|
Daniel Moghimi
@
danielmgmi
Worcester, MA
|
|
Ph.D Candidate @WPI, Hacker, Reverse Engineer, Vuln Hunter #mdsattacks #zombieload #sidechannel tpm.fail
|
|
|
684
Tweetovi
|
435
Pratim
|
554
Osobe koje vas prate
|
| Tweetovi |
|
Daniel Moghimi
@danielmgmi
|
1. velj |
|
Are you planning to buy a house?!
|
||
|
|
||
| Daniel Moghimi proslijedio/la je tweet | ||
|
Shelby Thomas
@realshelbyt
|
1. velj |
|
Often find myself going back to this outline when I have a mental block writing a paper abstract. Hopefully it's useful for others too. (feat. Me and John Wilkes from Google)
shelbyt.github.io/abstracts.html
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
28. sij |
|
Sure. My DM is open.
|
||
|
|
||
| Daniel Moghimi proslijedio/la je tweet | ||
|
Daniel Gruss
@lavados
|
27. sij |
|
We sent this #zombieload PoC to Intel on May 16, just hours after we got access to the patches. The #zombieload paper from last year already describes the issue. Media already reported about it in November: zdnet.com/article/intels…
Where's the news? #MDS #L1DES twitter.com/mlqxyz/status/…
|
||
|
|
||
| Daniel Moghimi proslijedio/la je tweet | ||
|
halvarflake
@halvarflake
|
18. sij |
|
It is fascinating to think about the fact that CPUs have for decades been designed partially by measuring existing code, and optimizing for it. And code by measuring CPUs. That implies that tiny compiler choices in the 80s have echoes in todays CPU hardware.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
15. sij |
|
As somebody who works in tech and read lots of technical materials (papers, news, blogs, articles) every day. How many non-tech books (novel, fiction, history, art, etc.) do you read per year?
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
14. sij |
|
IMO, In general, anything that makes IoT different from a normal general purpose computer can define IoT security problems. Counter example: "Popping shell through a stack overflow vuln" is a generic security problem, and it's not specific to IoT.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
14. sij |
|
Applied cryptography is a different game on a low-powered device. Though that's a problem for any tiny computer and wearable devices.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
14. sij |
|
Moving targets, actuators and sensors introduce new privacy/safety/security issues that may not apply to normal computers. Though most IoT devices on market are just toys with an embedded CPU.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
11. sij |
|
SGX-Step has been a handy tool in many of the works We've done and I'm planning to use it for upcoming future attacks on SGX. Great work! @jovanbulck, This list will grow. twitter.com/jovanbulck/sta…
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
I'm not making any assumption. I just added these references for the context, just in case anybody is interested in the discussion.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
Lol, cause I couldn't find you to talk.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
More on uarch defense for Spectre:
Speculative Taint Tracking (STT): A Comprehensive Protection
for Speculatively Accessed Data
Context-sensitive fencing: Securing speculative execution via microcode customization
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
You like or not, Intel already has pushed similar ideas as context to prototypes: "Speculative Access Protected Memory" by the Intel STORM
And the challenges you are talking about are what make PL people actually on business.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
You already have to mark which branches to add lfences or you would end up adding lfences everywhere (essentially disabling the benefits of speculation). How is that not a problem, but marking secrets is a problem?
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
Can you please share your findings? Is there any CVE or patch for these vulnerabilities you have found?
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
Yes Spectre v1. My point 1) The community don't know the risk of this yet to care about immediate hardware changes. 2) There are already proposals how to support the OS/compiler for mitigation, so it's not true to say vendors are totally clueless how to mitigate this.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
Besides, finding proper gadgets and exploiting specV1 is as hard as finding a mitigation for it. They are both valid scientific problem.
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
E.g. ConTExT: Leakage-Free Transient Execution can mitigate this for crypto at least. And there are similar patents and white papers by Nvidia and Intel. There will be another 10 different ways to make annotated secret to not be accessible in the transient domain (by uarch folks)
|
||
|
|
||
|
Daniel Moghimi
@danielmgmi
|
10. sij |
|
... and for the software to conform to these rules, decades or years is more or less depends how much the industry care about these problems and it's not that we don't have the technical capability to stop them.
|
||
|
|
||