A5090883929- Security and Verification in Computing
- Physical Unclonable Functions (PUFs) and Hardware Security
- Advanced Malware Detection Techniques
- Advanced Data Storage Technologies
- Cloud Data Security Solutions
- Cryptographic Implementations and Security
- Digital Rights Management and Security
- Adversarial Robustness in Machine Learning
- Parallel Computing and Optimization Techniques
- Smart Grid Security and Resilience
- Real-Time Systems Scheduling
- Caching and Content Delivery
- Distributed systems and fault tolerance
- Digital Media Forensic Detection
- Radiation Effects in Electronics
- Low-power high-performance VLSI design
Graz University of Technology
2017-2025
The Rowhammer bug allows unauthorized modification of bits in DRAM cells from unprivileged software, enabling powerful privilege-escalation attacks. Sophisticated countermeasures have been presented, aiming at mitigating the or its exploitation. However, state art provides insufficient insight on completeness these defenses. In this paper, we present novel attack and exploitation primitives, showing that even a combination all defenses is ineffective. Our new technique, one-location...
In this paper, we present CSI:Rowhammer, a principled hardware-software co-design Rowhammer mitigation with cryptographic security and integrity guarantees, that does not focus on any specific properties of Rowhammer. We design new memory error detection mechanism based low-latency MAC an exception initiating software-level correction routine. The handler uses novel instruction-set extension for the resumes execution afterward. contrast to regular ECC-DRAM remains exploitable if more than 2...
Rowhammer has been shown to be an extensive attack vector. In the years since its discovery, numerous exploits have shown, attacking a wide range of targets from kernels, through web browsers machine learning models. These attacks were not always mounted code running on CPU system. Various devices peripheral CPU, like GPUs or networks cards can cause bit flips DMA accesses main memory. this work, we take look at solid state drives (SSDs) and if they exploited as confused deputies perform...
Modern superscalar CPUs have multiple execution units that independently execute operations from the instruction stream. Previous work has shown numerous side channels exist around these out-of-order pipelines, particularly for an attacker running on SMT core.In this paper, we present SQUIP attack, first side-channel attack scheduler queues, which are critical deciding schedule of instructions to be executed in CPUs. Scheduler queues not been explored as a channel so far, Intel only single...
Page tables enforce process isolation in systems. Rowhammer attacks break by flipping bits DRAM to tamper page and achieving privilege escalation. Moreover, new existing mitigations. We seek protect systems against such breakthrough attacks. present PT-Guard, an integrity protection mechanism for tables. PT-Guard uses unused Table Entries (PTE) embed a Message Authentication Code (MAC) the PTE cacheline without any storage overhead. These arise from PTEs supporting petabytes of physical...
Modern processors are equipped with numerous features to regulate energy consumption according the workload.For this purpose, software brings processor cores into idle states via dedicated instructions such as hlt.Recently, Intel introduced C0.1 and C0.2 states.While previously could only be reached privileged operations, these new can also by an unprivileged attacker.However, attack surface open is still unclear.In paper, we present IdleLeak, a novel side-channel exploiting in two distinct...
In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage all queues on AMD Zen 3 and show that leak. mount first contention attacks 4, with a novel measurement method evoking an out-of-order race condition, more precise than state art. demonstrate inter-keystroke timing based contention, F1 score $\geq$ 99.5 % standard deviation below 4 ms from ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing...
Modern CPUs dynamically scale voltage and frequency for efficiency. However, too low voltages can result in security-critical errors. Hence, vendors use a generous safety margin to avoid errors at the cost of higher energy overheads.
The Rowhammer bug allows unauthorized modification of bits in DRAM cells from unprivileged software, enabling powerful privilege-escalation attacks. Sophisticated countermeasures have been presented, aiming at mitigating the or its exploitation. However, state art provides insufficient insight on completeness these defenses. In this paper, we present novel attack and exploitation primitives, showing that even a combination all defenses is ineffective. Our new technique, one-location...