CppCon 2018 Plenary: Spectre: Secrets, Side-Channels, Sandboxes, and Security by Chandler Carruth

Chandler CarruthLess than a week remains for Early Bird registration. Only six days (three US business days) remain before the deadline.

Plenary Speaker: Chandler Carruth

Chandler, who leads the C++ and LLVM teams at Google and is one of the most popular speakers at CppCon, will tackle the new class of vulnerabilities in modern CPUs with his talk Spectre: Secrets, Side-Channels, Sandboxes, and Security. He is one of the lead engineers within Google and across the industry working to respond to these developments.

From his talk’s description:

The discovery of speculative execution side-channel attacks (called “Spectre”) fundamentally changes the security model of every modern superscalar microprocessor. Extracting secret data (credit cards, cryptographic keys) through side-channels is not new and has challenged the cryptographic community for decades. However, speculative execution attack techniques have fundamentally altered the ease and applicability of side-channels: far more code is impacted by these attacks and they can more reliably be weaponized. Responding to these issues has impacted CPU design, compiler design, library design, sandbox techniques and even the C++ programming language and standard.

This talk will explain how these kinds of attacks work at a high level and provide a clear set of terminology to describe these classes of vulnerabilities and attacks. It will show how the different variants work at the low level of modern hardware to give a detailed and precise understanding of the mechanics involved on CPUs today.

In addition to his plenary address, Chandler will participate in a panel discussion with other experts from across the industry who have helped lead this security incident response.