An Analysis of HMB-based SSD Rowhammer

Rowhammer has been shown to be an extensive attack vector. In the years since its discovery, numerous exploits have been shown, attacking a wide range of targets from kernels, through web browsers to machine learning models. These attack...

View Full Research

Talk: GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer

Industrial-scale reverse engineering affects the majority of companies in the mechanical and plant engineering sector and imposes significant economic damages. Reverse engineering mitigations try to increase the cost involved in reverse en...

View Full Research

Key recovery on static Kyber based on transient execution attacks

Transient execution attacks on modern processors continue to threaten security by stealing sensitive data from other processes running on the same CPU. A recent example is Downfall, which demonstrated how microarchitecture leakage could re...

View Full Research

Poster: LockedApart: Faster GPU Fingerprinting Through the Compute API

WebGL offers website direct access to the GPU, allowing beautiful graphics. The direct hardware access offered by WebGL was also shown to expose multiple security vulnerabilities. In particular, DrawnApart showed that by performing graphi...

View Full Research

REFault: A Fault Injection Platform for Rowhammer Research on DDR5 Memory

DDR5 is showing increased resistance to Rowhammer attacks compared to previous generations. The minimum hammer count (HCmin) is a metric to assess the susceptibility of the DRAM substrate to Rowhammer. Due to the lack of a generic platform...

View Full Research

Flipper: Rowhammer on Steroids

The density of memory cells in modern DRAM is so high that frequently accessing a memory row can flip bits in nearby rows. That effect is called Rowhammer, and an attacker can exploit this phenomenon to flip bits by rapidly accessing the c...

View Full Research

PortPrint: Identifying Inaccessible Code with Port Contention

In many real-world scenarios, being able to infer specific software versions or variations of cryptographic libraries is critical to mounting targeted exploits. For this, traditional version-detection approaches often rely on direct inspec...

View Full Research

Hidden in Plain Sight: Scriptless Microarchitectural Attacks via TrueType Font Hinting

Microarchitectural attacks threaten system security and privacy, especially if they can be mounted without native code execution. Recent research has shown that such attacks are possible from within web browsers via JavaScript and WebAssem...

View Full Research

Poster: A microarchitectural signals analysis platform to craft Hardware Security Counters

Detecting malicious software or hardware behavior during the operation of a computer system requires observables from one or more abstraction layers of the system. However, this abstraction tends to limit the ability to detect behavioral d...

View Full Research

Poster: Isolating PIM from OS Level Adversaries

View Full Research

Poster: Systematic Evaluation of Automated Tools for Side-Channel Vulnerability Detection in Cryptographic Libraries

To protect cryptographic implementations from side-channel vulnerabilities, developers must adopt constant-time programming practices. As these can be error-prone, many side-channel detection tools have been proposed. Despite this, such...

View Full Research

Talk: Blurring Enclave Page Accesses in Space and Time with Compile-Time Instrumentation

This talk overviews our recent work on TLBlur, a novel approach that leverages compiler instrumentation and the recent AEX-Notify hardware extension in modern, off-the-shelf Intel SGX processors to limit the bandwidth of controlled-channel...

View Full Research

Talk: Transient-execution attacks on the CHERI Morello platform

CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common ac...

View Full Research