Beyond the Noise: Automated Discovery of Microarchitectural Security Leaks

Michael Schwarz

Microarchitectural security is still a relatively young research area with many unexplored territories with exciting discoveries to be made, even for newcomers. Experiments in this area often yield strange and seemingly random observations, appearing as noise. Surprisingly, these oddities can reveal side channels or even processor vulnerabilities. However, even for domain experts, designing experiments to discover new side-channel leakage can be a tedious and time-consuming process that also requires a non-negligible amount of luck. In this talk, we show how automation can help in this discovery process. We cover recent advances in tooling and automation for microarchitectural leakage discovery, drawing parallels to the field of software testing. Although automation in this domain is still taking its first steps compared to software testing, we showcase how it has already led to the uncovering of previously hidden side channels and transient execution attacks. With the existing techniques and open-source tools, you might even be the next to find an exciting security vulnerability.