Writing PoCs for processor software side-channels

Presented at ToorCon San Diego TwentyOne (2019), Nov. 9, 2019, 3 p.m. (25 minutes).

Talk will mainly focus on how to write proof-of-concepts for recent processor software side-channels and discovery of MDS attacks rather than explaining processor vulnerabilities themselves.

Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.


Presenters:

  • Volodymyr Pikhur
    Vold is based in Portland, Oregon and one of the initial founders of MDS vulnerabilities. Hes been working in computer security industry for over 10 years and started his career as Security Engineer working for anti-virus companies then following his passion with hardware joined major silicon manufacturer now he is doing hardware security audit for a cloud provider. He also previously presented his work on hardware hacking at REcon Brussels 2018. In his free time he enjoys even more hardware hacking sometimes snowboarding, riding motorcycles and brewing beer.

Links:

Similar Presentations: