Drammer wins the Dutch Cyber Security Research Paper Award!

During the ICT.Open 2017 conference in de Flint Amersfoort, Victor won  the best Dutch Cyber Security Research Paper (DCSRP) award for Drammer. Published at the CCS’16 conference in Vienna, Drammer shows hardware bit flips on mobile devices and their reliable exploitation for the first time.

DCSRP recognizes the best recent non-commercial scientific cyber security research paper in the Netherlands. More information can be found here.

Share on FacebookTweet about this on TwitterShare on Google+Email this to someonePrint this page

ASLR^Cache or AnC: A MMU Sidechannel breaking ASLR from Javascript, and media coverage

Today we announce ASLR^Cache, a MMU sidechannel exploiting a micro-architectural property of all modern CPU models. This signal is even visible from Javascript and breaks ASLR in sandboxed environments. The name ASLR^Cache (or simply AnC) is a reference to the fact that ASLR and CPU caches are mutually exclusive on modern architectures. For more information, please see our AnC project page.

Press outlets and other organisations have picked up on this work: wiredarstechnica, ACM Tech NewsNCSCbleepingcomputer.comTom’s Hardwaresecurity.nltheregistertweakers.netdigitaljournal.comCSO Australiahackadayslashdotsecurityweek.comheise.detheinquirer.netitnews.com.au, eejournal.comhabrahabr.ruimpress.co.jppaper.li, boingboing.net.

Also some of our favourite podcasts picked it up: securitynow episode 600,  ISC Internet Storm Center podcast, risky.biz episode #444.

Share on FacebookTweet about this on TwitterShare on Google+Email this to someonePrint this page

Drammer in the news

Drammer was presented at CCS 2016 3 weeks ago. Our work shows that the Rowhammer hardware vulnerability is prevalent on mobile devices and that attackers can exploit it in a deterministic manner (a la Flip Feng Shui).

Press, Vendor Coverage & Discussion

After initial coverage in the form of two written articles by Ars Technica and WIRED, and a podcast from Security Now!, Drammer was quickly picked up by the mainstream press. International items include:  Daily Mail, PCWorld, SoftpediaSlashdotTech TimesThe RegisterFossbytes, The InquirerDigital JournalHack ReadSC Magazine, Threatpost, BetaNewsGamenguide, TechTarget, BleepingComputer, NDTV, On the Wire, and InvestorPlace.

Other local items popped up in Argentina (Segu-info), Austria (Der Standard), Belgium (DeMorgen), China (Freebuff, Sohu, EEPW), Czech Republic (Svět Androida), Denmark (Version2), France (Silicon, Le Monde Informatique, Informanews), Germany (Der Spiegel, Golem.de, Pro-Linux, Crn.de, JAXenter, Computer Bild , t3n Magazine, Netzwelt.de), Hungary (HWSW), Italy (Repubblica.it, Punto Informatico, Gadgetblog.it, Tutto Android), Mexico (PCWorld Mexico), The Netherlands (NU.nl, Tweakers.net, Crimesite), Norway (Digi.no), Poland (eGospodarka, Softonet, PCLab.pl, Dobreprogramy, PC Format, Telix.pl), Russia (Хакер, Securitylab.ru), Slovakia (Živé.sk), Spain (López Dóriga, CSO, El Android libre), Switzerland (Neue Zürcher Zeitung), Taiwan (iThome), Turkey (Teknokulis, CHIP, Webtekno), and Ukraine (KO).

Bruce Schneier linked to our project page and we made it to the front page of The Hacker News. Shortly after, Drammer prompted Rowhammer mitigation efforts on LWN and was discussed by Linus Torvalds on Alan Cox’ Google Plus post. We caused a spike in Google queries for Rowhammer, approaching its popularity from 2015, when Google’s Project Zero released the Rowhammer-based exploit.

The Drammer paper (pdf) was accessed over 25k times, while our github repository received 913 unique views and 83 unique clones.

Drammer made an appearance on Dutch national television in an episode of De Universiteit van Nederland (“The University of The Netherlands”).

Share on FacebookTweet about this on TwitterShare on Google+Email this to someonePrint this page