Tweetovi

Blokirali ste korisnika/cu @jovanbulck

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jovanbulck

  1. 1. velj

    Impressions from a successful and fun edition of the new hardware-aided trusted computing devroom at

    Poništi
  2. proslijedio/la je Tweet
    1. velj

    About to give a talk at on using and . Come see me in room K.4.601 or hit me up afterwards

    Poništi
  3. proslijedio/la je Tweet
    30. sij

    M. Busi et al., “Provably Secure Isolation for Interruptible Enclaved Execution on Small Microprocessors” […studies problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers…]

    Poništi
  4. proslijedio/la je Tweet
    23. sij

    Jo Van Buck and Daniel Gruss from are comparing a walled Italian village to leaky processors. Lessons from , , at Day Europe.

    Poništi
  5. proslijedio/la je Tweet
    11. sij

    SGX-Step has been a handy tool in many of the works We've done and I'm planning to use it for upcoming future attacks on SGX. Great work! , This list will grow.

    Poništi
  6. 10. sij

    I also added an overview table with all projects that I know of using SGX-Step. I'm planning to keep this list up-to-date. Feel free to reach out if you know of other projects that are not listed below!

    Prikaži ovu nit
    Poništi
  7. 10. sij

    SGX-Step v1.4.0 released with support for x86 ring-0 interrupt handlers and call gates! Allows to build a mini-OS for side-channel research, including easily executing selected functions from a user-space program in privileged ring-0 :-)

    Prikaži ovu nit
    Poništi
  8. proslijedio/la je Tweet
    10. sij
    Odgovor korisnicima

    Besides, finding proper gadgets and exploiting specV1 is as hard as finding a mitigation for it. They are both valid scientific problem.

    Poništi
  9. proslijedio/la je Tweet
    12. pro 2019.
    Poništi
  10. proslijedio/la je Tweet
    11. pro 2019.
    Poništi
  11. proslijedio/la je Tweet

    Malware can fiddle with the power supply to an Intel chip to steal secrets from its SGX secure enclave: Reminds me of the burglars who cut the electricity to a museum in Dresden last month to get past its security alarms:

    Poništi
  12. 10. pro 2019.

    We present TL;DR First ever fault injection attack on Intel SGX enclaves. Abuses an undocumented software-based interface to undervolt the CPU. Extract full crypto keys and trigger memory safety violations in bug-free code. Read the paper at

    , , i još njih 3
    Poništi
  13. proslijedio/la je Tweet
    10. pro 2019.

    Embargo ends - is public: It allows to induce faults into computations in SGX, breaking crypto and corrupting memory. Great collaboration with Kit Murdock, , , , Frank Piessens!!

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet

    If there's somethin' stored in a secure enclave, who ya gonna call? Membuster!

    Poništi
  15. 14. stu 2019.

    Slides for our talk on assessing the vulnerability of enclaves and fortresses now available at cc

    Poništi
  16. proslijedio/la je Tweet
    13. stu 2019.
    Poništi
  17. proslijedio/la je Tweet
    12. stu 2019.

    Playing capt’n obvious here but this research in SGX SDK/runtime vulnerabilities reiterates that SGX based protection of workloads/applications relies on quality of the code inside enclaves Paper: [pdf]

    Poništi
  18. proslijedio/la je Tweet
    12. stu 2019.

    This was a massive research project that took months to complete and teams at 2 universities. Basically, academics manually audited the entry/exit functions of all major enclave SDKs, a colossal effort. The flaws they found could allow attackers to exfiltrate data from enclaves

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    12. stu 2019.

    Of all issues they found, the five in the SGX-SDK and OpenEnclave were the most dangerous, as these are the most common enclave SDKs used in production environments, such as AWS and Azure.

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    12. stu 2019.

    Academics perform a manual code audit of 8 enclave SDKs and find 35 vulnerabilities > 5 vulnerabilities received a CVE > issues privately reported and already fixed > issued found in all 8 tested SDKs

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·