Loading Seminars

« All Seminars

  • This seminar has passed.

An Analysis of Speculative Type Confusion Vulnerabilities in the Wild

24 November 2021 @ 3:00 pm - 4:00 pm

Spectre v1 attacks, which exploit conditional branch misprediction, are often identified with attacks that bypass array bounds checking to leak data from a victim’s memory. Generally, however, Spectre v1 attacks can exploit any conditional branch misprediction that makes the victim execute code incorrectly. In this paper, we investigate speculative type confusion, a Spectre v1 attack vector in which branch mispredictions make the victim execute with variables holding values of the wrong type and thereby leak memory content.
We observe that speculative type confusion can be inadvertently introduced by a compiler, making it extremely hard for programmers to reason about security and manually apply Spectre mitigations. We thus set out to determine the extent to which speculative type confusion affects the Linux kernel. Our analysis finds exploitable and potentially-exploitable arbitrary memory disclosure vulnerabilities. We also find many latent vulnerabilities, which could become exploitable due to innocuous system changes, such as coding style changes.
Our results suggest that Spectre mitigations which rely on statically/manually identifying “bad” code patterns need to be rethought, and more comprehensive mitigations are needed.

Zoom meeting: https://newcastleuniversity.zoom.us/j/82801486439?pwd=d2NhMlJwMmxMaFlsWkhMak5qVXBlQT09

Meeting ID: 828 0148 6439
Passcode: 165033�

Youtube live streaming: https://youtu.be/gLGUnIfXNRY

Youtube VoD


24 November 2021
3:00 pm - 4:00 pm


Adam Morrison (Tel Aviv University)

Adam Morrison is an associate professor at the Blavatnik School of Computer Science, Tel Aviv University, Israel. His research is on the security and performance of shared-memory multiprocessors, from microarchitecture through operating systems to algorithms. His work has been awarded the Internet Defense Prize, the Intel Hardware Security Academic Award, several best paper awards (at the USENIX Security symposium, ASPLOS, and MICRO), as well as IEEE Micro Top Picks and Top Picks Honorable Mention distinctions.

Leave a Reply

Your email address will not be published. Required fields are marked *