The presentation discusses the Spectre vulnerability and a new variant that exploits speculative execution of subjects. The speaker explains the research process and potential mitigations.
- The starting point for the research was the work of Google and Daniel GrusinBusiek University in Amsterdam on speculative execution of subjects
- The new Spectre variant treats values as addresses to leak information
- The vulnerability is x86 specific and may not affect ARM processors
- Mitigations include serializing branches, clobbering user mode GS, and instrumenting the kernel
- The performance vs. security tradeoff is a challenge for fixing the vulnerability
The speaker explains that the research process was not a moment of eureka, but rather a continuous process of building the attack from scratch. They started by looking at different things that they thought no one had looked at before, and eventually discovered the vulnerability by seeing that subjects can be executed speculatively.