Bio: Scott is a security researcher in Intel Labs. He received his PhD from Syracuse University in 2018 for his dissertation titled “Static Enforcement of Termination-Sensitive Noninterference Using the C++ Template Type System.” Scott’s current research covers language-based security and transient execution attack mitigation. Most recently, he developed an optimized software mitigation technique for Load Value Injection (LVI); this approach has since been adopted by LLVM/clang.
Abstract: A transient execution attack exploits the microarchitectural side effects of transient (i.e., impermanent) instructions. Since the revelation of the first transient execution attacks—dubbed “Spectre” and “Meltdown” by researchers—the CPU industry has made steady progress toward hardware designs that are resilient against this class of vulnerabilities. Yet researchers continue to try to identify gaps. Security experts and non-experts alike should be aware of the latest research on potential vulnerabilities to transient execution attacks, and factors to consider when deploying software mitigations. This keynote will provide an overview of the current state-of-the-art mitigations and a glimpse into the future of transient execution from a software perspective.