Faulting Hardware from Software

Presented at DeepSec 2020 „The Masquerade“, Unknown date/time (Unknown duration)

Fault attacks induce incorrect behavior into a system, enabling the compromise of the entire system and the disclosure of confidential data. Traditionally, fault attacks required hardware equipment and local access. In the past five years multiple fault attacks have been discovered that do not require local access, as they can be mounted from software. We will discuss the Rowhammer attack and how it can subvert a system. We then show that a new primitive, Plundervolt, can similarly lead to a system compromise and information disclosure.

Presenters:

• Daniel Gruss - Graz University of Technology
  Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than three years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel's research focuses on side channels and security on the hardware-software boundary. His research team was involved in several vulnerability disclosures, including Meltdown and Spectre. He has co-authored more than 20 top-tier academic publications in the past five years and received several prizes for his research.

Links:

• https://deepsec.net/archive/2020.deepsec.net/speaker.html#PSLOT488

Similar Presentations:

• GrrCON 2015 / This Is All Your Fault
• 32C3 (2015) / Rowhammer.js: Root privileges for web apps?: A tale of fault attacks on DRAM and attacks on CPU caches
• May Contain Hackers (MCH2022) / Fault Injection on a modern multicore System on Chip