Highlights of 2020 Security Conferences for Computer Architects

摘要

In an earlier blog post, we argued that computer architects working on security problems should follow security conferences. In this post, we highlight some of the recent results from this year’s events that may be of interest to our community. While security conferences encompass many topics and typically accept more papers than architecture conferences, several sessions are usually dedicated to architecture, hardware and systems related security. Recently, the number of such papers has been increasing. Specifically, we will focus on three conferences from 2020: IEEE S&P, Usenix Security Symposium and NDSS. The premier security conference - IEEE Symposium on Security and Privacy (S&P)- had its 41st edition this year and was held as a virtual event on May 18-20，2020. Interestingly, the very first session of S&P，20 was on microarchitectural security and featured four papers. Spectactor introduced the semantic notion of speculative non­interference and developed an algorithm based on symbolic execution to automatically prove speculative non-interference and detect violations to protect from transient execution attacks. NetCat demonstrated how Data-Direct I/O technology used in recent processors can be exploited to mount network-based Prime+Probe cache side channel attacks. This attack demonstrates that sharing microarchitectural resources with peripherals that are exposed to malicious inputs can have serious security implications. SPECCFI integrated control flow integrity to perform checks on the committed instruction path to prevent control flow hijacking and stop Spectre attacks. The technique ensures that control flow instructions target a legal destination to control dangerous speculation on indirect calls and branches, uses precise speculation-aware shadow stack to constrain speculation on returns, and utilizes an existing solution against branch target predictor attacks to close all known non-vendor-specific Spectre vulnerabilities. LVI described a new class of transient execution attacks that are based on injecting attacker's data into the victim's process through shared microarchitectural resources. What an impressive session to start a conference!