Tinycl/architecture101

learn about computer architecture

Introduction to CPU microarchitecture and security

💬 This repository aims to collect content and multiple materials on CPU's security and exploitation:
mostly on how CPUs work and are designed and security vulnerabilities and attacks raised by its default implementation.

CPU architecture and vulnerabilities are one of my main interest subjects.
So I decided to use this repo to gather all info I could about this topic in one place

Enjoy! (:

0x00 how computers work?

books

• How Computers Really Work
• Computer Organization and Architecture | William Stallings
• Modern operating systems | Tanenbaum
• Computer Architecture: A Quantitative Approach
• Structured computer organization | Tanenbaum
• Modern Processor Design: Fundamentals of Superscalar Processors
• Computer Architecture and Security

courses & materials

videos/series

• Computer Architecture Complete Course
• CS50 Lectures
• Digital Design & Computer Architecture | ETH Zürich
• Como computadores funcionam? Playlist [PT-BR]
• How do computers work?
• Exploring How Computers Work
• Build a 65c02-based computer from scratch

others

• CS 61 - Systems Programming and Machine Organization (2022)

CPU 101

videos/series

• CPU Design series
• Architecture All Access - Intel Series
• How A CPU Works - The CPU Explained
• How a CPU works | In One Lesson
• Inside the CPU | Computerphile
• Physics of Computer Chips | Computerphile
• The Fetch-Execute Cycle | Tom Scott
• Coding Communication & CPU Microarchitectures
• Evolution Of CPU Processing Power
• Everything you want to know about x86 microcode, but might have been afraid to ask

docs & articles

• Understanding the fundamentals of CPU architecture
• A hackers tour of the x86 CPU architecture
• Stanford CS155 - Processor Security
• The purpose of the CPU
• How to Benchmark Code Execution Times on Intel® IA-32 and IA-64 Instruction Set Architectures
• Intel® 64 and IA-32 Architectures Software Developer Manuals

programming

• Design Your Own CPU Instruction Set
• Building A CPU From Scratch

CPU vulnerabilities & security

talks/conferences

• [Red Hat] Understanding Microarchitectural Data Sampling (aka MDS, ZombieLoad, RIDL & Fallout)
• Discover vulnerabilities in Intel CPUs | LiveOverflow
• How CPUs Access Hardware - Another SerenityOS Exploit
• [Blackhat] The Memory Sinkhole - Unleashing An X86 Design Flaw Allowing Universal Privilege Escalation
• [Blackhat] Breaking the x86 Instruction Set | Chris Domas
• [Blackhat] GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
• Exploiting vulnerabilities in the CPU microcode | Pedro Candel
• Abusing AMD Microcode for fun and security
• Microarchitectural Incontinence | Daniel Gruss
• [RSA Conference] Spectre Attacks: Exploiting Speculative Execution
• [IEEE Symposium] RIDL: Rogue In-Flight Data Load
• [BSides] Understanding Hardware Vulnerabilities
• [No Hat 2020] Exploiting vulnerabilities in Intel ACMs | Alexander Ermolov & Dmitriy Frolov
• Under the hood of a CPU: Reverse Engineering the P6 microcode | Peter Bosch
• [HACKADAY] Reading Silicon: How to Reverse Engineer Integrated Circuits | Ken Shirriff
• [Ekoparty 2022] Exec ASLR: Abusing intel branch predictors to bypass ASLR

articles & blogs

• Side Channel Vulnerabilities: Microarchitectural Data Sampling and Transactional Asynchronous Abort
• Intel Software Security Guidance
• Foreshadow - Breaking the virtual memory abstraction with transient out-of-order execution
• LVI - Hijacking transient execution with load value injection
• MDS: Microarchitectural Data Sampling
• Zombie Load attack
• Meltdown and Spectre Vulnerabilities in modern computers leak passwords and sensitive data
• Platypus - software-based power side-channel attacks
• Pluntervolt - corrupting the integrity of Intel SGX on Intel Core
• TPM Fail - timing leakage on Intel firmware-based TPM
• netCAT - network-based cache side-channel attack
• LazyFP - Exploiting lazy FPU state switching

tools & exploits

• Portsmash
• angr framework

papers: bugs/vulns

• Speculose: Analyzing the Security Implications of Speculative Execution in CPUs
• Platypus: Software-based Power Side-Channel Attacks on x86
• Plundervolt: Software-based Fault Injection Attacks against Intel SGX
• Spectre Attacks: Exploiting Speculative Execution
• SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution
• Spectre Returns! Speculation Attacks using the Return Stack Buffer
• Meltdown: reading kernel memory from user space
• Zenbleed
• Retbleed: Arbitrary Speculative Code Execution with Return Instructions
• FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
• INCEPTION: Exposing New Attack Surfaces with Training in Transient Execution
• Phantom: Exploiting Decoder-detectable Mispredictions

papers: techniques

• Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions
• Microarchitectural attacks and Countermeasures
• Reverse Engineering x86 Processor Microcode