Pinned Tweet
Show this thread
Follow
Click to Follow lavados
Daniel Gruss
@lavados
#InfoSec Professor @ #TUGraz. #meltdown, #spectre, #rowhammer, cache attacks. Creating a side channel security sitcom. @lavados@infosec.exchange
Daniel Gruss’s Tweets
Speakers include , , , Sebastien Bardin (), , , , , , Noémie Véron, Marcel Moritz, Frederic, Recoules...
All registration informations here: s3.eurecom.fr/~aurel/summer-
1
3
8
Show this thread
Today is the release of the final episode of #SideChannelSecurity. The topic is page cache attacks and it will also have a brief recap all of the 30 episodes.
youtube.com/watch?v=z1LX4B
We have a few special appearances in there ;)
6
21
Our paper "A Security Analysis of CNC Machines in Industry 4.0" has been accepted at DIMVA 2023. Thanks to all my co-authors, Trend Micro and Celada for supporting the research // cc
1
5
#DIMVA Program is up: 14 paper presentations, one panel, 3 keynotes, and the DIMVA tools arsenal. dimva2023.de/program/
Register here and join us in Hamburg from July 12-14th: dimva2023.de/registration/
7
10
📢 The #DIMVA23 Call for Tools is up!
dimva2023.de/cft/
Send us your proposal by June 1st. We are looking forward to seeing your tools in action!
5
8
Don't miss the early bird registration for DIMVA, ending June 10! We have a fantastic program in the beautiful city of Hamburg.
2
3
The program for DIMVA is now available online: dimva2023.de/program/
Congratulations to all the authors whose papers have been accepted.
The registration is now also open. Don't miss out on the early bird registration, open until June 10th.
6
10
Check out the DIMVA 2023 program at dimva2023.de/program/ and join us in Hamburg from July 12 to 14! #dimva2023
DIMVA Tools Arsenal Submissions still possible until June 1st.
Early Registration Deadline: June 10th.
13
22
🏆🏆*WOOT 2023 BEST PAPER AWARD* 🏆🏆
"CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode"
Congratulation to the authors!!!
1
14
57
Man kann die #LetzteGeneration für die Wahl ihrer Mittel kritisieren, aber wenn der Staat all die Energie, die er für den Kampf gegen Klimaaktivist*innen aufbringt, in den Kampf gegen die Klimakatastrophe stecken würde, hätten wir kein Problem.
1,575
2,415
12.5K
While many new side channel attacks are presented, cache attacks are still around, easy to use and unmitigated.
In Scatter and Split Securely shows a new cache design with a very neat hiding property that automatically hides victim cache lines from an attacker.
#SP23
3
12
By causing traffic jams inside the CPU shows that it is possible to steal RSA keys over VM boundaries.
SQUIP exploits the shared μOP scheduler of AMD CPUs to get information about executed instructions on the SMT sibling core.
#SP23
4
26
Can we protect the last-level cache against side-channel attacks?
Randomization defenses provide incomplete protection. Partitioning is hard to scale.
Can we use fancy crypto to deliver the best of both worlds in a low-overhead HW defense?
[SassCache, by ] #SP23
1
5
9
Show this thread
Don't you just hate queueing?
Poor CPU instructions are in the Q all the time🥺
Q contention leaks across hyperthreads.
"Are CPU timestamps accurate enough to measure it?"
No, but we can put *them* in the Q and see how quickly they execute!
[SQUIP, by ] #SP23
1
4
10
Show this thread
If you're trying to follow what's happening at #SP23, again has an amazing summary for several of the sessions!
Quote Tweet
This year's S&P also has many fine talks for the µarch security aficionado.
Let's try another round of live-tweeting. #SP23 @IEEESSP twitter.com/PurnalToon/sta…
Show this thread
1
9
Great talk by at about CSI:Rowhammer!
This mitigation completely changes the game and has a lot of implications beyond mitigating Rowhammer. This might become a very influential #SP23 paper.
jonasjuffinger.com/papers/csirowh
4
24
Rowhammer is a sneaky suspect: ECC doesn't catch it!
Let's up our game and use a fast cryptographic MAC instead.
"MACs can't correct errors."
Wrong! Well, right, but creative brute-force error correction is practical😎
[CSI: Rowhammer, by Special Agent ] #SP23
1
5
14
Show this thread
CSI:Rowhammer talk at now, check out the amazing trailer produced:
youtu.be/P6dQlkJTPBY
This could really be the end of #rowhammer
#SP23 /cc
3
13
Memory compression can leak your data over the internet due to a timing side-channel!
Great talk by at
martinschwarzl.at/publication/sc
6
44
Quote Tweet
Actually, with so much cool research in uarch security at @USENIXSecurity, I’d like to try and livetweet a bit about the talks that are most interesting to me. Let’s see if I can keep up. #usesec22 twitter.com/PurnalToon/sta…
Show this thread
1
10
29
Show this thread
1
3
12
Show this thread
Tomorrow we'll have 4 talks from our research group at by and ! See you there!
2
20
It has been an honor collaborating with some of the brightest people I could have ever imagined.
A deep thanks to for your inspiring research and all the mind enriching collaborations: in your group I met some of the smartest and most talented people in the area.
3/N 🧵
2
2
13
Show this thread
I love this paper.
I spent over 20 hours revising a manuscript last week that had positive comments. Reviewer 2 even said “accept this article” as the ONLY comment!
Yet, still 20+ hours and 2 hours navigating the submission portal.
Can your next paper fix the websites… Show more
Quote Tweet
Ever wondered how long it takes to reformat papers for journal submissions?
We did, and decided to write about it! We calculated time and money lost, interviewed journal editors and researchers, and developed some new guideline propositions.
Read here: bmcmedicine.biomedcentral.com/articles/10.11
2
7
27
It's ShowTime! We discovered how to mount CPU timing attacks with... the human eye? 👀
How? Find out in our (w/ ) new paper "ShowTime: Amplifying Arbitrary CPU Timing Side Channels".
To appear at AsiaCCS '23: antoonpurnal.github.io/files/pdf/Show
3
28
71
Show this thread
"Gleichwohl diese Lösung anmutig erscheint, ..." Ich breche weg! 😂 Es ist wohl auch dieser Humor, warum ich mir als Laie gerne Content zu Side-Channel Security von der TU Graz gebe. Mehr davon gibt es auf #YouTube #SideChannelSecurity youtube.com/@SideChannelSe
Quote Tweet
Here's the "Der 7. Sinn" Parody from our #ruhrsec talk about the SQUIP side channel: youtu.be/xGmdaVScTi4
Here's our @IEEESSP paper on that topic: gruss.cc/files/squip.pdf
cc @notbobbytables
1
1
4
Here's the "Der 7. Sinn" Parody from our #ruhrsec talk about the SQUIP side channel: youtu.be/xGmdaVScTi4
Here's our paper on that topic: gruss.cc/files/squip.pdf
cc
1
7
13
Now live at #RuhrSec 2023
"SQUIP or Why We Need to Study Processors Like Nature"
by and .
Conference program, more information and details on our website:
🌐 ruhrsec.de/2023/
#itsecurity #itsicherheit #cybersicherheit #conference #cybersecurity… Show more
read image description
ALT
5
19
Third round - It’s ShowTime!
"ShowTime: CPU Timing Attacks With the Human Eye"
by and .
Conference program, more information and details on our website:
🌐 ruhrsec.de/2023/
#itsecurity #itsicherheit #cybersicherheit #conference #cybersecurity… Show more
read image description
ALT
1
7
16
War für mich einer der interessantesten Momente beim Bier mit am Austrian Computer Science Day 2018 zu verstehen, dass seine Herangehens- und Arbeitsweise stark natur- und weniger ingenieurwissenschaftlich geprägt ist! Anscheinend fordern komplexe Multiskalensysteme das.
Quote Tweet
Now live at #RuhrSec 2023
"SQUIP or Why We Need to Study Processors Like Nature"
by @notbobbytables and @lavados.
Conference program, more information and details on our website:
ruhrsec.de/2023/
#itsecurity #itsicherheit #cybersicherheit #conference #cybersecurity… Show more
ruhrsec.de/2023/
#itsecurity #itsicherheit #cybersicherheit #conference #cybersecurity… Show moreread image description
ALT
1
2
Significant USENIX Security papers published at least 10 years ago can be considered for the 2023 USENIX Security Test of Time Award. Submit your nomination for this year's award by June 1: bit.ly/usesectot #usesec23
5
7
Announcement! is opening an assistant professor position in systems security!
In particular, on the topic of vulnerability detection, analysis, exploitation, and/or remediation. See the full offer here:
eurecom.fr/en/job/digital
Feel free to ask me for any questions!
44
46
This is probably the best article about cryptocurrency I have ever read: blog.dshr.org/2023/04/crypto
8
80
215
Starting into the final season of #SideChannelSecurity we discuss #Rowhammer: youtube.com/watch?v=QfC6Jg
We also prepared an exercise where you actually implement a #Rowhammer attack, and use #Rowhammer then to induce and exploit bit flips in a target application.
5
18
The WOOT papers are finalized! 16 accepted papers out of 30 submissions. Huge congrats to all authors with accepted papers! Student authors, don't forget to apply for Travel Grant (deadline *April 5th*) here: ieee-security.org/TC/SP2023/trav
🤯 More exciting news soon, stay tuned!
GIF
read image description
ALT
15
24
📢 We are hiring! If you are into the security of low-level things such as kernels, compilers, hardware designs and like to do your PhD in ETH's top-notch environment, you should definitely consider applying! #PhD #Security #HDL #RISCV #Rowhammer #Spectre jobs.ethz.ch/job/view/JOPG_
20
52
Does this still work? I have awesome news: DRAMSec '23 is happening! dramsec.ethz.ch
Here are ten reasons (+ backstory) on why you should submit your work on memory security, get feedback from industry and academia experts, and profit! 👇
2
9
18
Show this thread
I am happy to announce the release of the sev step framework.
It provides functionality similar
to the famous sgx step but for AMD SEV.
While there are still some rough edges, I hope that
it facilitates new attack research on AMD SEV.
Check it out at
12
36