1

CacheWarp: Software-based Fault Injection using Selective State Reset

AMD SEV is a trusted-execution environment (TEE), providing confidentiality and integrity for virtual machines (VMs). With AMD SEV, it is possible to securely run VMs on an untrusted hypervisor. While previous attacks demonstrated architectural …

INDIRECT MELTDOWN: BUILDING NOVEL SIDE-CHANNEL ATTACKS FROM TRANSIENT EXECUTION ATTACKS

The transient-execution attack Meltdown leaks sensitive information by transiently accessing inaccessible data during out-of-order execution. Although Meltdown is fixed in hardware for recent CPU generations, most currently-deployed CPUs have to rely …

REVIVING MELTDOWN 3A

Since the initial discovery of Meltdown and Spectre in 2017, different variants of these attacks have been discovered. One often overlooked variant is Meltdown 3a, also known as Meltdown-CPL-REG. Even though Meltdown-CPL-REG was initially discovered …

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs

Microarchitectural attacks threaten the security of computer systems even in the absence of software vulnerabilities. Such attacks are well explored on x86 and ARM CPUs, with a wide range of proposed but not-yet deployed hardware countermeasures. …

(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels

In the last years, there has been a rapid increase in microarchitectural attacks, exploiting side effects of various parts of the CPU. Most of them have in common that they rely on timing differences, requiring a high-resolution timer to make …

EOSAFE: Security Analysis of EOSIO Smart Contracts

The EOSIO blockchain, one of the representative Delegated Proof-of-Stake (DPoS) blockchain platforms, has grown rapidly recently. Meanwhile, a number of vulnerabilities and high-profile attacks against top EOSIO DApps and their smart contracts have …