MoL-2024-17: Westerman, Floris (2024) PageZero: Mitigating Speculative Execution Attacks by Clearing Page Tables. [Report]
![[thumbnail of MoL-2024-17.text.pdf]](https://eprints.illc.uva.nl/style/images/fileicons/text.png) |
Text
MoL-2024-17.text.pdf - Published Version Download (720kB) |
Abstract
The discovery and subsequent disclosure of the Spectre and Meltdown vulnerabilities have kickstarted an era of speculative execution vulnerabilities that exploit hidden microarchitectural CPU features to exfiltrate secret data. So far, awaiting hardware-level fixes in new products, the majority of mitigations for existing platforms have been ‘spot’ mitigations. These fix specific vulnerabilities in specific vulnerable and high-risk code paths, unleashing a game of ‘Whac-A-Mole’ to keep computers secure. Even worse, these mitigations impose significant runtime overhead, making them unattractive.
We introduce PageZero, a novel approach for a more comprehensive solution to speculative execution vulnerabilities that combines powerful features from previous work by both VUSec and Microsoft, in the form of Quarantine and Secret-Free Hypervisor. In this hybrid approach, we separate virtual machine workloads between physical cores, while also clearing the hypervisor kernel page tables to prevent leaks via the hypervisor. We will show the effectiveness of this approach against Spectre v1 by introducing a generic and flexible speculative semantics that can be used to model various speculative execution attacks.
| Item Type: | Report |
|---|---|
| Report Nr: | MoL-2024-17 |
| Series Name: | Master of Logic Thesis (MoL) Series |
| Year: | 2024 |
| Subjects: | Computation |
| Depositing User: | Dr Marco Vervoort |
| Date Deposited: | 14 Nov 2024 16:09 |
| Last Modified: | 14 Nov 2024 16:09 |
| URI: | https://eprints.illc.uva.nl/id/eprint/2340 |
Actions (login required)
 |
View Item |
