Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

Following on from Meltdown and Spectre: TU Graz researchers discover new security flaws

15.05.2019

ZombieLoad and Store-to-Leak Forwarding impact on the security of Intel computer processors. The patches developed last year are ineffective, so new updates and security solutions will be necessary.

ZombieLoad and Store-to-Leak Forwarding are the names of the new exploits which have just been announced by TU Graz security researchers Daniel Gruss, Moritz Lipp, Michael Schwarz and an international team. The three computer scientists were together with TU Graz Professor Stefan Mangard part of the team which discovered the serious security flaws Meltdown and Spectre last year.


Following the discoveries of Meltdown and Spectre, TU Graz researchers Michael Schwarz, Daniel Gruss and Moritz Lipp (from left) have uncovered two serious new security flaws in computer processors.

© Lunghammer - TU Graz

ZombieLoad

ZombieLoad uses a similar approach to Meltdown. In order to enable faster processing, computer systems prepare several tasks in parallel, before discarding the ones that are either not needed or for which the necessary permissions have not been given. Due to the way processors are designed, they always have to pass on data, even if it is not correct.

The check for permission only happens once sensitive processing steps, which depend on assumptions made by the computer system, have already been prepared. “In the split second between the command and the check, using this new form of attack we can see the pre-loaded data from other programs,” explains Gruss. In other words, the researchers can read what the computer is currently processing.

The KAISER patch developed by a team at TU Graz provided a simple solution for Meltdown, which affected the speed of a computer. Coming up with a solution for ZombieLoad attacks could be more difficult, says Gruss:

“Every CPU has multiple cores, and each of these cores is also split in two. This means several programs can run simultaneously. We think that one of these two parts of each core has to be disabled.” That would mean a 50% drop in performance. Or in clouds, which are also vulnerable to this method of attack, 50% fewer potential users on the same hardware.
All processors developed by Intel that were manufactured between 2012 and the beginning of 2018 are affected. More information: https://zombieload.com/zombieload.pdf

Store-to-leak forwarding

Store-to-leak forwarding also reads pre-loaded data by exploiting the efficient way in which computer processors function. “The computer assumes that I want to use the data which I have just written to the processor again right away. So it keeps it in the buffer for faster access,” explains Gruss. This functionality can also be used to determine the architecture of the computer processor and find the exact location where the operating system is running. “If I know exactly where the processor is running the operating system, then I can launch targeted attacks against flaws in the operating system.” More information: https://cpu.fail/store-to-leak.pdf

New updates urgently required

The researchers immediately reported their discoveries to Intel, which has been working on a solution ever since. “Computer users should install all new updates without delay to ensure that their systems are protected,” recommends Gruss.

The research was funded by the ERC project Sophia, the project DESSNET and the project ESPRESSO as well as by a donation from the manufacturer Intel.

Research partners:
Daniel Gruss, Moritz Lipp, Michael Schwarz, Claudio Canella und Lukas Giner – Graz University of Technology (TU Graz)
Daniel Moghimi, Worcester Polytechnic Institute
Jo Van Bulck, imec-DistriNet, KU Leuven
Julian Stecklina, Cyberus Technology
Thomas Prescher, Cyberus Technology

Wissenschaftliche Ansprechpartner:

Graz University of Technology ( TU Graz)
Institute of Applied Information Processing and Communications
Inffeldgasse 16a, 8010 Graz, Austria
www.tugraz.at

Daniel GRUSS
Ass.Prof. Dipl.-Ing. Dr.techn. BSc
Phone: +43 316 873 5544
Email: daniel.gruss@iaik.tugraz.at

Moritz LIPP
Dipl.-Ing. BSc
Phone: +43 316 873 5563
Email: moritz.lipp@.iaik.tugraz.at

Michael SCHWARZ
Dipl.-Ing. BSc
Phone: +43 316 873 5537
Email: michael.schwarz@.iaik.tugraz.at

Originalpublikation:

https://zombieload.com/zombieload.pdf
https://cpu.fail/store-to-leak.pdf

Weitere Informationen:

https://www.tugraz.at/en/tu-graz/services/news-stories/media-service/singleview/...

Barbara Gigler | Technische Universität Graz

More articles from Information Technology:

nachricht 5G is smartening up production
23.08.2019 | Fraunhofer-Institut für Produktionstechnologie IPT

nachricht Software for diagnostics and fail-safe operation of robots developed at FEFU
23.08.2019 | Far Eastern Federal University

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Hamburg and Kiel researchers observe spontaneous occurrence of skyrmions in atomically thin cobalt films

Since their experimental discovery, magnetic skyrmions - tiny magnetic knots - have moved into the focus of research. Scientists from Hamburg and Kiel have now been able to show that individual magnetic skyrmions with a diameter of only a few nanometres can be stabilised in magnetic metal films even without an external magnetic field. They report on their discovery in the journal Nature Communications.

The existence of magnetic skyrmions as particle-like objects was predicted 30 years ago by theoretical physicists, but could only be proven experimentally in...

Im Focus: Physicists create world's smallest engine

Theoretical physicists at Trinity College Dublin are among an international collaboration that has built the world's smallest engine - which, as a single calcium ion, is approximately ten billion times smaller than a car engine.

Work performed by Professor John Goold's QuSys group in Trinity's School of Physics describes the science behind this tiny motor.

Im Focus: Quantum computers to become portable

Together with the University of Innsbruck, the ETH Zurich and Interactive Fully Electrical Vehicles SRL, Infineon Austria is researching specific questions on the commercial use of quantum computers. With new innovations in design and manufacturing, the partners from universities and industry want to develop affordable components for quantum computers.

Ion traps have proven to be a very successful technology for the control and manipulation of quantum particles. Today, they form the heart of the first...

Im Focus: Towards an 'orrery' for quantum gauge theory

Experimental progress towards engineering quantized gauge fields coupled to ultracold matter promises a versatile platform to tackle problems ranging from condensed-matter to high-energy physics

The interaction between fields and matter is a recurring theme throughout physics. Classical cases such as the trajectories of one celestial body moving in the...

Im Focus: A miniature stretchable pump for the next generation of soft robots

Soft robots have a distinct advantage over their rigid forebears: they can adapt to complex environments, handle fragile objects and interact safely with humans. Made from silicone, rubber or other stretchable polymers, they are ideal for use in rehabilitation exoskeletons and robotic clothing. Soft bio-inspired robots could one day be deployed to explore remote or dangerous environments.

Most soft robots are actuated by rigid, noisy pumps that push fluids into the machines' moving parts. Because they are connected to these bulky pumps by tubes,...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

VideoLinks
Industry & Economy
Event News

The power of thought – the key to success: CYBATHLON BCI Series 2019

16.08.2019 | Event News

4th Hybrid Materials and Structures 2020 28 - 29 April 2020, Karlsruhe, Germany

14.08.2019 | Event News

What will the digital city of the future look like? City Science Summit on 1st and 2nd October 2019 in Hamburg

12.08.2019 | Event News

 
Latest News

Making small intestine endoscopy faster with a pill-sized high-tech camera

23.08.2019 | Medical Engineering

More reliable operation offshore wind farms

23.08.2019 | Power and Electrical Engineering

Tracing the evolution of vision

23.08.2019 | Life Sciences

VideoLinks
Science & Research
Overview of more VideoLinks >>>