UNICORE members from Vrije Universiteit Amsterdam Hany Ragab and Alyssa Milburn presented at the IEEE Symposium on Security & Privacy 2021 the paper “CrossTalk: Speculative Data Leaks Across Cores Are Real ”, on May 26th at 12.10 PM.
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. The 2021 Symposium marked the 42nd annual meeting of this flagship conference, on May 24-27, 2021. After evaluating the ongoing COVID-19 situation, the decision was to transform the in-person component of the IEEE SP 2021 conference into an all-digital conference experience.
On the presentation “CrossTalk: Speculative Data Leaks Across Cores Are Real ” they presented the first cross-core attack using transient execution, showing that even the seemingly-innocuous CPUID instruction can be used by attackers to sample the entire staging buffer containing sensitive data. They showed that this can be exploited in practice to attack SGX enclaves running on a completely different core, where an attacker can control leakage using practical performance degradation attacks, and demonstrate that they can successfully determine enclave private keys. Since existing mitigations which rely on spatial or temporal partitioning are largely ineffective to prevent our proposed attack, they also discussed potential new mitigation techniques.