We’re in the final countdown to this year’s CppCon, which starts on September 16. To whet your appetite for this year’s conference, here’s another of the top-rated talks from last year. Enjoy – and register today for CppCon 2019!
by Chandler Carruth
Summary of the talk:
The discovery of speculative execution side-channel attacks (called "Spectre") fundamentally changes the security model of every modern superscalar microprocessor. Extracting secret data (credit cards, cryptographic keys) through side-channels is not new and has challenged the cryptographic community for decades. Despite this, the industry has often been complacent in our response, viewing these attacks as impacting a tiny amount of code and being nearly impossible to weaponize. But speculative execution attack techniques have fundamentally altered the ease and applicability of side-channels, making them a serious threat to computer security. Responding to these issues has impacted CPU design, compiler design, library design, sandbox techniques and even the C++ programming language and standard.
This talk will explain how these kinds of attacks work at a high level and provide a clear set of terminology to describe these classes of vulnerabilities and attacks. It will show how the different variants work at the low level of modern hardware to give a detailed and precise understanding of the mechanics involved on CPUs today.
It will also provide guidance about what makes applications and services vulnerable and how to analyze your software to understand the degree of its exposure. It will include an overview of the numerous different mitigation techniques available, how to deploy them, and what tradeoffs come with them. Some of these mitigations will be covered in detail: how they work at a hardware level, where they don't work, and what attack vectors remain.
Finally, the talk will show how traditional side-channel risks are made substantially easier to exploit due to speculative execution. This will cover how cryptographic and other libraries dealing in high-value secrets need to be adapted to correctly defend against these attacks. Further, it will introduce general problems of sandboxing untrusted code from secret data and the current best techniques in those circumstances.
This talk will be accessible to most C and C++ programmers. No deep background on CPUs, assembly, hardware instructions, Spectre, side-channels, or security is needed.