The Best Defense is a Good Offense: Robustly Mitigating Spectre and Rowhammer in Future Systems
Join us for our upcoming Future Computing Seminar Series
Speaker: Prof. Gururaj Saileshwar (University of Toronto)
Date: May 27th, 2025, 17:30 CET
Where: CAB G11
Abstract:
As microarchitectural vulnerabilities like Spectre and Rowhammer continue to undermine the security of modern computing systems, it is critical to develop robust defenses. However, many hardware-based countermeasures, for instance against Spectre, have been shown insecure often years after development. This highlights the need for more robust, offensive testing of defenses at design time, to ensure we deploy secure defenses.
In this talk, we present AMuLeT (ASPLOS'25), an automated testing framework for detecting speculative leakage vulnerabilities during the design phase. AMuLeT extends model-based relational testing techniques to microarchitectural simulators, enabling systematic evaluation of countermeasures. Using AMuLeT, integrated with the Gem5 simulator, we conducted the first large-scale analysis of four popular Spectre defenses. This testing automatically uncovered 3 previously known and 6 unknown vulnerabilities in these countermeasures, and showed, for the first time, that the recently proposed SpecLFB (SEC'24) is insecure. AMuLeT thus enables early detection of speculative vulnerabilities at design-time, facilitating rapid-prototyping of defenses, reducing the risk of deploying flawed defenses.
In the second part of the talk, we introduce QPRAC (HPCA'25), a Rowhammer defense built on the emerging PRAC framework for DDR5 memory. We describe new attacks we discovered on a PRAC implementation based on Panopticon [DRAMSec’21], that can bypass the Rowhammer mitigation and induce bit-flips. To counter these attacks, we propose QPRAC that employs a priority-based mitigation service queue within PRAC, co-designed with other opportunistic and proactive mitigations providing security at minimal overheads (<1% slowdown).
Bio:
Gururaj Saileshwar is an Assistant Professor at the University of Toronto, Dept of Computer Science. His research is at the intersection of computer architecture and system security, with interests in micro-architectural side-channel attacks, DRAM Rowhammer attacks, and security for machine learning systems. His research has received an IEEE Top Picks in Hardware and Embedded Security, IEEE HPCA Best Paper Award, an IEEE Micro Top Picks Honorable Mention, and his PhD dissertation was recognized with an IEEE HOST Best PhD Dissertation Award, an IEEE TCCA / ACM SIGARCH Best Dissertation Award (Honorable Mention), and ACM SIGMICRO Dissertation Award (Honorable Mention).