Exploiting Out-of-Order Execution

title	Exploiting Out-of-Order Execution
date	2015
authors	Sophia D'Antoine
conference	REcon 2015 Black Hat USA 2015 SEC-T 0x08 ROOTS 2017
resources	label path Slides (PDF) roots17.pdf label url Slides (Google) https://docs.google.com/presentation/d/1T0QwPn8c_kLTW8WGQ6TApIFzg8A5ZvTFntk7fc4v9mA/embed?start=false&loop=false&delayms=60000 label path Thesis thesis.pdf label url Recording (SEC-T) https://www.youtube.com/watch?v=RQdm-5k6AA4 label path Adversary Demo Script receiver.py label path Target Demo Script sender.py label url Blog http://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud label url POC||GTFO https://www.alchemistowl.org/pocorgtfo/pocorgtfo09.pdf

Given the rise of cloud computing and platform-as-a-service, vulnerabilities inherent to systems sharing hardware resources are increasingly attractive targets. This talk presents a classification of possible cloud-based side channels using hardware virtualization, describes and implements a novel side channel exploiting out-of-order execution in the CPU pipeline, and demonstrates several adversarial applications deployed across this channel. The presentation also analyzes detection and mitigation techniques for these side-channel attacks.