In the last couple of years, we have observed the disclosure of a new set of innovative methods targeting internal structures and common hardware abstractions of many modern CPUs. These methods are relevant to many technology contexts, but what are these methods? Why are those hardware abstractions included in modern processors? What would the thread model of a potential implementation be? Even though these are methods that target the hardware, the existing mitigations for components that are already in the market, or that have even been out of the market for a while, are implemented in software. What do these software mitigations look like? What do they do? Do different actors understand these methods, what the mitigations do, and what they can do to configure these mitigations to better protect their systems based on their computing requirements? What can be done in the Linux kernel to enhance process isolation to prevent potential attacks? This presentation will answer all those questions while focusing on changes introduced in the Linux kernel and that are publicly available.
Antonio Gomez (@4g0mez) is a software engineer at Intel where he focuses on security software mitigations. He holds a Ph.D. in computer science and has worked on different roles in the area of performance, computer architecture, parallel programming, and security for the last 15 years.