against Cache Attacks" by Doychev et al. arxiv.org/pdf/1603.02187…
- 2017-03-20 - "CacheZoom: How SGX Amplifies The Power of Cache Attacks" by Moghimi - arxiv.org/pdf/1703.06986…
- 2017-03-20 - "CacheZoom: How SGX Amplifies The Power of Cache Attacks" by Moghimi - arxiv.org/pdf/1703.06986…
- 2016-10-?? - "Breaking Kernel Address Space Layout Randomization with Intel TSX" by Jang et al. sslab.gtisc.gatech.edu/assets/papers/…
- 2016-10-?? - "A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware" by Qian Ge et al eprint.iacr.org/2016/613
- 2016-10-24 - "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" by Gruss et al gruss.cc/files/prefetch…
- 2017-02-27 - "ASLR on the Line: Practical Cache Attacks on the MMU" by Gras & Kaveh et al cs.vu.nl/~herbertb/down…
- 2017-02-27 - "ASLR on the Line: Practical Cache Attacks on the MMU" by Gras & Kaveh et al cs.vu.nl/~herbertb/down…
- 2017-05-20 - "Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX" by Wang et al arxiv.org/pdf/1705.07289…
- 2017-06-24 - "Kaslr is dead: long live kaslr", "the KAISER paper" by Gruss et al gruss.cc/files/kaiser.p…
- 2017-06-24 - "Kaslr is dead: long live kaslr", "the KAISER paper" by Gruss et al gruss.cc/files/kaiser.p…
- 2017-10-?? - "LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization" by Gens et al jin.ece.ufl.edu/papers/RAID17.…
- 2017-06-?? - "Software-based Microarchitectural Attacks" by Gruss arxiv.org/abs/1706.05973 <--- Mr @lavados PhD thesis :)
... Apologies they're not quite chronological, these are scattered all over my zotero database; and most of all apologies for the lack of actually old papers on these topics, I'm sure at least some of these papers cite them or @cynicalsecurity knows them
I've been pulling together 30-odd papers I was going to write up, but I rediscovered MASCAB: a Micro-Architectural Side-Channel Attack Bibliography, which is a daunting, far more impressive list mainly related to attacks relevant to crypto implementation github.com/danpage/mascab/
• • •
Missing some Tweet in this thread? You can try to
force a refresh
