Skip to Content

Ghosting the Spectre

Conference: OpenInfra Summit
Location: Berlin, Germany Slides: PDF
Video: YouTube

A series of vulnerabilities related to speculative execution rose to attention in 2018, involving a more sophisticated combination of techniques, and a more severe security impact, than previously considered possible. Cloud and container infrastructures offer little protection from the speculative execution vulnerabilities. Current mitigations only offer partial protection, have prohibitive performance penalties, and apply globally so mitigations must be chosen during hardware manufacture or data center deployment. Infrastructure, operating system, and application developers have little or no control over which mitigations are deployed, and therefore no choice in whether they endure the risk of speculation or suffer the performance penalty of mitigations. This talk considers three approaches that partially or completely eliminate speculative execution from modern hardware architectures, as a finer-grained approach to mitigating the speculative execution vulnerabilities.