Speculative Buffer Overflows: Attacks and Defenses

  title={Speculative Buffer Overflows: Attacks and Defenses},
  author={Vladimir Kiriansky and Carl Waldspurger},
Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently-demonstrated Spectre attacks leverage speculative loads which circumvent access checks to read memory-resident secrets, transmitting them to an attacker using cache timing or other covert communication channels. We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer overflows. Much like classic buffer… CONTINUE READING


Publications referenced by this paper.
Showing 1-10 of 40 references

Reading privileged memory with a side-channel

  • Jann Horn
  • 2018
Highly Influential
6 Excerpts

Windows 10 Mitigation Improvements. https://www.blackhat.com/docs/us-16/materials/ us-16-Weston-Windows-10-Mitigation-Improvements.pdf

  • David Weston, Matt Miller
  • 2016
Highly Influential
3 Excerpts

Cache Speculation Side-channels

  • Richard Grisenthwaite
  • https://developer.arm.com/support/arm-security…
  • 2018
1 Excerpt

Introduce the "retpoline" x86 mitigation technique for variant #2 of the speculative execution vulnerabilities. http://lists.llvm.org/pipermail/llvm-commits/ Week-of-Mon-20180101/513630.html

  • Chandler Carruth
  • 2018
1 Excerpt

Retpoline: a software construct for preventing branch-target-injection

  • Paul Turner
  • https://support.google.com/faqs/answer/ 7625886
  • 2018
2 Excerpts

Similar Papers

Loading similar papers…