Guest talk: Reverse-engineering CPUs for fun and profit |
|
||||
|
|||||
Clémentine Maurice, postdoctoral researcher in the Secure Systems Group of the Institute of Applied Information Processing and Communications of TU Graz, gives a talk on "Reverse-engineering CPUs for fun and profit". Abstract: Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. Yet, the internal state of a CPU is tightly tied with its microarchitecture, which is becoming increasingly complex and is often undocumented by manufacturers. In this talk, we present methods to reverse-engineer modern CPU components. In the first part, we present one automatic and generic method to reverse engineer the addressing function of the last-level cache in Intel CPUs, using performance counters. As the last-level cache is shared between cores, we then explain how to use this function in a cross-core side-channel attack. In the second part, we focus on the DRAM addressing function on both x86 and ARM CPUs. We then demonstrate covert and side-channel attacks across CPUs without any shared memory, leveraging DRAM row buffers. This event is hosted as a joint activity by the Vienna ACM SIGSAC Chapter and the IEEE CS/SMCS Austria Chapter. |
|||||
Location SBA Research, Vienna | |||||
Contact Bettina Bauer |