Postdoctoral reasearcher, Ku Leuven
Raoul Strackx is a postdoctoral researcher at the department of Computer Science at KU Leuven, Belgium. For almost a decade he has worked on “Protected-Module Architectures”, innovative security mechanisms for consumer devices and the cloud. Many of his work is published at top security conferences. Since 2015 closely related technology is available in almost every Intel processor. His latest work on the Foreshadow attack received worldwide attention.
The Foreshadow Attack: From a Simple Oversight to a Technological Nightmare
Today’s societies rely heavily on isolation mechanisms provided by microprocessors. Civilians trust that potentially malicious applications cannot interfere with online banking transactions. Businesses rely on cloud providers to isolate their work loads from other customers. Unfortunately, this year it became clear that chip designers made serious security errors during the design of their processors. By exploiting subtle design flaws, attackers are able to break such fundamental isolation primitives.
Last august we finally disclosed our Foreshadow attack to the public. This attack enables attackers to access any data present in the L1D cache, even across protection domains. This required both microcode patches as significant changes in the process and virtual machine scheduler. The total cost of these defenses runs in the billions of dollars. In this presentation we will discuss how Foreshadow and related speculative execution attacks operate, how the vulnerabilities they exploit got introduced in the first place, and how they got mitigated. We will also discuss how the industry as a whole should prepare for any future attacks to come.Technology & Innovation