Microarchitectural Attacks and Security

  1. Transient Execution Attacks
    1. Transient Execution Fundamentals
      1. Speculative Execution Principles
        1. Transient Instruction Effects
          1. Microarchitectural State Changes
            1. Exception Handling in Speculation
            2. Spectre Attack Family
              1. Spectre Variant 1 (Bounds Check Bypass)
                1. Conditional Branch Misprediction
                  1. Array Bounds Check Bypass
                    1. Speculative Memory Access
                      1. Cache-Based Information Extraction
                        1. Gadget Identification
                        2. Spectre Variant 2 (Branch Target Injection)
                          1. Indirect Branch Prediction
                            1. Branch Target Buffer Poisoning
                              1. Cross-Process BTB Pollution
                                1. Return-Oriented Programming Integration
                                2. Spectre-RSB (Return Stack Buffer)
                                  1. Return Stack Buffer Operation
                                    1. RSB Underflow Exploitation
                                      1. Call-Return Pair Manipulation
                                      2. Spectre-BTB (Branch Target Buffer)
                                        1. BTB Collision Exploitation
                                          1. Address Aliasing Attacks
                                            1. Cross-Privilege BTB Sharing
                                            2. Spectre Variants in Different Contexts
                                              1. Browser-Based Spectre
                                                1. Kernel-Level Spectre
                                                  1. Hypervisor Spectre
                                                2. Meltdown Attack Family
                                                  1. Meltdown Prime (Rogue Data Cache Load)
                                                    1. Privilege Check Bypass
                                                      1. Kernel Memory Access from User Space
                                                        1. Exception Handling Exploitation
                                                          1. Cache-Based Data Extraction
                                                          2. Meltdown Variants
                                                            1. Meltdown-BR (Bounds Check Bypass)
                                                              1. Meltdown-PK (Protection Key Bypass)
                                                                1. Meltdown-GP (General Protection Fault)
                                                              2. Foreshadow/L1TF Attacks
                                                                1. L1 Terminal Fault Exploitation
                                                                  1. SGX Enclave Memory Extraction
                                                                    1. Virtual Machine Memory Leakage
                                                                      1. Hypervisor Attack Scenarios
                                                                      2. Microarchitectural Data Sampling (MDS)
                                                                        1. MDS Attack Principles
                                                                          1. RIDL (Rogue In-Flight Data Load)
                                                                            1. Fill Buffer Exploitation
                                                                              1. Load Port Data Sampling
                                                                              2. Fallout
                                                                                1. Store Buffer Data Leakage
                                                                                2. ZombieLoad
                                                                                  1. Line Fill Buffer Attacks
                                                                                    1. Cross-Logical-Core Data Sampling
                                                                                    2. RIDL and Fallout Variants
                                                                                      1. TAA (TSX Asynchronous Abort)
                                                                                        1. iTLB Multihit

                                                                                    Previous

                                                                                    2. Cache-Based Side Channel Attacks

                                                                                    Go to top

                                                                                    Next

                                                                                    4. Specialized Microarchitectural Attacks