IEEE CS Webinar: IEEE Oregon Section Technical Seminar - Meltdown trilogy: Exploiting Microarchitectural Flaws to Leak Data Across Security Boundaries

#Computer #Society #Oregon #Security #Side #Channel #Attacks #Microarchitectural #Flaws #Data #Leakage #Across #Boundaries #Meltdown
Share

Guest Speaker: Daniel Moghimi, Senior Research Scientist, Google  

Venue: Online

When: Feb 29th 6-7 pm


We hope to have you for another interesting talk by one of the experts that we invite from academia, industry, and government.   

* As this online event is free and open to non-IEEE members, please feel free to share it with your colleagues, students, classmates, etc.

* For the abstract and biography of the speaker, please refer to the speakers section below.

* Please note that you will receive a registration confirmation email after you register for the event and you will receive a separate email containing the invite to the meeting later. You can add the link to the meeting invite to your calendar manually as the calendar invite does not get updated automatically.  



  Date and Time

  Location

  Hosts

  Registration



  • Date: 29 Feb 2024
  • Time: 06:00 PM to 07:00 PM
  • All times are (UTC-08:00) Pacific Time (US & Canada)
  • Add_To_Calendar_icon Add Event to Calendar
If you are not a robot, please complete the ReCAPTCHA to display virtual attendance info.
  • Contact Event Host
  • Sohrab Aftabjahani, PhD

    IEEE Oregon Section Computer Society Chapter Chair

    Senior IEEE Member, Senior ACM Member

    aftabjahani[AT-Sign]ieee.org

  • Starts 27 February 2024 03:00 AM
  • Ends 29 February 2024 05:30 PM
  • All times are (UTC-08:00) Pacific Time (US & Canada)
  • No Admission Charge


  Speakers

Daniel Moghimi Daniel Moghimi

Topic:

Meltdown trilogy: Exploiting Microarchitectural Flaws to Leak Data Across Security Boundaries

Abstract:

Downfall is a new security vulnerability linked to Meltdown and microarchitectural data sampling attacks. These threats compromise the security of computers worldwide. Despite industry efforts over the past five years to fix data leakage caused by the transient execution of instructions that load data, we've discovered that the "Gather" instruction in high-performance Intel CPUs can still leak data across user-kernel boundaries, processes, virtual machines, and trusted execution environments. Our research reveals that current defenses are ineffective, highlighting the need for crucial hardware fixes and security updates for commonly used client and server computers

During this presentation, we'll start by discussing Meltdown-type microarchitectural attacks. We'll provide a brief overview of their history, impact, current mitigation efforts, and affected platforms. Next, we'll delve into the SIMD Gather instruction, explaining how it can be exploited to leak data through Gather Data Sampling (GDS) technique. We'll explore the vulnerability's impact on various instructions and workloads, and finally showcase end-to-end key-stealing attacks, such as extracting 128-bit and 256-bit AES keys from OpenSSL.

To wrap up, we'll cover mitigation options, key takeaways, and future directions for addressing this class of microarchitectural flaws.

 

 

Biography:

Daniel Moghimi is a Senior Research Scientist at Google. Before that, he was a postdoctoral scholar at UCSD. He has a PhD in Electrical and Computer Engineering and an MSc in Computer Science from WPI. He works on computer and hardware security, spanning various topics such as microarchitectural vulnerabilities, side-channel cryptanalysis, and security architecture. His research has improved the security of superscalar CPUs, memory subsystems, and cryptographic implementations, which billions of users use daily..

 

Address:United States





Brought to you by Computer Society - Oregon Chapter .

* Please contact Sohrab Aftabjahani , IEEE Oregon Computer Society Chapter Chair, if you are interested to serve as an officer for this chapter as a few officer positions are open.