InfoconDB

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 12:30 p.m. (40 minutes)

We know the story by now: researchers find a new side-channel attack and disclose it under embargo. Vendors build patches and ship them. We read about it on $TechSite and move on.

But what happens if you show up after the party's over and want to understand and mitigate these problems in your own codebase? That's the problem faced by the Fuchsia team at Google, which is building a new open-source operating system based on a microkernel called Zircon. Fuchsia needs to handle user, kernel, and hypervisor attacks across x86 and ARM processors.

In this talk, we will walk through how the Fuchsia team enumerated existing CPU side-channels, explored how they are mitigated in well-known operating systems, and undertook the engineering work of applying these mitigations to Fuchsia. We will also describe how Fuchsia is testing those mitigations to make sure they keep working.

Presenters:

Matthew Riley - Software Engineer, Google
Matthew Riley leads the C++ Security team at Google, which is at the center of Google's efforts to develop toolchain-based mitigations for side-channel vulnerabilities. Matt's previous job at Google was improving virtualization security in Google Cloud. At Microsoft, he worked on hardware security in the BitLocker team and on static analysis technologies in Windows Core. His favorite assembler instruction of all time is EIEIO.

A Little Less Speculation, a Little More Action: A Deep Dive into Fuchsia's Mitigations for Specific CPU Side-Channel Attacks

Presenters:

Links:

Similar Presentations: