SESSION + Live Q&A

How Performance Optimizations Shatter Security Boundaries

With the customers demand of high-performance computing, CPU manufacturers deploy more and more sophisticated optimizations in their processors to increase the performance as much as possible. However, these performance optimizations often come with the downside of enabling side-channel attacks to infer sensitive information. With the beginning of this year, two critical vulnerabilities exploiting hardware optimizations in modern processors were disclosed to the public: Meltdown and Spectre. These vulnerabilities, affecting processors of all big manufacturers, allow programs to steal sensitive data processed on personal computers, mobile phones and in the cloud.

In this talk, we explain how the Meltdown and Spectre vulnerabilities exploit hardware optimizations to read otherwise inaccessible data processed on the computer. We explain the necessary background to understand the underlying issue and the uncomfortable security consequences they bring. We share the story of our research group and explain why it is no coincidence that four independent teams of researchers discovered the same vulnerabilities in roughly the same time frame. Furthermore, we discuss countermeasures to protect against these attacks and show how that Meltdown can be prevented entirely in software.

Speaker

Moritz Lipp

Researcher in Information Security at Graz University of Technology

Moritz Lipp is a researcher in information security at Graz University of Technology. He is pursuing his PhD with a strong focus on microarchitectural side-channel attacks on personal computers and mobile devices at the Institute of Applied Information Processing and Communications. His research...

Read more
Find Moritz Lipp at:

Speaker

Moritz Lipp
Moritz Lipp

Researcher in Information Security at Graz University of Technology

Location

St James, 4th flr.

Track

Modern CS in the Real World

Topics

PerformanceSecuritySecurity VulnerabilitiesSecurity AssessmentComputer ScienceInterview AvailableSpectre / Meltdown Counter MeasuresHigh Performance

Share

Share Share

From the same track

SESSION + Live Q&A Interview Available

CRDTs and the Quest for Distributed Consistency

We all know how to build applications that rely on a central server. However, such centralisation is not always desirable, and recently there has been new interest in developing decentralised applications. Blockchains inevitably come up in that conversation, but when you examine them critically,...

Martin Kleppmann

Software Engineer, Author, & Samza and Avro Committer

SESSION + Live Q&A Consensus Systems

Consensus: Why Can't We All Just Agree?

Reaching agreement is never easy and distributed systems are no exception to this rule. In this talk, we take a journey though the history, to the current reality and look ahead to the future for distributed consensus. We start over three decades ago, when the field of distributed consensus began...

Heidi Howard

Distributed Systems PhD Candidate @CambridgeComputerLab

SESSION + Live Q&A Formal Methods

Formal Methods at Amazon Web Services

Security is a top priority at Amazon Web Services. As we have a shared responsibility model with customers, AWS manages the components from the operating system down to the physical security of the facilities; AWS customers are responsible for building secure applications on top of it. In this...

Michael Tautschnig

Software Development Engineer @AWS Security

UNCONFERENCE + Live Q&A Open Space

Modern CS Open Space

SESSION + Live Q&A Java 11

Java at Speed

Getting the most of your Java applications can be an interesting challenge. Understanding some of the optimizations the latest crop of JVMs are able to apply when running on the latest servers may help with that. This talk will discuss some of those features and optimizations. Along with...

Gil Tene

CTO and co-founder @AzulSystems

View full Schedule