Academic Papers

Transient Execution and Side Channel Analysis: a Vulnerability or a Science Experiment?

Nov 01, 2022

In the world of computer security, attackers are constantly looking for new exploits to gain data from or control over a computer system. One category of exploit that can prove quite effective at accessing privileged data is side channel exploits. These exploits attempt to take advantage of vulnerabilities that are inherent in the design of a system rather than vulnerabilities in the code that has been written for and is running on said system. Examples of this include measuring the power consumption of a system’s processor over time and analyzing that power usage to leak system secrets or reading secrets from a system by analyzing the electromagnetic radiation the system leaks as it processes data. 

Another type of side channel attack is a cache-based side channel attack, which exploits the timings of cache and memory accesses to determine data about the target system. We discuss some of the more common types of side channels used to interpret data values from the microarchitectural changes created by transient executions. We also review our experiences with these types of attacks on modern systems, mitigations for these attacks, and information about other attacks of a similar type. In particular, we will focus on attacks that are capable of recovering data that is processed through transient execution in some way then wrongly accessed using a side channel, such as the spectre and meltdown classes of attack.

  • Year: 2022
  • Category: Secure & Resilient Systems
  • Tag: Cybersecurity, hardware, side channel, transient execution
  • Author: Michael Shepherd, Scott Brookes, Robert Denz
  • Released: International Conference on Cyber Warfare and Security, 2022

Featured Riverside Research Author(s)

Michael Shepherd

Mr. Michael Shepherd s a research scientist at Riverside Research. He received his Master's in Applied Computer Science from Wentworth Institute of Technology in 2024 studying artificial intelligence and machine learning. His work focuses on security in systems software including cache-based side channel analysis, hypervisors, and continuous integration/continuous deployment systems.

LinkedIN
Michael Shepherd

Scott Brookes

Dr. Scott Brookes is an associate director at Riverside Research. He has received his PhD from Dartmouth college in 2018 studying secure operating system and hypervisor architectures. His work focuses on security in systems software to include computer architecture, program analysis, and systems software architectures.

LinkedIN
Scott Brookes

Robert Denz

Dr. Robert Denz is Vice President of the Open Innovation Center at Riverside Research. He's an experienced technology executive and strategic leader, leading a research and development business unit focused on critical technology areas such as Cyber Security, Artificial Intelligence & Machine Learning, Radio Frequency, and Optics. These cross-functional teams drive innovation and deliver impactful solutions for national security, leveraging Riverside Research's open innovation model to foster collaboration and accelerate the development of cutting-edge technologies.

Dr. Denz earned a Ph.D. in Computer Engineering from Dartmouth College and a B.S. in Computer Engineering and Computer Science from Rensselaer Polytechnic Institute. His academic background, coupled with his industry experience, provides him with a strong foundation for leading technical teams and driving innovation.

Dr. Denz has co-authored numerous publications in security, virtualization, and operating systems. His contributions to the field of cyber security have been significant, and he continues to mentor others to make an impact on the national security research base.

LinkedIN
Robert Denz
Disclaimer

The above listed authors are current or former employees of Riverside Research. Authors affiliated with other institutions are listed on the full paper. It is the responsibility of the author to list material disclosures in each paper, where applicable – they are not listed here. This academic papers directory is published in accordance with federal guidance to make public and available academic research funded by the federal government.