Microarchitectural side-channel attacks

Some highlights of previously published research projects and CPU vulnerabilities discovered in our group.
(note: click on the logos to be redirected to the website of the respective project)

Overview

Three types of enclave interactions for privileged adversaries: (1) pass attacker-controlled arguments through the enclave interface; (2) derive execution metadata during or after enclave invocation through side channels; (3) extract enclave secrets from the CPU’s microarchitectural state through transient execution.

So-called “microarchitectural” attacks go beyond the visible architectural interface of the processor by exploiting subtle, hidden details of the implementation of the underlying CPU (e.g., caches and branch predictors).

Videos

Find some introductory videos for some of our previous projects below.