In the real world, computer exploits are often simple: Logic bugs, forgotten bounds checks, or less-adept users typing their passwords into sketchy websites.
But what if we had a world full of flawless code, Rust-only programs, and completely security-aware end users?

Unfortunately, we still would not be secure.
Modern systems leak information in many ways, including performance optimizations or unavoidable limitations in hard- or software.
Execution time, memory access patterns, power usage, and other indirect effects can allow attackers to infer information and extract secrets, even from correctly implemented systems.

In this talk, we look at examples of different attacks exploiting behavior of the CPU architecture, microarchitecture, the Linux kernel code, and common applications that are running on your machine right now.
We will see that many side channels are caused by important performance optimizations, making them fundamentally difficult to eliminate.

This talk aims to demystify side channels and give an intuition on how they work, where they appear, and why even "correct" code is not necessarily secure.