First Workshop on Speculative Side Channel Analysis
|
Side channels have dramatically gained attention in January this year when security researchers disclosed several attacks with the potential to improperly gather sensitive data from the majority of computing devices. Vendors of both processors and operating systems are scrambling to fix their systems. There is no reason to believe these attacks form an exhaustive listing of the vulnerabilities. Research into different forms of side channels shows that the last 30 years of performance increase in have made our CPU architectures prone to information leaks and integrity violations. SPECTRE, Meltdown, Rowhammer, and other cache-based micro-architectural attacks are likely only the first tip of the iceberg. How should the research community, in particular researchers in programming languages, compilers, or virtual machines react. We believe that a discussion with industrial practitioners is crucial to set a research agenda. This workshop will focus on Speculative Side Channels and their implications for programming language security and systems/software security. Salient topics: |
- Implications of side channels for language virtual machines
- Implications of side channels for secure enclaves
- Implications of side channels for hypervisors
- Weaknesses of software mitigation techniques (e.g., ASLR)
- Side channel analysis techniques and tools
- Side channel resilient defenses
- CPU side-channel vulnerabilities
- Cache-based side-channel vulnerabilities
- Formal models of micro-architectural speculation
- Formal models of timing channels
- Implications for cloud computing
Attendance by industry experts is particularly encouraged. Attendance to the workshop will be limited and there will be no public recording of the discussion.
Discussions
Call for Papers, Talk abstracts, Position statements
This workshop will be organized around a few short presentations and several open discussions on topics selected by the attendees. To ensure participation and lively discussions the workshop attendance is by invitation only. Prospective attendees must submit one of (a) statement of interest (a one page description of research interests and short bio), (b) a talk abstract (one page description of a talk), (c) short paper (6 page paper). Short papers may be published in the ACM Digital Library if authors request it. The program committee will invite a set of participants, and will select a set of talks from the submissions based on fit with the workshop themes.
Wed 18 JulDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
Wed 18 Jul
Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
11:00 - 12:30 | |||
11:00 45mTalk | Speculative side channels: the view from WebKit WoSSCA Filip Pizlo Apple | ||
11:45 45mTalk | Application-Specific Principals Must Align With Platform Boundaries WoSSCA Chris Palmer Google | ||
14:00 - 15:30 | |||
14:00 30mTalk | Peering behind the Turing Mirror WoSSCA | ||
14:30 30mTalk | Hardware and Software Mitigations WoSSCA Chandler Carruth Google | ||
15:00 30mTalk | Pacer: Efficient I/O Side-Channel Mitigation in the Cloud WoSSCA Aastha Mehta MPI-SWS | ||
16:00 - 17:30 | |||
16:00 45mTalk | Software Diversity vs. Side Channels WoSSCA Stefan Brunthaler Bundeswehr University Munich | ||
16:45 45mTalk | Electromagnetic Side-Channel Attacks: Potential for Progressing Hindered Digital Forensic Analysis WoSSCA Asanka Sayakkara University College Dublin | ||
Unscheduled Events
| Not scheduled Talk | Systematizing speculative execution side channel vulnerabilities and their mitigations WoSSCA Matt Miller Microsoft |
Important Dates AoE (UTC-12h)
| Wed 18 Jul 2018 Workshop |
| Thu 17 May 2018 Notification |
| Mon 14 May 2018 Submission |
Submission Link
Amal Ahmed
Northeastern University
United States
Saam Barati
Apple
United States
Chandler Carruth
Google
United States
Pietro Frigo
Vrije Universiteit Amsterdam
Netherlands
Eric Jul
University of Oslo
Norway
Taddeus Kroes
Vrije Universiteit Amsterdam
Netherlands
Anil Kurmus
IBM Research
Switzerland
Nhien-An Le-Khac
University College Dublin
Ireland
Aastha Mehta
MPI-SWS
Germany
Sukarno Mertoguno
ONR
United States
Hyungon Moon
Georgia Tech
United States
Robin Morisset
Apple
United States
Chris Palmer
Google
United States
Filip Pizlo
Apple
United States
Hany Ragab
Vrije Universiteit Amsterdam
Italy
Asanka Sayakkara
University College Dublin
Ireland
Mark Scanlon
University College Dublin
Ireland
Stephan Schaik
Vrije Universiteit Amsterdam
Netherlands
Raoul Strackx
KU Leuven
Belgium
Ben L. Titzer
Google
Germany
Omer Tripp
IBM Thomas J. Watson Research Center
Israel
Jo Van Bulck
KU Leuven
Belgium
Toon Verwaest
Google
Germany
Jan Vitek
Northeastern University
United States
Tadeu Zagallo
Apple, Inc,
Netherlands
Amal Ahmed
Northeastern University
United States
Elias Athanasopoulos
University of Cyprus
Cyprus
Chandler Carruth
Google
United States
Lorenzo Cavallaro
Royal Holloway, University of London
United Kingdom
Cliff Click
Self
United States
Brendan Dolan-Gavitt
New York University
United States
Manuel Egele
Boston University, USA
United States
Deepak Garg
Max Planck Institute for Software Systems
Germany
Daniel Grus
Graz University of Technology
Austria
William Harris
Galois
United States
Taesoo Kim
Georgia Tech
United States
Engin Kirda
Northeastern University
United States
Anil Kurmus
IBM Research
Switzerland
Onur Mutlu
ETH Zurich
Hamed Okhravi
MIT Lincoln Labs
United States
Filip Pizlo
Apple
United States
Michalis Polychronakis
Stony Brook University
United States
Kaveh Razavi
Vrije Universiteit Amsterdam
Netherlands
John Regehr
University of Utah
United States
Peter Sewell
University of Cambridge
United Kingdom
Gianluca Stringhini
University College London
United Kingdom
Ben L. Titzer
Google
Germany
Brian Vinter
Københavns Universitet
Denmark
