A Little Less Speculation, a Little More Action: Deep Dive into Fuchsia’s Mitigations for CPU Side..

Дата: 26.02.2021. Автор: CISOCLUB. Категории: Подкасты и видео по информационной безопасности

A Little Less Speculation, a Little More Action: A Deep Dive into Fuchsia’s Mitigations for Specific CPU Side-Channel Attacks

We know the story by now: researchers find a new side-channel attack and disclose it under embargo. Vendors build patches and ship them. We read about it on $TechSite and move on.

But what happens if you show up after the party’s over and want to understand and mitigate these problems in your own codebase? That’s the problem faced by the Fuchsia team at Google, which is building a new open-source operating system based on a microkernel called Zircon. Fuchsia needs to handle user, kernel, and hypervisor attacks across x86 and ARM processors.

In this talk, we will walk through how the Fuchsia team enumerated existing CPU side-channels, explored how they are mitigated in well-known operating systems, and undertook the engineering work of applying these mitigations to Fuchsia. We will also describe how Fuchsia is testing those mitigations to make sure they keep working.

By Matthew Riley

Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#a-little-less-speculation-a-little-more-action-a-deep-dive-into-fuchsias-mitigations-for-specific-cpu-side-channel-attacks-20436


Об авторе CISOCLUB

Редакция CISO CLUB. Официальный аккаунт. CISO CLUB - информационный портал и профессиональное сообщество специалистов по информационной безопасности.
Читать все записи автора CISOCLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *