Transient Execution Attacks and Defences
Meltdown: leak arbitrary kernel memory from user mode The exploit char flush_reload[256 x CACHELINE_SIZE]; char* kernel_ptr; flush(flush_reload); flush_reload[*kernel_ptr x CACHELINE_SIZE]; r...
Meltdown: leak arbitrary kernel memory from user mode The exploit char flush_reload[256 x CACHELINE_SIZE]; char* kernel_ptr; flush(flush_reload); flush_reload[*kernel_ptr x CACHELINE_SIZE]; r...
ASLR is fundamentally broken on modern processors. The MMU leaks virtual addresses when using CPU caches for fast lookups. This cannot be fixed in software. AnC Attack The ASLR^Cache (AnC) Attack...
Cache architecture in modern CPUs Important properties of caches 1) Size, Transfer Size & Inclusivity L1 (e.g, 32KB) < L2 (e.g., 256KB) < L3 (e.g., 8MB) = LLC Cache line size is ofte...
Virtual Private Networks Introduction A VPN creates a secure channel between two networks over an untrusted network. During the setup phase, the gateways (tunnel endpoints) authenticate each othe...
SSL/TLS Public-Key Infrastructure Introduction We need to bring security to the uppermost level of the Protocol Stack, in order to protect application data. The goal of TLS is to secure Internet...
SCION Introduction Global communication guarantees can be achieved as long as a path composed of benign domains exists. During our journey we discovered that path-aware networking and multi-path...
IPv6 Security Overview 128 bit address space Typical network sizes: /32 per ISP /48 per location /64 per logical network Types of addresses: Link local fe80::/10 — typic...
Firewalls Introduction A firewall is a system used to protect or separate a trusted network from an untrusted network, while allowing authorised communications to pass from one side to the other....
DNS security Introduction DNS is fundamentally insecure. Despite being mission-critical for any online business, this component is often overlooked and forgotten — until something breaks. DNS ...
DDoS Introduction Denial-of-service (DoS) attacks try to make a service or network resource unavailable to its intended/legitimate users. Typically achieved by exhausting available resources by s...