Today Kav and I are finally allowed to talk about #Retbleed. In 2018, #SpectreV2 was fixed by replacing indirect jumps with returns. But, returns can be poisoned like indirect jumps, throwing us us back to 2018 again. Paper, demo, addendum, code @ comsec.ethz.ch/retbleed

We define 𝜇CFI, a new CPU security property that detects microarchitectural constant time violations and CPU vulnerabilities that allow control-flow-hijacking attacks (4 RISC-V CVEs) or proves their absence: comsec.ethz.ch/research/hardw… (Paper at CCS'24) Flavien Solt Kav

Confused deputy attacks on EDA software generate vulnerable hardware from secure RTL. TransFuzz discovers 20 such translation bugs in open-source EDA (25 CVEs). Will be presented at USENIX Security '25. comsec.ethz.ch/wp-content/fil… Kav Kathi Ceesay-Seitz