concurrent work (https://arxiv.org/ftp/arxiv/papers/2401/2401.04349.pdf) has shown website fingerprinting, recognizing something like the static login page of youtube/google/facebook etc is very much doable. that said,…
It's always hard to communicate fairly academic side channels in a way that the audience of a press-release (which is typically anyone) can get any level of detail. We tried to walk the line between enough information…
Hi, the line about "failed" attacks pertains to the attack on AMD, Nvidia worked fine ;)
besides drm stuff like netflix (don't know if it's back breaking there), virtually none, of course unless someone publishes a very practical attack from userspace, I don't think this will affect personal computing atm
short version: only the lower bits of an address are compared at first, because the rest might take a while to resolve so the cpu can speculate that the rest is gonna match as well and start to work with the data, and…
it's fairly easy (with the available publications) once you have the prerequisites: a compromised operating system which is of course exactly what sgx is supposed to defend against, but at the same time that kind of…
there are some (non-optimal) estimates in the paper, tl;dr it's not great ;) some more technical info here https://software.intel.com/security-software-guidance/insigh...
not really / update / no, unless you rely on sgx to protect high value data
it affects all loads, but for sgx the attacker scenario is that you have compromised the OS, which makes it significantly easier to create the conditions (faults/microcode assists) that cause the LVI than if you were…
he happens to be an author/co-author of all of those papers ;)
there's a foreshadow-ng variant specifically for vms, and it's arguably the worst
verification wouldn't catch any of this, the processors operate correctly on an architectural level most of this seems to be behaving as intended, they just didn't foresee the side channels this opens up
the inclusivity types don't really play a role in these types of attack (until you get to a very practical stage where this might matter), not least because there are other sidechannels that can be exploited. an…
I guess you could call it an evolution, because memory deduplication is not always enabled anymore (research like this might have played a role here ;) he talks about that @35:27 in the video
I suspect this might also make you smile then ;) https://www.youtube.com/watch?v=yPZmiRi_c-o&feature=youtu.be , if you haven't seen it already
If there are no more shared cache sets between VMs, then yes, it's dead ofc I would suspect if one VM would like to be separated from the others in terms of cache sets, the others really don't have the choice to opt out?
not that hard, but keep in mind the current limitations on supported cpus
concurrent work (https://arxiv.org/ftp/arxiv/papers/2401/2401.04349.pdf) has shown website fingerprinting, recognizing something like the static login page of youtube/google/facebook etc is very much doable. that said,…
It's always hard to communicate fairly academic side channels in a way that the audience of a press-release (which is typically anyone) can get any level of detail. We tried to walk the line between enough information…
Hi, the line about "failed" attacks pertains to the attack on AMD, Nvidia worked fine ;)
besides drm stuff like netflix (don't know if it's back breaking there), virtually none, of course unless someone publishes a very practical attack from userspace, I don't think this will affect personal computing atm
short version: only the lower bits of an address are compared at first, because the rest might take a while to resolve so the cpu can speculate that the rest is gonna match as well and start to work with the data, and…
it's fairly easy (with the available publications) once you have the prerequisites: a compromised operating system which is of course exactly what sgx is supposed to defend against, but at the same time that kind of…
there are some (non-optimal) estimates in the paper, tl;dr it's not great ;) some more technical info here https://software.intel.com/security-software-guidance/insigh...
not really / update / no, unless you rely on sgx to protect high value data
it affects all loads, but for sgx the attacker scenario is that you have compromised the OS, which makes it significantly easier to create the conditions (faults/microcode assists) that cause the LVI than if you were…
he happens to be an author/co-author of all of those papers ;)
there's a foreshadow-ng variant specifically for vms, and it's arguably the worst
verification wouldn't catch any of this, the processors operate correctly on an architectural level most of this seems to be behaving as intended, they just didn't foresee the side channels this opens up
the inclusivity types don't really play a role in these types of attack (until you get to a very practical stage where this might matter), not least because there are other sidechannels that can be exploited. an…
I guess you could call it an evolution, because memory deduplication is not always enabled anymore (research like this might have played a role here ;) he talks about that @35:27 in the video
I suspect this might also make you smile then ;) https://www.youtube.com/watch?v=yPZmiRi_c-o&feature=youtu.be , if you haven't seen it already
If there are no more shared cache sets between VMs, then yes, it's dead ofc I would suspect if one VM would like to be separated from the others in terms of cache sets, the others really don't have the choice to opt out?
not that hard, but keep in mind the current limitations on supported cpus