RuhrSec 2016: "Cache Side-Channel Attacks and the case of Rowhammer", Daniel Gruss скачать в хорошем качестве

RuhrSec 2016: "Cache Side-Channel Attacks and the case of Rowhammer", Daniel Gruss

RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information ... Abstract. Software security relies on isolation mechanisms provided by hardware and operating system. However, isolation mechanisms are often insufficient, for instance due to the existence of caches in hardware and software. Caches keep frequently used data in faster memory to reduce access time and to reduce the access frequency on slower memory. This introduces timing differences that can be exploited in side-channel attacks. The first half of this talk is about state-of-the-art cache side-channel attacks. Most cache attacks target cryptographic implementations and even full key recovery attacks cross-core, cross-VM in public clouds have been demonstrated. We recently found that cache attacks can be fully automatized, cache attacks are not limited to specific architectures, and cache attacks can be implemented based on a variety of hardware features. This broadens the field of cache attacks and increases their impact significantly. The second half of this talk is about the so-called Rowhammer effect, which can be exploited to gain unrestricted access to systems. Recent studies have found that in most DDR3 DRAM modules random bit flips can occur due to the Rowhammer effect. These hardware faults can be triggered by an attacker without accessing the corresponding memory location, but by accessing other memory locations in a high frequency. The first attacks used cache maintenance operations as caches would prevent such frequent accesses. Frequent accesses from JavaScript would allow a remote attacker to exploit the Rowhammer effect. For this purpose it is necessary to defeat the complex cache replacement policies. We showed that this is possible last year. In this talk we will detail how to evaluate the huge parameter space of eviction strategies, discuss intuitive and counter-intuitive timing effects, and thereby close the gap between local Rowhammer exploits in native code and remote Rowhammer exploits through websites. Biography. Daniel Gruss is a PhD Student at Graz University of Technology. He has done his master's thesis on identifying and minimizing architecture dependent code in operating system kernels. Daniel's research focuses on software-based side-channel attacks that exploit timing differences in hardware and operating system. In July 2015, he and his colleagues demonstrated the first hardware fault attack performed through a remote website, known as Rowhammer.js. Speaker: Daniel Gruss ——— 👉 Subscribe to our channel:    / @hackmanit-it-security   👉 Read more about interesting IT Security topics on our blog: https://hackmanit.de/en/blog-en ✍️ Want a deeper dive? Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec conference website: https://www.ruhrsec.de 🌍 Visit our website: https://hackmanit.de/en ✔ Follow RuhrSec on Twitter:   / ruhrsec   ✔ Follow Hackmanit on Twitter:   / hackmanit   Linkedin:   / hackmanit   XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. #cybersecurity #rowhammer #ruhrsec #cyber #talk #conference #itsecurity #itsicherheit #cachsidechannelattack