CppCon 2018 has ended
View analytic
Friday, September 28 • 14:45 - 16:15
Spectre: Secrets, Side-Channels, Sandboxes, and Security

Sign up or log in to save this to your schedule and see who's attending!

The discovery of speculative execution side-channel attacks (called "Spectre") fundamentally changes the security model of every modern superscalar microprocessor. Extracting secret data (credit cards, cryptographic keys) through side-channels is not new and has challenged the cryptographic community for decades. Despite this, the industry has often been complacent in our response, viewing these attacks as impacting a tiny amount of code and being nearly impossible to weaponize. But speculative execution attack techniques have fundamentally altered the ease and applicability of side-channels, making them a serious threat to computer security. Responding to these issues has impacted CPU design, compiler design, library design, sandbox techniques and even the C++ programming language and standard.

This talk will explain how these kinds of attacks work at a high level and provide a clear set of terminology to describe these classes of vulnerabilities and attacks. It will show how the different variants work at the low level of modern hardware to give a detailed and precise understanding of the mechanics involved on CPUs today.

It will also provide guidance about what makes applications and services vulnerable and how to analyze your software to understand the degree of its exposure. It will include an overview of the numerous different mitigation techniques available, how to deploy them, and what tradeoffs come with them. Some of these mitigations will be covered in detail: how they work at a hardware level, where they don't work, and what attack vectors remain.

Finally, the talk will show how traditional side-channel risks are made substantially easier to exploit due to speculative execution. This will cover how cryptographic and other libraries dealing in high-value secrets need to be adapted to correctly defend against these attacks. Further, it will introduce general problems of sandboxing untrusted code from secret data and the current best techniques in those circumstances.

This talk will be accessible to most C and C++ programmers. No deep background on CPUs, assembly, hardware instructions, Spectre, side-channels, or security is needed.

avatar for Chandler Carruth

Chandler Carruth

Software Engineer, Google
Chandler Carruth leads the Clang team at Google, building better diagnostics, tools, and more. Previously, he worked on several pieces of Google’s distributed build system. He makes guest appearances helping to maintain a few core C++ libraries across Google’s codebase, and is... Read More →

Friday September 28, 2018 14:45 - 16:15
Breckenridge Hall (1st Floor)

Attendees (568)