Software-based Mitigations for Hardware Vulnerabilities

Due to the evolving Coronavirus/COVID-19 situation, SREcon20 Americas West has been rescheduled to June 2–4, 2020.
More information is available here.

Tuesday, March 24, 2020 - 11:50 am12:30 pm

Antonio Gomez, Intel

Core Principles

Recently disclosed side-channel methods that target internal structures and hardware abstractions of most modern CPUs have received significant attention and have increased the awareness of different actors about hardware vulnerabilities. This presentation introduces the basic concepts behind these methods, presents a threat model, and discusses some of the software mitigations that have been implemented to help protect production hardware against these methods. These mitigations provide system administrators a number of options to configure, from boot time options to real-time changes. This presentation focuses on some ongoing efforts to improve process isolation in Linux*. The talk describes the efforts to improve the reliability of the Linux kernel on a large variety of platforms. We consider how the new functionality is validated, the variety of workloads used to test the changes, life testing or studying potential undesired side effects.

Antonio Gomez, Intel

Antonio is a software engineer in Intel where he focuses on security software mitigations. He holds a Ph.D. in computer science and has worked in different roles in the areas of performance, computer architecture, parallel programming, and security for the last 15 years.

@conference {247267,
author = {Antonio Gomez},
title = {Software-based Mitigations for Hardware Vulnerabilities},
year = {2020},
address = {Santa Clara, CA},
publisher = {{USENIX} Association},
month = mar,