CppCon 2018: Chandler Carruth “Spectre: Secrets, Side-Channels, Sandboxes, and Security”

http://CppCon.org — Presentation Slides, PDFs, Source Code and other presenter materials are available at: https://github.com/CppCon/CppCon2018 — The discovery of speculative execution side-channel attacks (called "Spectre") fundamentally changes the security model of every modern superscalar microprocessor. Extracting secret data (credit cards, cryptographic keys) through side-channels is not new and has challenged the cryptographic community for decades. Despite this, the industry has often been complacent in our response, viewing these attacks as impacting a tiny amount of code and being nearly impossible to weaponize. But speculative execution attack techniques have fundamentally altered the ease and applicability of side-channels, making them a serious threat to computer security. Responding to these issues has impacted CPU design, compiler design, library design, sandbox techniques and even the C++ programming language and standard. This talk will explain how these kinds of attacks work at a high level and provide a clear set of terminology to describe these classes of vulnerabilities and attacks. It will show how the different variants work at the low level of modern hardware to give a detailed and precise understanding of the mechanics involved on CPUs today. It will also provide guidance about what makes applications and services vulnerable and how to analyze your software to understand the degree of its exposure. It will include an overview of the numerous different mitigation techniques available, how to deploy them, and what tradeoffs come with them. Some of these mitigations will be covered in detail: how they work at a hardware level, where they don't work, and what attack vectors remain. Finally, the talk will show how traditional side-channel risks are made substantially easier to exploit due to speculative execution. This will cover how cryptographic and other libraries dealing in high-value secrets need to be adapted to correctly defend against these attacks. Further, it will introduce general problems of sandboxing untrusted code from secret data and the current best techniques in those circumstances. This talk will be accessible to most C and C++ programmers. No deep background on CPUs, assembly, hardware instructions, Spectre, side-channels, or security is needed. — Chandler Carruth, Google Software Engineer Chandler Carruth leads the Clang team at Google, building better diagnostics, tools, and more. Previously, he worked on several pieces of Google’s distributed build system. He makes guest appearances helping to maintain a few core C++ libraries across Google’s codebase, and is active in the LLVM and Clang open source communities. He received his M.S. and B.S. in Computer Science from Wake Forest University, but disavows all knowledge of the contents of his Master’s thesis. He is regularly found drinking Cherry Coke Zero in the daytime and pontificating over a single malt scotch in the evening. — Videos Filmed & Edited by Bash Films: http://www.BashFilms.com Work at Hudson River Trading (HRT): https://tinyurl.com/safxfctf --- Videos Filmed & Edited by Bash Films: http://www.BashFilms.com