Daniel Gruss
Assistant Professor
Graz University of Technology, Austria
Microarchitectural Attacks: Arbitrary Read and Write Primitives without any Software Bugs
In this talk, we will discuss microarchitectural attacks which arise from various processor optimizations. Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual machines. Microarchitectural fault attacks exploit the physical imperfections of modern computer systems. Shrinking process technology introduces effects between isolated hardware elements that can be exploited by attackers to take control of the entire system. These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. We will investigate known and new side channels and show that microarchitectural attacks can be fully automated and run in JavaScript or other constrained environments. By the end of the talk we will have built arbitrary read and write primitives, which allow an attacker on an affected system *without any software bugs* to read arbitrary data through the Meltdown attack and to perform arbitrary modifications of data through the Rowhammer attack.
Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than three years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel’s research focuses on side channels and security on the hardware-software boundary. His research team was involved in several vulnerability disclosures, including Meltdown and Spectre. He has co-authored more than 20 top-tier academic publications in the past five years and received several prizes for his research.