A5038169665- Security and Verification in Computing
- Advanced Malware Detection Techniques
- Physical Unclonable Functions (PUFs) and Hardware Security
- Advanced Memory and Neural Computing
- Distributed systems and fault tolerance
- Cloud Data Security Solutions
- Parallel Computing and Optimization Techniques
- Network Security and Intrusion Detection
- Diamond and Carbon-based Materials Research
- Semiconductor materials and devices
- Healthcare Technology and Patient Monitoring
University of Michigan
2020-2024
Vrije Universiteit Amsterdam
2017-2019
We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces privilege boundaries (e.g., process, kernel, SGX, even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from variety micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU speculatively serve loads using extraneous in-flight line fill buffers). Contrary other...
Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated that attackers can leak information while it transits through microarchitectural buffers. Named Microarchitectural Data Sampling (MDS) by Intel, these attacks are likened to "drinking from the firehose", attacker has little control over what data is observed origin. Unable prevent buffers leaking, Intel issued countermeasures via microcode updates overwrite when CPU changes security domains.In this work...
Over the past few years, high-end CPU market is undergoing a transformational change. Moving away from using x86 as sole architecture for high performance devices, we have witnessed introduction of heavy-weight Arm CPUs computing devices. Among these, perhaps most influential was Apple's M-series architecture, aimed at completely replacing Intel in Apple ecosystem. However, while significant effort has been invested analyzing CPUs, ecosystem remains largely unexplored.
Recent hardware-based attacks that compromise systems with Rowhammer or bypass address-space layout randomization rely on how the processor's memory management unit (MMU) interacts page tables. These often need to reload tables repeatedly in order observe changes target system's behavior. To speed up MMU's table lookups, modern processors make use of multiple levels caches such as translation lookaside buffers (TLBs), special-purpose and even general data caches. A successful attack needs...
The drive to create thinner, lighter, and more energy efficient devices has resulted in modern SoCs being forced balance a delicate tradeoff between power consumption, heat dissipation, execution speed (i.e., frequency). While beneficial, these DVFS mechanisms have also software-visible hybrid side-channels, which use software probe analog properties of computing devices. Such attacks are an emerging threat that can bypass countermeasures for traditional microarchitectural side-channel...
Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated that attackers can leak information while it transits through microarchitectural buffers. Named Microarchitectural Data Sampling (MDS) by Intel, these attacks are likened to "drinking from the firehose", attacker has little control over what data is observed origin. Unable prevent buffers leaking, Intel issued countermeasures via microcode updates overwrite when CPU changes security domains. In this work...