Security and Computer Architecture – A contradiction?

Shedding light on the darker corners of computer systems and its architecture


Meltdown and Spectre made a splash at the turn of the year 2017/18 which means that some research is now almost 4 years old. On the other hand, the vulnerabilities put the roots of our security assessments in the spotlight and instead of building an architecture on presumably solid Silicon we learned that our foundation was built on sand. In the spirit of HoTSoS’ mission we will take a step back and embed the seminal Spectre paper in a bigger picture. Starting point is the _Iron Law_ of processor performance and we will see how it facilitates such attacks.

Many more exploits became public since the initial disclosure and “side-channel attack” is frequently used as generic label. We will have a closer look at caches and how they evolved to such a critical component in modern computers and became malicious actors’ favourite pet.

We will then dive into the intricacies of branch prediction and why Spectre is not simply the result of careless, performance-obsessed computer architects. Instead of yet another explanation of CVE-2017-5753 and CVE-2017-5715 we want to shed some light onto our computer’s dark corners.

Werner Haas:

Werner Haas is co-founder of Cyberus Technology Ltd. and is currently responsible for its research and development activities. His main focus is the application of virtualization technology and virtual machine introspection (VMI) in order to increase system security. Last year he was selected as CPU architecture expert in Europe’s Core Technologies for Future Connectivity Systems and Components (COREnect) project. His experience in both hardware and corresponding software development stems from more than a decade of work in Intel Labs in Germany and the US. His research interest centered around the memory subsystem i.e., caching, protection mechanisms, and implications of emerging technologies which culminated in a board-level presentation on near-memory programming opportunities with Intel Architecture. Since the Meltdown/Spectre disclosure he is regularly explaining and teaching the fundamentals of CPU side channel attacks to the German IT security community.


Online Stream via BBB here

Security Network Munich

We use cookies to provide you with the best online experience. By agreeing, you accept the use of cookies in accordance with our Cookie Policy.

Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

Decline all Services
Accept all Services