Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced cybersecurity research in this 13-minute conference talk from USENIX Security '25 that investigates critical vulnerabilities in modern CPU branch prediction mechanisms. Delve into how out-of-order processors use speculative execution and branch prediction for performance optimization, and discover how shared branch prediction resources can create security vulnerabilities that expose sensitive data across different software contexts. Examine the fundamental components of Branch Prediction Units (BPUs) and learn how resource sharing affects two underdocumented features: Bias-Free Branch Prediction and Branch History Speculation. Understand how these efficiency-enhancing features can inadvertently modify Branch History Buffer update behavior and create new attack primitives for malicious mis-speculations. Discover three novel attack primitives presented by researchers from Scuola Superiore Sant'Anna and Scuola IMT Alti Studi Lucca: Spectre-BSE and Spectre-BHS attacks, plus BiasScope, a cross-privilege control flow side-channel attack. Learn about the identification of vulnerable control flow patterns and their exploitation across multiple processors, culminating in the demonstration of Chimera, an eBPF-based attack capable of leaking kernel memory contents at 24,628 bit/s through a Spectre-BHS variant.
