HoTSoS identifies itself as “research event centered on the Science of Security, which aims to address the fundamental problems of security in a principled manner.” Because the seminal Spectre paper won NSA’s Best Scientific Cybersecurity Paper Competition last year, its authors were invited to give a keynote speech at the symposium. Given that the corresponding vulnerabilities were disclosed to Intel almost 4 years ago, we (the authors) decided to take a step back and to look, in HotSoS’ spirit, at the fundamental problems. We (Cyberus Technology) feel deeply honoured that we were entrusted with delivering the talk and want to give you a sneak preview of what to expect.
- Iron Law of processor performance
- Memory latency, caching, and side-channels
- Turing machine and performance increase through parallelism
- Control flow discontinuities: branch history (BHT) and branch targets (BTB)
- Spectre v1 (BHT) and v2 (BTB)
By the way, the conference is fully virtual this year and registration is open to everybody for free. The keynote is scheduled for April 14th, 15:35 CEST (9:35am EDT).
Update: in case you are curious about the keynote, the organisers made the slides and the recording available on the HoTSoS site. You can also go directly to YouTube to watch the video.
Fundamentals of microprocessor architecture
Like in our CPU trainings (see Cyberus consulting), the Iron Law of processor performance is the linchpin of the keynote and we will learn to appreciate cycles-per-instruction (CPI) as critical factor in judging (micro-)architecture. Many more exploits became public since the initial disclosure and “side-channel attack” is frequently used as generic label. Hence, the first part is concerned with the impact of memory latency on performance. A look into 80386’s datasheet explains how caches evolved to such critical components in modern computers and became malicious actors’ favourite pet.
However, caches merely serve as convenient tool. So the talk takes us even further back to the roots to the Turing machine as mathematical model of CPUs. Interpreting CPI as instructions-per-cycle (IPC) leads us to the intricacies of branch prediction and why Spectre is not simply the result of careless, performance-obsessed computer architects. It should also become obvious why Spectre was assigned two CVEs although there is just one branch prediction unit.
- Paul Mortfield & Stefano Cancelli discovered Spectre in the veil nebula which was an opportunity not to be missed
- Backdrop for the Iron Law is the stele with the Code of Hammurabi
- The picture of a gravitational lens shows the result of a massive object bending light rays, a kind of side channel in astronomy
- Mars comes up in a couple of analogies throughout the talk
If you are interested in learning more, there is time for Q&A after the talk and you can contact me directly if you have further questions.