Security Research Bits

New security technical papers presented at the August 21 USENIX Security Symposium.


A number of hardware security-related technical papers were presented at the August 2021 USENIX Security Symposium. The organization provides open access research, and the presentation slides and papers are free to the public. Topics include side-channel attacks and defenses, embedded security, hardware security tokens, and more. Here are some highlights with associated links:


Name of Paper Research Organizations
SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript ETH Zurich and VU Amsterdam
On the Usability of Authenticity Checks for Hardware Security Tokens SBA Research,
UC Irvine,
Tokyo Institute of Technology,
University of Vienna,
CISPA Helmholtz Center for Info Security
Automatic Extraction Of Secrets From The Transistor Jungle Using Laser-Assisted Side-Channel Attacks TU Berlin,
Worcester Polytechnic,
Fraunhofer SIT
Lord of the Ring(s): Side Channel Attacks on the
CPU On-Chip Ring Interconnect Are Practical
University of Illinois at Urbana-Champaign

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend ETH Zurich
VoltPillager: Hardware-based fault injection attacks against Intel SGX Enclaves using the SVID voltage scaling interface School of Computer Science, University of Birmingham, UK
CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel Ohio State University,
Southern University of Science and Technology,
Baidu Security,
NIO Security Research
Cross-VM and Cross-Processor Covert Channels Exploiting Processor Idle Power Management ShanghaiTech University
Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLite University of Maryland,
Bilkent University
Does logic locking work with EDA tools? Texas A&M University
CURE: A Security Architecture with CUstomizable and Resilient Enclaves Technische Universität Darmstadt
DICE*: A Formally Verified Implementation of DICE Measured Boot University of California, Davis,
Microsoft Research,
University of California, Davis

PEARL: Plausibly Deniable Flash Translation Layer using WOM coding Stony Brook University
MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design Georgia Institute of Technology
DOLMA: Securing Speculation with the Principle of Transient Non-Observability University of Michigan
Osiris: Automated Discovery of Microarchitectural Side Channels CISPA Helmholtz Center for Information Security
Swivel: Hardening WebAssembly against Spectre UC San Diego,
Worcester Polytechnic Institute,
Intel Labs, UT Austin
Coco: Co-Design and Co-Verification of Masked Software Implementations on CPUs Graz University of Technology,
Lamarr Security Research
PASAN: Detecting Peripheral Access Concurrency Bugs within Bare-Metal Embedded Applications Purdue University, Indian Institute of Technology, Delhi,
University of Central Oklahoma, University of Texas at Dallas
On the Design and Misuse of Microcoded (Embedded) Processors — A Cautionary Note Ruhr University Bochum,
Max Planck Institute for Security and Privacy,
University of Massachusetts, Amherst
Jetset: Targeted Firmware Rehosting for Embedded Systems UCSD, Oberlin College,
University of Illinois at Urbana–Champaign

A complete listing of all papers presented at this USENIX conference can be found here. Other topics covered include cryptography, authentication, usable security and privacy, private computation, cryptocurrency, machine learning, automated security analysis of source code and binaries, secure multiparty computation, fuzzing and more.

Note: Semiconductor Engineering is in the process of gathering content for a Technical Papers page for all technologies related to the chip industry. If you have a recent published paper that is relevant to the Semiconductor Engineering audience and would like it to be highlighted on the site, please send a link to [email protected]. We do not publish entire papers, but we do link to proper sources. This page will not include company-specific white papers.

Semiconductor Engineering’s Security Knowledge Center
Special reports, top stories, blogs, videos and white papers on security.
Is There A Practical Test For Rowhammer Vulnerability?
New approaches surface for persistent DRAM issue.
IoT Security: Confusing And Fragmented
Regulations and compliance are inconsistent and often inadequate, but adding better security boosts cost and impacts performance and power.
Always On, Always At Risk
Chip security concerns rise with more processing elements, automatic wake-up, over-the-air updates, and greater connectivity.
New Security Risks Create Need For Stealthy Chips
Thinner dies and insulation layers add vulnerabilities for better hacker tools. Solutions do exist, but there are tradeoffs and no guarantees.
Security Concerns Rise For Connected Autos
Value of automotive data increases, widening the attack surface.

Leave a Reply

(Note: This name will be displayed publicly)