Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities (Black Hat Conference 2018)

2018 started off with a bang as the world was introduced to a new class of hardware vulnerability which became known as Meltdown and Spectre. New classes of vulnerabilities are exceedingly rare and this one came with ramifications for the security boundaries that web browsers, operating systems, and cloud providers rely on for isolation to protect customer data. Now, rewind back to the summer of 2017. This disclosure and the industry response were months in the making. A new class of vulnerability comes with challenges rarely mounted and the need to pull back to examine our thinking.

In this presentation, we will describe Microsoft's approach to researching and mitigating speculative execution side channel vulnerabilities. This approach involved bringing experts from across Microsoft, hiring an industry expert to accelerate our understanding of the issues, and collaborating across the industry in a way not done previously. This team presentation between Microsoft and G DATA will provide a firsthand account of the engineering centric work done and the collaboration necessary to mitigate these issues. We will describe the taxonomy and framework we created which provided the industry foundation for reasoning about this new vulnerability class. This work built on the initial researcher reports and expanded into a larger understanding of the issues. Using this foundation, we will describe the mitigations that Microsoft developed and the impact they have on Spectre and Meltdown.


Anders Fogh

Anders Fogh works as Principal Security Research with G DATA Advanced Analytics. He has led numerous low-level engineering efforts and is a renowned expert on CPU security issues. Prior to his current position, he was responsible for major developments in video and CD/DVD recording software. Since 1993 he has been an avid anti-malware hobbyist and has reverse engineering experience with operating systems from DOS to present day OSs as well as devices ranging from DVD players to USB sticks. He holds a masters degree in economics from the University of Aarhus. He was the first to publish on the Meltdown issue and his research has been published at industry and academic conferences such as Black Hat USA and ACM CCS.

Christopher Ertl

Christopher Ertl is a security engineer at the Microsoft Security Response Center (MSRC) in the UK. Christopher is focused on finding and exploiting vulnerabilities at Microsoft, and using the information from this research to drive security efforts. Prior to working at Microsoft, Christopher has been an active researcher in the PS4 and iOS fields.

Matt Miller

Matt Miller is a Partner Security Software Engineer working as part of the Microsoft Security Response Center (MSRC). In this role, Matt drives strategy and engineering related to proactive vulnerability defense across Microsoft's products and services. Prior to joining Microsoft ten years ago, Matt was a core contributor to the Metasploit framework and an editor for the Uninformed journal.

Detailed Presentation:

(Source: Black Hat USA 2018, Las Vegas)


Views: 72

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service