Microarchitecture – My Personal Garden

Black Hat

Microarchitecture Vulnerabilities: Past, Present, and Future

Haco
September 4, 2025
1 min read

Past Present Logic Issues Exploitation Techniques Physical Domain in Software Mitigation Efforts Physical hardware cannot be changed in the field Vendors build in "Survivability features" Microcode is the most common used tool for mitigations Other firmware is also used "Chicken bits" to disable / change behavior Some issues are best mitigated in software Mitigations are not always possible/reasonable and almost difficult and time-consuming to engineer Prevention Pre-silicon Post-silicon Future Take Aways

Black Hat

SysBumps: Exploiting Speculative Execution in System Calls

Haco
September 2, 2025
3 min read

The video presents an attack technique called SysBumps, demonstrated by researchers Hyerean Jang, Taehun Kim, and Youngjoo Shin at Black Hat Europe 2024. Here’s what it’s about: What SysBumps DoesSysBumps breaks Kernel Address Space Layout Randomization (KASLR) on macOS systems running on Apple Silicon, including M-series chips. It uses speculative execution within system calls, triggering side-channel behaviors that allow an unprivileged attacker to detect kernel memory layout. How the Attack WorksBy system calls that involve speculative execution, attackers can influence the translation lookaside buffer (TLB). This manipulation allows…

Black Hat

Bypassing ARM’s Memory Tagging Extension with a Side-Channel Attack

Haco
September 2, 2025
2 min read

This explains a research project on how to bypass ARM's Memory Tagging Extension (MTE), a hardware feature designed to prevent memory corruption vulnerabilities. Here are the key takeaways: ARM MTE: MTE works like a "lock and key" system. Pointers have a "key" (a 4-bit tag) and memory objects have a "lock" (also a 4-bit tag). If the key and lock don't match when a pointer tries to access memory, the program will crash, preventing an attack. The Challenge: The tags are randomly generated, making it difficult for an…

Black Hat

The Devil is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces

Haco
September 2, 2025
2 min read

Jolio and Yenzo discusses new attack vectors on Deep Neural Network (DNN) executables, specifically focusing on side-channel and bit-flip vulnerabilities. Here's a summary of the key points: DNN Executables and Vulnerabilities: The talk begins by explaining that cloud service providers deploy machine learning models as valuable services. Attackers can exploit side-channels to learn about the architecture of these models, which then opens the door for other attacks. The speakers investigate if DNN executables, created through deep learning compilation for performance, are also vulnerable. Deep Compilation and Side-Channels: Deep…