The Taub Faculty of Computer Science Events and Talks

When multiple programs execute on the same computer, they share the use of the microarchitectural resources. Because program execution affects the state of the microarchitecture and the state of the microarchitecture affects program execution time, measuring execution time can reveal information on the state of the microarchitecture, and with it on prior execution of other programs. Thus, such micoroarchitectural timing attacks leak information by measuring variations in program execution time. As these attacks often measure minute timing variations, at the order of few nanoseconds, multiple proposed defences aim at depriving attackers of high-resolution clocks. In response, counter-proposals that show how to overcome these defences have been published. In this talk we look at the ensuing armed-race and explore techniques for limiting timer resolution and for carrying out attacks with restricted timers. We will take a close look at the impact of low-resolution clocks on microarchitectural attacks, explore techniques for amplifying signals by over six orders of magnitude, and demonstrate how attackers can perform high-frequency, high-resolution attacks without using high-resolution clocks. Bio: Professor Yuval Yarom holds the chair for Computer Security at Ruhr University Bochum. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and an M.Sc. in Computer Science and a B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between he has been the Vice President of Research at Memco Software and a co-founder and Chief Technology Officer of Girafa.com. Yuval's research explores the security of the interface between the software and the hardware. In particular, He is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.