Loading…
28 - 29 August | Amsterdam, Netherlands
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Linux Security Summit Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (CEST | UTC+2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
Friday August 29, 2025 09:05 - 09:50 CEST
Microarchitectural attacks such as Branch History Injection (BHI) can expose kernel data when instructions at a mispredicted indirect call target are executed speculatively with malicious data crafted by the attacker.

FineIBT (Fine-grain Control-flow Enforcement with Indirect Branch Tracking) is a hardening technique adopted by the Linux kernel (first merged in 6.2) that performs a check at each indirect call target to ensure that the target’s type (e.g., void (*)(int)) matches the type of the function pointer that was used to make the call. Although FineIBT can provide substantial defense-in-depth against architectural attacks such as Call-Oriented Programming (COP), its current implementation does not address microarchitectural attacks.

This talk introduces a new enhancement to FineIBT that hardens the Linux kernel against a plethora of microarchitectural attacks—including BHI—by poisoning the contents of live registers whenever the FineIBT check fails, thus preventing an attacker from using those registers to pass malicious data to a mis-predicted call target. This enhancement has been merged into Linux 6.15.
Speakers
avatar for Scott Constable

Scott Constable

Defensive Security Researcher, Intel Labs
Scott Constable is a security researcher at Intel Labs. He received his PhD in computer science from Syracuse University in 2018. Scott has contributed: Load Value Injection mitigations to LLVM/clang (2021); malicious single-step mitigations to the Intel SGX SDK (2023); a transient... Read More →
avatar for Sebastian Österlund

Sebastian Österlund

Offensive Security Researcher, Intel
Sebastian is an Offensive Security Researcher at Intel IPAS STORM, working on Operating Systems security mitigations, microcode static analysis, confidential computing, fuzzing, and more. In the past Sebastian has worked extensively on speculative execution attacks, being one of the... Read More →
Friday August 29, 2025 09:05 - 09:50 CEST
G102-103

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link