发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security最新文献

筛选
英文 中文
CacheLight: Defeating the CacheKit Attack CacheLight:击败CacheKit攻击
Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2018-01-15 DOI: 10.1145/3266444.3266449
Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn
{"title":"CacheLight: Defeating the CacheKit Attack","authors":"Mauricio Gutierrez, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, Gail-Joon Ahn","doi":"10.1145/3266444.3266449","DOIUrl":"https://doi.org/10.1145/3266444.3266449","url":null,"abstract":"To protect software systems from attacks, ARM introduced a hardware security extension known as TrustZone. TrustZone provides an isolated execution environment, which can be used to deploy various memory integrity and malware detection tools. However, a new type of rootkit, namely CacheKit, can exploit cache incoherency and cache locking mechanisms in TrustZone to hide itself from such inspections. Therefore, it is imperative to design a new approach to ensure the correct use of cache locking and prevent malicious code from being hidden in the cache. In this paper, we present CacheLight, which leverages the TrustZone and Virtualization extensions of the ARM architecture to allow the system to continue to securely provide these hardware facilities to users while preventing attackers from exploiting them. CacheLight restricts the ability to lock the cache to the Secure World of the processor such that the Normal World can still request certain memory to be locked into the cache by the secure operating system (OS) through a Secure Monitor Call (SMC). This grants the secure OS the power to verify and validate the information that will be locked in the requested cache way thereby ensuring that any data that remains in the cache will not be inconsistent with what exists in main memory for inspection. Malicious attempts to hide data can be prevented and recovered for analysis while legitimate requests can still generate valid entries in the cache.","PeriodicalId":104371,"journal":{"name":"Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130538630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Triggering Rowhammer Hardware Faults on ARM: A Revisit 触发ARM上的Rowhammer硬件故障:回顾
Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2018-01-15 DOI: 10.1145/3266444.3266454
Zhenkai Zhang, Zihao Zhan, D. Balasubramanian, X. Koutsoukos, G. Karsai
{"title":"Triggering Rowhammer Hardware Faults on ARM: A Revisit","authors":"Zhenkai Zhang, Zihao Zhan, D. Balasubramanian, X. Koutsoukos, G. Karsai","doi":"10.1145/3266444.3266454","DOIUrl":"https://doi.org/10.1145/3266444.3266454","url":null,"abstract":"The rowhammer bug belongs to software-induced hardware faults, and has posed great security challenges to numerous systems. On x86, many approaches to triggering the rowhammer bug have been found; yet, due to several different reasons, the number of discovered approaches on ARM is limited. In this paper, we revisit the problem of how to trigger the rowhammer bug on ARM-based devices by carefully investigating whether it is possible to translate the original x86-oriented rowhammer approaches to ARM. We provide a thorough study of the unprivileged ARMv8-A cache maintenance instructions and give two previously overlooked reasons to support their use in rowhammer attacks. Moreover, we present a previously undiscovered instruction that can be exploited to trigger the rowhammer bug on many ARM-based devices. A potential approach to quickly evicting ARM CPU caches is also discussed, and experimental evaluations are carried out to show the effectiveness of our findings.","PeriodicalId":104371,"journal":{"name":"Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security","volume":"97 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125140424","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
RSA Signatures Under Hardware Restrictions 硬件限制下的RSA签名
Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2018-01-15 DOI: 10.1145/3266444.3266451
M. Joye, Yan Michalevsky
{"title":"RSA Signatures Under Hardware Restrictions","authors":"M. Joye, Yan Michalevsky","doi":"10.1145/3266444.3266451","DOIUrl":"https://doi.org/10.1145/3266444.3266451","url":null,"abstract":"We would like to compute RSA signatures with the help of a Hardware Security Module (HSM). But what can we do when we want to use a certain public exponent that the HSM does not allow or support? Surprisingly, this scenario comes up in real-world settings such as code-signing of Intel SGX enclaves. Intel SGX enclaves have to be signed in order to execute in release mode, using 3072-bit RSA signature scheme with a particular public exponent. However, we encountered commercial hardware security modules that do not support storing RSA keys corresponding to this exponent. We ask whether it is possible to overcome such a limitation of an HSM and answer it in the affirmative (under stated assumptions). We show how to convert RSA signatures corresponding to one public exponent, to valid RSA signatures corresponding to another exponent. We define security and show that it is not compromised by the additional public knowledge available to an adversary in this setting.","PeriodicalId":104371,"journal":{"name":"Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129969431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信