filmov
tv
RuhrSec 2016: 'Cache Side-Channel Attacks and the case of Rowhammer', Daniel Gruss
Показать описание
RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information ...
Abstract. Software security relies on isolation mechanisms provided by hardware and operating system. However, isolation mechanisms are often insufficient, for instance due to the existence of caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks.
The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of hardware features. This broadens the field of cache attacks and increases their impact significantly.
The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites.
Speaker: Daniel Gruss
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #rowhammer #ruhrsec #cyber #talk
#conference #itsecurity #itsicherheit #cachsidechannelattack
🔽 More information ...
Abstract. Software security relies on isolation mechanisms provided by hardware and operating system. However, isolation mechanisms are often insufficient, for instance due to the existence of caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks.
The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of hardware features. This broadens the field of cache attacks and increases their impact significantly.
The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites.
Speaker: Daniel Gruss
———
👉 Subscribe to our channel:
👉 Read more about interesting IT Security topics on our blog:
✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
———
———
Thanks for your attention and support. Stay secure.
#cybersecurity #rowhammer #ruhrsec #cyber #talk
#conference #itsecurity #itsicherheit #cachsidechannelattack
0:38:39
RuhrSec 2016: 'Cache Side-Channel Attacks and the case of Rowhammer', Daniel Gruss
0:53:49
#HITB2016AMS D2T1 - Cache Side Channel Attacks: CPU Design As A Security Problem - Anders Fogh
0:26:00
CCS 2016 - Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
0:53:49
#HITB2016AMS D2T1 - Cache Side Channel Attacks CPU Design As A Security Problem - Anders Fogh.mp4
0:19:32
Last-Level Cache Side-Channel Attacks are Practical
0:02:18
Live detection and mitigation of a cache side channel attack
0:17:19
MobiSys 2020 - SmokeBomb: Effective Mitigation Method against Cache Side-channel Attacks
0:33:50
RuhrSec 2017: 'A new categorization system for Side-channel attacks on mo...', Dr. Veelash...
0:56:15
Cache Side Channel Attack: Exploitability and Countermeasures
0:27:22
CCS 2016 - A Software Approach to Defeating Side Channels in Last-Level Caches
0:55:10
2016-12-07 CERIAS - When Side Channel Meets Row Hammer: Cache-Memory Attacks in Clouds and Mobile...
0:03:41
Cache side-channel attack on virtualised infrastructure
0:23:49
Side-Channel Attacks on Everyday Applications
0:38:31
RuhrSec Day 2022 // Secure Cache Designs: State of the Art and ... , Lukas Giner and Daniel Gruss
0:28:22
USENIX Security '17 - Strong and Efficient Cache Side-Channel Protection...
0:01:01
Cache Template Attacks - Lightning Talk for Usenix Security 2015
0:20:33
Side-Channel Attacks on Shared Search Indexes
0:22:10
CICC 2020: Deep Learning Side-Channel Attacks and protection using Signature Attenuation Hardware
0:00:59
Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks
0:19:47
Attack Directories, Not Caches: Side Channel Attacks in a Non Inclusive World
0:44:00
Daniel Gruss – Microarchitectural Incontinence - You would leak too if you were so fast!
0:27:05
All in the timing: How side channel attacks work
0:09:41
ECED4406 - 0x500 Introduction to Side Channel Attacks
0:06:17
May the Fourth Be With You A Microarchitectural Side Channel Attack on Real World Applications of C
Комментарии