Presentation
Conjuring: Leaking Control Flow via Speculative Fetch Attacks
SessionWhat's Your Best Side?
DescriptionIn this work, we propose a new attack called Conjuring that exploits one of the main features of CPUs' front-end: speculative fetch of instructions. We show that the Pattern History Table (PHT) in modern CPUs are a great channel to learn and leak the control-flow of victim applications. Unlike prior work, Conjuring does not require to prime the PHT or interfere with the victim execution enabling a realistic and unprivileged attacker to leak control flow information. By improving the branch predictors, our attack becomes even more serious and practical. We demonstrate the feasibility of our attack on different existing Intel, AMD, and Apple CPUs.
Event Type
Research Manuscript
TimeWednesday, June 261:30pm - 1:45pm PDT
Location3012, 3rd Floor
Security
Hardware Security: Attack and Defense