Loading...

Clémentine Maurice: "Reverse-engineering CPUs for fun and profit"

1,710 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Nov 24, 2016

Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. Yet, the internal state of a CPU is tightly tied with its microarchitecture, which is becoming increasingly complex and is often undocumented by manufacturers.

In this talk, we present methods to reverse-engineer modern CPU components. In the first part, we present one automatic and generic method to reverse engineer the addressing function of the last-level cache in Intel CPUs, using performance counters. As the last-level cache is shared between cores, we then explain how to use this function in a cross-core side-channel attack. In the second part, we focus on the DRAM addressing function on both x86 and ARM CPUs. We then demonstrate covert and side-channel attacks across CPUs without any shared memory, leveraging DRAM row buffers.

== About the Speaker ==
Clémentine Maurice is a postdoctoral researcher in the Secure Systems group at the Graz University of Technology, in Austria. She obtained her PhD from Telecom ParisTech in October 2015 while working at Technicolor in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis. Among other topics, she is interested in microarchitectural covert and side channels and reverse-engineering processor parts. Her research aims at finding new attack vectors on modern commodity devices such as servers, laptops, desktops and mobile devices. She also led the research on Rowhammer hardware fault attacks in JavaScript through a remote website, an attack also known as Rowhammer.js. She presented her work at several academic conferences and venues like the 32nd CCC and BlackHat Europe.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...