Two of VUSec’s papers were nominated for the Best Applied Research Award at CSAW’19 in Valence France: ECCploit and RIDL.
When the dust settled, “RIDL: Rogue In-Flight Data Load”, the paper that was published at Security & Privacy in May and that shows a new class of speculative execution attacks that can leak any “in-flight” data from Intel CPUs won the second place prize for Best Applied Research at CSAW ’19.
After a long embargo period of 9 months we made our paper RIDL: Rogue In-Flight Data Load available to the general public. RIDL introduces a new class of speculative execution attacks that can leak any “in-flight” data available in the CPU.
More information (including some nice demo videos) are available at https://mdsattacks.com. We have also released a tool that you can use to see how vulnerable your computer is to different speculative execution attacks.
VUSec researcher Pietro Frigo won the Code Blue Young Researcher Award and because he is now rich, he promises to buy us all drinks for the remainder of his Ph.D. The corresponding paper (“Grand Pwning Unit“) shows how to use the GPU to boost microarchitectural attacks (such as cache side channels and Rowhammer). Here is a picture of the lucky winner:
This year, TLBleed will be presented at Blackhat USA. TLBleed is a new side channel attack that exploits the TLB rather than CPU caches to infer activity from a co-resident hyperthread, the full details of which we have not yet released.
Hope to see you in Vegas!
Systems and Network Security Group at VU Amsterdam