TRRespass shows for the first time that state-of-the-art DDR4 DRAM from all major vendors is still vulnerable to practical Rowhammer attacks even though vendors previously claimed their products were Rowhammer-free.
We are proud to announce that Cristiano Giuffrida has won the VMware Early Career Faculty Grant – a program intended to recognize the next generation of exceptional faculty members. A gift to the researcher’s university is made in support of his/her research and to promote excellence in teaching.
Rowhammer, the DRAM vulnerability that was supposedly fixed in DDR4 is not fixed in DDR4. The TRRespass attack shows that DIMMs from all 3 major vendors (good for 95% of the market) are still vulnerable. The news appeared in different international media (see the writeup on NakedSecurity) and in the Netherlands in de Volkskrant. There was a short interview on Radio 1 (22:51 h).
Recently graduated Harry King just won the (university-wide) best bachelor thesis award for his thesis on “Development Tools & Techniques for a More Robust Operating System”. For his thesis project he built an operating system kernel from scratch in Ada. The implementation in Ada allowed him to formally verify the OS components.
Two of VUSec’s papers were nominated for the Best Applied Research Award at CSAW’19 in Valence France: ECCploit and RIDL.
When the dust settled, “RIDL: Rogue In-Flight Data Load”, the paper that was published at Security & Privacy in May and that shows a new class of speculative execution attacks that can leak any “in-flight” data from Intel CPUs won the second place prize for Best Applied Research at CSAW ’19.