Uncovering A Significant Residual Attack Surface For Cross-Privilege Spectre-V2 Attacks


A technical paper titled “InSpectre Gadget: Inspecting the Residual Attack Surface of Cross-privilege Spectre v2” was presented at the August 2024 USENIX Security Symposium by researchers at Vrije Universiteit Amsterdam. Abstract: "Spectre v2 is one of the most severe transient execution vulnerabilities, as it allows an unprivileged attacker to lure a privileged (e.g., kernel) victim into... » read more

Microarchitecture Vulnerabilities: Uncovering The Root Cause Weaknesses


In early 2018, the tech industry was shocked by the discovery of hardware microarchitecture vulnerabilities that bypassed decades of work put into software and application security. Meltdown and Spectre exploited performance features in modern application processors to leak sensitive information about victim programs to an adversary. This leakage occurs through the hardware itself, meaning th... » read more

New Concepts Required For Security Verification


Verification for security requires new practices in both the development and verification flows, but tools and methodologies to enable this are rudimentary today. Flows are becoming more complex, especially when they span multiple development groups. Security is special in that it is pervasive throughout the development process, requiring both positive and negative verification. Positive ver... » read more

What’s Required To Secure Chips


Experts at the Table: Semiconductor Engineering sat down to talk about how to verify that a semiconductor design will be secure, with Mike Borza, Synopsys scientist; John Hallman, product manager for trust and security at Siemens EDA; Pete Hardee, group director for product management at Cadence; Paul Karazuba, vice president of marketing at Expedera; and Dave Kelf, CEO of Breker Verification. ... » read more

How Secure Are RISC-V Chips?


When the Meltdown and Spectre vulnerabilities were first uncovered in 2018, they heralded an industry-wide shift in perspective regarding processor security. As the IBM X-Force Threat Intelligence Index put it the following year, "2018 ushered in a new era of hardware security challenges that forced enterprises and the security community to rethink the way they approach hardware security." R... » read more

Prefetch Side Channels Undermine the Isolation Between User and Kernel Space on AMD CPUs


This new technical paper titled "AMD Prefetch Attacks through Power and Time" is from researchers at Graz University of Technology and CISPA Helmholtz Center for Information Security. Note, this is a prepublication paper for the USENIX Security Symposium in Boston in August 2022.   This paper includes countermeasures and mitigation strategies, and the paper indicates that the findings were di... » read more

Chip Backdoors: Assessing the Threat


In 2018, Bloomberg Businessweek made an explosive claim: Chinese spies had implanted backdoors in motherboards used by some high-profile customers, including the U.S. Department of Defense. All of those customers issued strongly worded denials. Most reports of hardware backdoors have ended up in exchanges like these. There are allegations and counter-allegations about specifics. But as hardw... » read more

RETBLEED: New Spectre-BTI Attack (ETH Zurich)


New Spectre-BTI attack that "leaks arbitrary kernel memory." It's detailed in this research paper titled “RETBLEED: Arbitrary Speculative Code Execution with Return Instructions” from researchers at ETH Zürich. Mitigations are available. Abstract "Modern operating systems rely on software defenses against hardware attacks. These defenses are, however, as good as the assumptions they m... » read more

Hardware Dynamic IFT Mechanism That Scales to Complex Open-Source RISC-V Processors


New technical paper titled "CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in Hardware Designs" by researchers at ETH Zurich and Intel.  Paper to be presented at USENIX Security 2022 (August 10-12, 2022) in Boston, MA, USA. Partial Abstract "We introduce CELLIFT, a new design point in the space of dynamic IFT [Information flow tracking] for hardware. C... » read more

Verifying Side-Channel Security Pre-Silicon


As security grows in importance, side-channel attacks pose a unique challenge because they rely on physical phenomena that aren’t always modeled for the design verification process. While everything can be hacked, the goal is to make it so difficult that an attacker concludes it isn't worth the effort. For side-channel attacks, the pre-silicon design is the best place to address any known ... » read more

← Older posts