News
Next Seminar on 12.04.2023
Written on 11.04.2023 10:36 by Niklas Medinger
Dear All,
The next seminar(s) take place on 12.04.2023 at 14:00 (Session A).
Session A: (14:00-15:30)
Leonard Niemann, Severin Engel, Syed Tagi Abbas Rizvi
https://cispa-de.zoom.us/j/96786205841?pwd=M3FOQ3dSczRabDNLb3F1czVXVUpvdz09
Meeting-ID: 967 8620 5841
Kenncode: BT!u5=
Session A:
14:00 - 14:30
Speaker: Leonard Niemann
Type of talk: Master Intro
Advisor: Dr. Michael Schwarz
Title: Performance Counters Rethought: Actively Mitigating Microarchitectural Side-Channel Attacks
Research Area: RA3
Abstract:
In recent years, new microarchitectural side-channel attacks have been discovered regu-
larly, which has gained them popularity amongst researchers and criminals. These side
channel attacks leak secrets via metadata that is exposed through shared microarchitec-
tural building blocks. Defenses are lacking behind, as they typically require expensive
changes to the microarchitecture. Moreover, they are often overly specific to certain
types of attacks and only work against a subset of all attacks. Recent research proposes
using hardware performance monitoring counters for detecting attacks. However, none
of such approaches specifies the process after the detection has happened and thus they
do not prevent the leakage of data.
In this thesis, we present PMCDefender, which is a software-only toolkit for actively
mitigating a variety of microarchitectural side-channel attacks. While also relying on
performance monitoring counters, we present a synchronous way to immediately stop
the execution of a victim program, if an attack is detected. Thereby, we actively prevent
the leakage of data or at least limit the amount of data that can be leaked to be negli-
gible. We demonstrate that our approach works against multiple attacks and further
demonstrate its applicability in two real-world case studies. Based on the results we
conclude that active mitigation of microarchitectural side channel attacks works and
that our tool’s capabilities are sufficient to prevent the leakage of data.
14:30 - 15:00
Speaker: Severin Engel
Type of talk: Master Intro
Advisor: Dr. Nils Ole Tippenhauer & Dr. Ali Abbasi
Title: SatCom Security: Security Assessment of CCSDS Space Data Link Security & SDLS-EP
Research Area: RA3
Abstract:
Satellites provide both comfort services that affect many of us on a daily basis, such as GPS,
and critical infrastructure like military or emergency communication. Satellite communication
should be secured in order to protect these services from attacks. However, Russia's cyberattack
on Viasat terminals immediately preceding the beginning of the current Ukraine conflict proved
the possibility to compromise SatCom systems. It should be noted that those systems had known
open vulnerabilities that were not acted upon, which emphasizes the slow adaption of security in
satellite systems. Previously security was neglected on the premise that communicating with
satellites is only accessible to state-level actors. However, the growth of LEO constellations,
bringing satellites significantly closer to Earth and the development of software defined radios
made this assumption invalid.
To further emphasize the importance of SatCom security, space is not as spacious as it may sound
and both intentional and accidental satellite collisions occurred before. Such collisions create
thousands of debris pieces that will further increase the likelihood of collisions, which in a
catastrophic scenario may cause an unstoppable cascade of collisions known as the Kessler
Syndrome. Therefore satellite operators should avoid losing control and avoid attackers gaining
control of their satellites.
This project will be the first public independent security assessment of the state-of-the-art
SatCom security protocol CCSDS SDLS. The protocol is of high interest, as the committee CCSDS is
comprised of most major space agencies and the protocol SDLS is the only protocol providing CIA
guarantees to almost all types of traffic. We plan on creating an in-depth Design Review of the
protocol that will provide an insight in the protocol's security and will enable further
assessments.
15:00 - 15:30
Speaker: Syed Tagi Abbas Rizvi
No information provided.