EPISODE · Apr 15, 2022 · 55 MIN
04/15/22: When Memory Guards are Crooked and Become Speculating Snitches with Andrea Mambretti
from Boston Computation Club · host Max von Hippel
Andrea Mambretti is a system security researcher at IBM Research Europe, Zurich Laboratory. He received his Ph.D. from Northeastern University, in the SecLab under the supervision of Engin Kirda. Since 2011, he's participated in several CTF competitions (Ictf, Ructf, Defcon and others) with both the TowerOfHanoi and Shellphish teams. (Audience members will surely fall into two partitions: those who are more impressed by Andrea's PhD, and those who are more impressed by his membership in Shellphish 😉). Today, Andrea joined us to discuss some of his security research into ROP attacks, specifically attacks that exploit timing-based side-channels caused by speculative execution. This research builds on the academic legacy of attacks like Spectre, but formalizes the relevant threat models and explores the full space of relevant attack varieties. The talk was fun, technical, and exciting. We concluded with a question-and-answer/discussion section, mostly centered on (a) attack realizability against differing architectures, and (b) mitigations/defenses. This was a great talk, and we hope you enjoy it post-hoc! ArXiV Andrea's homepage Andrea's twitter Video version of this talk
What this episode covers
Andrea Mambretti is a system security researcher at IBM Research Europe, Zurich Laboratory. He received his Ph.D. from Northeastern University, in the SecLab under the supervision of Engin Kirda. Since 2011, he's participated in several CTF competitions (Ictf, Ructf, Defcon and others) with both the TowerOfHanoi and Shellphish teams. (Audience members will surely fall into two partitions: those who are more impressed by Andrea's PhD, and those who are more impressed by his membership in Shellphish 😉). Today, Andrea joined us to discuss some of his security research into ROP attacks, specifically attacks that exploit timing-based side-channels caused by speculative execution. This research builds on the academic legacy of attacks like Spectre, but formalizes the relevant threat models and explores the full space of relevant attack varieties. The talk was fun, technical, and exciting. We concluded with a question-and-answer/discussion section, mostly centered on (a) attack realizability against differing architectures, and (b) mitigations/defenses. This was a great talk, and we hope you enjoy it post-hoc! ArXiV Andrea's homepage Andrea's twitter Video version of this talk
NOW PLAYING
04/15/22: When Memory Guards are Crooked and Become Speculating Snitches with Andrea Mambretti
No transcript for this episode yet
Similar Episodes
Jun 10, 2026 ·32m
Jun 4, 2026 ·47m