filmov
tv
RuhrSec 2017: 'Rowhammer Attacks: A Walkthrough Guide', Dr. Clémentine Maurice & Daniel Gruss
Показать описание
RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information ...
Abstract. In the past 2 years the so-called Rowhammer bug has caught the attention of many academic and non-academic researchers. The scary aspect of the Rowhammer bug is that is entirely invalidates software security assumptions. Isolation mechanisms are ineffective to a degree where an attacker can run in a website and compromise the entire host system.
In this walkthrough guide I will walk you through all Rowhammer attacks that have been presented so far. We will start with the seminal work by Kim. et. al. 2014 and discuss the basic idea of triggering bitflips in software. Subsequently we will discuss how to use their findings in exploits, as demonstrated by Google researchers in 2015. The results from the works of these two groups is still of vital interest for the discussion of countermeasures that now may find their way into the Linux kernel.
Another branch of attacks combine Rowhammer with other attack primitives. We will discuss attacks using deduplication (Dedup est Machina, Flip Feng Shui) and their impact. Furthermore, we will discuss the first Rowhammer attacks on cryptographic primitives that have been presented in 2016.
Finally, we will discuss countermeasures, i.e. Rowhammer detection and Rowhammer mitigation. While several countermeasures have been discussed and some have even been deployed, the problem is widely unsolved. We will shed light on the ongoing discussion amongst Linux kernel developers and point out dead ends that should be avoided in the future.
Speakers:
Dr. Clémentine Maurice and Daniel Gruss
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #rowhammer #ruhrsec #cyber #talk #rowhammerbug
#conference #itsecurity #itsicherheit #JavaScriptsandbox #cryptography
🔽 More information ...
Abstract. In the past 2 years the so-called Rowhammer bug has caught the attention of many academic and non-academic researchers. The scary aspect of the Rowhammer bug is that is entirely invalidates software security assumptions. Isolation mechanisms are ineffective to a degree where an attacker can run in a website and compromise the entire host system.
In this walkthrough guide I will walk you through all Rowhammer attacks that have been presented so far. We will start with the seminal work by Kim. et. al. 2014 and discuss the basic idea of triggering bitflips in software. Subsequently we will discuss how to use their findings in exploits, as demonstrated by Google researchers in 2015. The results from the works of these two groups is still of vital interest for the discussion of countermeasures that now may find their way into the Linux kernel.
Another branch of attacks combine Rowhammer with other attack primitives. We will discuss attacks using deduplication (Dedup est Machina, Flip Feng Shui) and their impact. Furthermore, we will discuss the first Rowhammer attacks on cryptographic primitives that have been presented in 2016.
Finally, we will discuss countermeasures, i.e. Rowhammer detection and Rowhammer mitigation. While several countermeasures have been discussed and some have even been deployed, the problem is widely unsolved. We will shed light on the ongoing discussion amongst Linux kernel developers and point out dead ends that should be avoided in the future.
Speakers:
Dr. Clémentine Maurice and Daniel Gruss
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #rowhammer #ruhrsec #cyber #talk #rowhammerbug
#conference #itsecurity #itsicherheit #JavaScriptsandbox #cryptography
0:40:13
RuhrSec 2017: 'Rowhammer Attacks: A Walkthrough Guide', Dr. Clémentine Maurice & Danie...
0:18:49
Rowhammer attacks explained simply
0:11:17
SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript (USENIX Security '21)
![[GreHack 2017] Attack](https://i.ytimg.com/vi/FiPFBWxHVmI/hqdefault.jpg)
0:26:31
[GreHack 2017] Attack ARM TrustZone using Rowhammer
0:38:39
RuhrSec 2016: 'Cache Side-Channel Attacks and the case of Rowhammer', Daniel Gruss
0:44:45
RuhrSec 2017: 'Keynote: How to Build Hardware Trojans', Prof. Dr. Christof Paar
0:40:34
RuhrSec 2017: 'Using Microarchitectural Design to Break KASLR and More', Anders Fogh
0:10:32
rowhammer
0:29:55
CCS 2016 - Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
0:11:04
rowhammer
0:18:00
USENIX ATC '22 - SoftTRR: Protect Page Tables against Rowhammer Attacks using Software-only...
0:33:50
RuhrSec 2017: 'A new categorization system for Side-channel attacks on mo...', Dr. Veelash...
0:00:59
Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks
0:01:34
Rowhammer attack against RAM memory cards that bypass all current defenses
0:16:55
Leveraging EM Side-Channel Information to Detect Rowhammer Attacks
0:20:44
Sledge Hammer! - Trust Me, You Can Hijack Entire Systems with the Rowhammer Attack! -- Episode 6.1
0:17:41
Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU
0:20:08
Exploiting Correcting Codes On the Effectiveness of ECC Memory Against Rowhammer Attacks
![[ASPLOS19 Lightning Talk]](https://i.ytimg.com/vi/WAXiwwJMyFo/hqdefault.jpg)
0:02:27
[ASPLOS19 Lightning Talk] Protecting Page Tables from RowHammer Attacks using True-Cells
0:54:13
Black Hat USA 2017 Exploiting The DRAM Rowhammer Bug To Gain Kernel Privileges
0:08:46
Rowhammer Gets More Dangerous
0:19:01
USENIX Security '19 - SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks
0:48:20
#HITBLockdown002 - D1T1 - Secret Flaws of In-DRAM RowHammer Mitigations - E. Vannacci & P. Frigo
0:01:08
Drammer - Rowhammer 2
Комментарии