Profile picture
Paul Harvey @csirac2
, 13 tweets, 6 min read Read on Twitter
Inspired by the #kpti #kaiser shenanigans of late - I collect (many!) papers, so here's a small selection/timeline relating to research on CPU side-channels over the years (by 2016 it got crazy so this is nowhere near complete):
- 2013-05-19 - "Practical Timing Side Channel Attacks against Kernel Space ASLR" by Hund et al. ieee-security.org/TC/SP2013/pape…
- 2014-01-01 - "CACHE-BASED SIDE-CHANNEL ATTACKS IN MULTI-TENANT PUBLIC CLOUDS AND THEIR COUNTERMEASURES" by Zhang pdfs.semanticscholar.org/95a2/40ac8a7bb…
- 2014-11-03 - "The Last Mile An Empirical Study of Timing Channels on seL4" by Cock et al research.davidcock.fastmail.fm/papers/Cock_GM… 2015-05-17 - "Last-Level Cache Side-Channel Attacks are Practical" by Liu et al palms.ee.princeton.edu/system/files/S…
- 2015-05-17 - "S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES" - by Irazoqui et al users.wpi.edu/~teisenbarth/p…
- 2016-03-07 - "Rigorous Analysis of Software Countermeasures against Cache Attacks" by Doychev et al. arxiv.org/pdf/1603.02187…
- 2017-03-20 - "CacheZoom: How SGX Amplifies The Power of Cache Attacks" by Moghimi - arxiv.org/pdf/1703.06986…
- 2016-10-?? - "Breaking Kernel Address Space Layout Randomization with Intel TSX" by Jang et al. sslab.gtisc.gatech.edu/assets/papers/…
- 2016-10-?? - "A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware" by Qian Ge et al eprint.iacr.org/2016/613
- 2016-10-24 - "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" by Gruss et al gruss.cc/files/prefetch…
- 2017-02-27 - "ASLR on the Line: Practical Cache Attacks on the MMU" by Gras & Kaveh et al cs.vu.nl/~herbertb/down…
- 2017-05-20 - "Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX" by Wang et al arxiv.org/pdf/1705.07289…
- 2017-06-24 - "Kaslr is dead: long live kaslr", "the KAISER paper" by Gruss et al gruss.cc/files/kaiser.p…
- 2017-10-?? - "LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization" by Gens et al jin.ece.ufl.edu/papers/RAID17.…
- 2017-06-?? - "Software-based Microarchitectural Attacks" by Gruss arxiv.org/abs/1706.05973 <--- Mr @lavados PhD thesis :)
... Apologies they're not quite chronological, these are scattered all over my zotero database; and most of all apologies for the lack of actually old papers on these topics, I'm sure at least some of these papers cite them or @cynicalsecurity knows them
I've been pulling together 30-odd papers I was going to write up, but I rediscovered MASCAB: a Micro-Architectural Side-Channel Attack Bibliography, which is a daunting, far more impressive list mainly related to attacks relevant to crypto implementation github.com/danpage/mascab/
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Paul Harvey
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!