Real world security: from theory to practice and back again
The security of any system relies on models and assumptions thatattempt to capture potential adversarial behavior. Unfortunately, whenfaced with real-world adversaries, these assumptions often becomeflaky, inaccurate, or even flat out wrong. In this talk, I will showseveral examples of this gap between theoretical and real-worldsecurity. First, I will present Spectre and Meltdown, twomicroarchitectural attacks that read protected OS kernel memory byexploiting speculative execution, a performance optimization typicallyperformed by all modern CPUs. Second, I will show how to utilizeunintentional physical side-channel leakage from complex computingdevices in order to extract secret cryptographic keys. Finally, on thedefensive side, I will show how theory can potentially help bydiscussing how to construct and deploy verifiable computation schemesfor arbitrary C programs.The talk will include live demonstrations of cryptographic techniques.