Security

Talk on "Software-based Side-Channel Attacks and Defenses"

Written on 05.02.2020 13:47 by Giancarlo Pellegrino

Dear students,

As promised today during the lecture, on 11/02/20, one of the leading researchers on microarchitectural side channel attacks and author of the Meltdown and ZombieLoad attacks, Micheal Schwarz, will give a talk at CISPA. You are more than welcome to attend. Below are the details.

Best,
Giancarlo

When: 11/02/20, 10:30-12:00

Where: CISPA Lecture Hall

Title: Software-based Side-Channel Attacks and Defenses
 
Abstract: The primary assumption of computer systems is that processed secrets are inaccessible for an attacker due to security measures in software and hardware. However, side-channel attacks allow an attacker to still deduce the secrets by observing certain side effects of a computation. For software-based attacks, unprivileged code execution is often sufficient to exploit side-channel weaknesses in applications. More recently, it was also shown that native code execution is not strictly necessary for certain attacks. Software-based side-channel attacks are even possible in JavaScript, a sandboxed scripting language found in modern browsers.
 
In this talk, we further investigate software-based side-channel attacks and countermeasures. We present novel side channels, methods to reduce the requirements for existing attacks, and demonstrate attacks in environments that were considered too restricted before. Finally, we show that side-channel attacks are a powerful primitive which allows mounting transient-execution attacks such as Meltdown and ZombieLoad.
 
Bio: Michael Schwarz is an infosec postdoctoral researcher at Graz University of Technology with a focus on microarchitectural side-channel attacks and system security. He holds two master's degrees, one in computer science and one in software development with a strong focus on security. He frequently participates in CTFs and has also been a finalist in the European Cyber Security Challenge. He was a speaker at Black Hat Europe 2016, Black Hat Asia 2017, 2018, 2019 & 2020, and Black Hat US 2018, where he presented his research on microarchitectural side-channel attacks. He authored and co-authored several papers published at international academic conferences and journals, including USENIX Security 2016, 2018 & 2019, NDSS 2017, 2018 & 2019, CCS 2019, and IEEE S&P 2018, 2019 & 2020. He was part of one of the research teams that found the Meltdown and Spectre vulnerabilities as well as the ZombieLoad vulnerability.