InfoSec Seminar: Meltdown and Spectre vulnerabilities: What went wrong?

Speaker: Mark Handley

Date/Time: 11-Jan-2018, 00:00 UTC

Venue: Roberts 508

Details

Abstract

The Meltdown and Spectre vulnerabilities in almost all modern CPUs have received a great deal of publicity in the last week. Operating systems and hypervisors need significant changes to how memory management is performed, CPU firmware needs updating, compilers are being modified to avoid risky instruction sequences, and browsers are being patched to prevent scripts having access to accurate time. All this because of how speculative execution is handled in modern pipelined superscalar CPUs, and how side-channel attacks reveal information about execution that the CPU tries to pretend did not happen. Mark Handley will explain what modern CPUs actually do to go fast, discuss how this leads to the Meltdown and Spectre vulnerabilities, and summarize the mitigations that are being put in place.

Bio

Mark Handley joined the Computer Science department at UCL as Professor of Networked Systems in 2003, receiving a Royal Society-Wolfson Research Merit Award. From 2003-2010 he led the Networks Research Group, which has a long history dating back to 1973 when UCL became the first site outside the United States to join the ARPAnet, which was the precursor to today's Internet. Prior to joining UCL, Professor Handley was based at the International Computer Science Institute in Berkeley, California, where he co-founded the AT&T Center for Internet Research at ICSI (ACIRI). Professor Handley has been very active in the area of Internet Standards, and has served on the Internet Architecture Board, which oversees much of the Internet standardisation process. He is the author of 33 Internet standards documents (RFCs), including the Session Initiation Protocol (SIP), which is the principal way telephony signalling is performed in Internet-based telephone networks. Recently he has been standardizing multipath extensions to TCP. Professor Handley's research interests include the Internet architecture (how the components fit together to produce a coherent whole), congestion control (how to match the load offered to a network to the changing available capacity of the network), Internet routing (how to satisfy competing network providers' requirements, while ensuring that traffic takes a good path through the network), and defending networks against denial-of-service attacks. He also founded the XORP project to build a complete open-source Internet routing software stack.

Add to Calendar

This page was last modified on 27 Mar 2014.