2019-11-09, 15:00–15:25, Red Day
Talk will mainly focus on how to write proof-of-concepts for recent processor software side-channels and discovery of MDS attacks rather than explaining processor vulnerabilities themselves.
Talk will briefly explain previously related work of L1TF vulnerability and how writing proof-of-concepts is actually the least fun part of processor software side-channels. Techniques and methodologies will be shared that led to discovery of MDS (Microarchitectural Data Sampling) vulnerabilities CVE-2018-12130, CVE-2019-11091. What one should pay attention to and how understanding of results and its validation is the most important factor.