Kristof Beyls

icon indicating an email [email protected]

Results 40 issues of Kristof Beyls

Make HTML output look and feel better

18 comment

The current HTML version of the book can be improved a lot. In this issue, let's record an overview of all the ideas for improvements. More detailed discussions for specific...

HTML

Add description of memory safety.

1 comment

Also discuss how memory allocators can mitigate against temporal memory safety.

content

Write about mitigations for branch predictor-based side channels

3 comment

After a bit of investigation, it seems the following are mitigations that could be worthwhile to briefly discuss in the book: - (SW/HW) Flushing branch state when switching between sandboxes/distrusting...

content

Section 2.4.1 "Return-oriented Programming": Explain how assembly gadgets could be generated from C/C++

3 comment

See TODO in text.

content

Section 2.7.1 "Sanitizers": Also describe other mechanisms to detect memory errors

Such as software-based ones (static analysis, library and buffer hardening) and hardware-based ones, e.g. PAuth-based pointer integrity schemes, MTE etc. See TODO in text.

content

Section 5.2.3 "Countermeasures": reduce overlap with section on timing-based side channels

see TODO in text.

content

Chapter 5: "Physical attacks": move chapter to a section in the chapter on side channels

see TODO in text.

content

Chapter 4 "Supply chain attacks": Explain how to mitigate these

see TODO in text

content

Chapter 3 "Side-channels": Write section on site isolation as a SpectreV1 mitigation

see TODO in text

content

Section 3.5 "Transient Execution": Write sections on specific transient execution attacks such as Spectre and Meltdown.

see TODO in text.

content