DeepSec2020 Talk: Faulting Hardware from Software – Daniel Gruss
Fault attacks induce incorrect behavior into a system, enabling the compromise of the entire system and the disclosure of confidential data. Traditionally, fault attacks required hardware equipment and local access. In the past five years multiple fault attacks have been discovered that do not require local access, as they can be mounted from software.
We will discuss the Rowhammer attack and how it can subvert a system. We then show that a new primitive, Plundervolt, can similarly lead to a system compromise and information disclosure.
We asked Daniel a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- Software-based fault attacks, like Rowhammer, enables unprivileged attackers to manipulate hardware
- Hardware flaws can lead to privilege escalation and a full system compromise
- Plundervolt is another fault attack we discovered
- Plundervolt can even manipulate the high security SGX environment
- People prefer performance (undervolting) over security
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Well, the Plundervolt paper: https://plundervolt.com/
Why do you think this is an important topic?
For years we’ve been wondering whether there are more software-based fault attacks than Rowhammer on x86, and… there are.
Is there something you want everybody to know – some good advice for our readers maybe?
Unprivileged software can manipulate hardware to manipulate privileged software into making the unprivileged software privileged.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
We will see more software-based fault attacks, based on various hardware elements.
Daniel Gruss (@lavados) is an Assistant Professor at Graz University of Technology. He finished his PhD with distinction in less than three years. He has been involved in teaching operating system undergraduate courses since 2010. Daniel’s research focuses on side channels and security on the hardware-software boundary. His research team was involved in several vulnerability disclosures, including Meltdown and Spectre. He has co-authored more than 20 top-tier academic publications in the past five years and received several prizes for his research.