Real world security: from theory to practice and back again

Daniel Genkin
University of Maryland, College Park and University of Pennsylvania
02.14.2018 11:00 to 12:00
AVW 2460

The security of any system relies on models and assumptions thatattempt to capture potential adversarial behavior. Unfortunately, whenfaced with real-world adversaries, these assumptions often becomeflaky, inaccurate, or even flat out wrong. In this talk, I will showseveral examples of this gap between theoretical and real-worldsecurity. First, I will present Spectre and Meltdown, twomicroarchitectural attacks that read protected OS kernel memory byexploiting speculative execution, a performance optimization typicallyperformed by all modern CPUs. Second, I will show how to utilizeunintentional physical side-channel leakage from complex computingdevices in order to extract secret cryptographic keys. Finally, on thedefensive side, I will show how theory can potentially help bydiscussing how to construct and deploy verifiable computation schemesfor arbitrary C programs.The talk will include live demonstrations of cryptographic techniques.