First Workshop on Speculative Side Channel Analysis
Side channels have dramatically gained attention in January this year when security researchers disclosed several attacks with the potential to improperly gather sensitive data from the majority of computing devices. Vendors of both processors and operating systems are scrambling to fix their systems. There is no reason to believe these attacks form an exhaustive listing of the vulnerabilities. Research into different forms of side channels shows that the last 30 years of performance increase in have made our CPU architectures prone to information leaks and integrity violations. SPECTRE, Meltdown, Rowhammer, and other cache-based micro-architectural attacks are likely only the first tip of the iceberg. How should the research community, in particular researchers in programming languages, compilers, or virtual machines react. We believe that a discussion with industrial practitioners is crucial to set a research agenda. This workshop will focus on Speculative Side Channels and their implications for programming language security and systems/software security. Salient topics: |
- Implications of side channels for language virtual machines
- Implications of side channels for secure enclaves
- Implications of side channels for hypervisors
- Weaknesses of software mitigation techniques (e.g., ASLR)
- Side channel analysis techniques and tools
- Side channel resilient defenses
- CPU side-channel vulnerabilities
- Cache-based side-channel vulnerabilities
- Formal models of micro-architectural speculation
- Formal models of timing channels
- Implications for cloud computing
Attendance by industry experts is particularly encouraged. Attendance to the workshop will be limited and there will be no public recording of the discussion.
Discussions
Call for Papers, Talk abstracts, Position statements
This workshop will be organized around a few short presentations and several open discussions on topics selected by the attendees. To ensure participation and lively discussions the workshop attendance is by invitation only. Prospective attendees must submit one of (a) statement of interest (a one page description of research interests and short bio), (b) a talk abstract (one page description of a talk), (c) short paper (6 page paper). Short papers may be published in the ACM Digital Library if authors request it. The program committee will invite a set of participants, and will select a set of talks from the submissions based on fit with the workshop themes.
Wed 18 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:30 | |||
11:00 45mTalk | Speculative side channels: the view from WebKit WoSSCA Filip Pizlo Apple | ||
11:45 45mTalk | Application-Specific Principals Must Align With Platform Boundaries WoSSCA Chris Palmer Google |
14:00 - 15:30 | |||
14:00 30mTalk | Peering behind the Turing Mirror WoSSCA | ||
14:30 30mTalk | Hardware and Software Mitigations WoSSCA Chandler Carruth Google | ||
15:00 30mTalk | Pacer: Efficient I/O Side-Channel Mitigation in the Cloud WoSSCA Aastha Mehta MPI-SWS |
16:00 - 17:30 | |||
16:00 45mTalk | Software Diversity vs. Side Channels WoSSCA Stefan Brunthaler Bundeswehr University Munich | ||
16:45 45mTalk | Electromagnetic Side-Channel Attacks: Potential for Progressing Hindered Digital Forensic Analysis WoSSCA Asanka Sayakkara University College Dublin |
Unscheduled Events
Not scheduled Talk | Systematizing speculative execution side channel vulnerabilities and their mitigations WoSSCA Matt Miller Microsoft |