The Experts below are selected from a list of 15831 Experts worldwide ranked by ideXlab platform
Youngjoo Shin - One of the best experts on this subject based on the ideXlab platform.
-
AsiaCCS - High Efficiency, Low-noise Meltdown Attack by using a Return Stack Buffer
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019Co-Authors: Taehyun Kim, Youngjoo ShinAbstract:Meltdown attack exploits out-of-order execution in modern micro-architectures to extract sensitive data in kernel space of operating systems. Out-of-order execution opens a window of transient execution in which unauthorized access to kernel space is allowed. The original Meltdown attack utilizes an OS signal handler and hardware transactional memory support (e.g., Intel TSX) to create transient executions. Both methods, however, restrict the effectiveness of the attack due to a large amount of system noise from signal handlers and a limited number of processors that support TSX. To overcome this limitation, we propose a new variant of Meltdown attack by using a return stack buffer (RSB). Without the aid of TSX, the proposed attack introduces lower level of noise than the signal handler-based method, which broadens the impact of Meltdown attacks to a wide range of processors. We conclude this paper by presenting several countermeasures against the proposed attack.
-
Reinforcing Meltdown Attack by Using a Return Stack Buffer
IEEE Access, 2019Co-Authors: Taehyun Kim, Youngjoo ShinAbstract:Meltdown is a microarchitectural side-channel attack that extracts sensitive data in the kernel space of operating systems (OSs). Meltdown deliberately creates transient executions by exploiting an out-of-order execution technique and obtains the execution results through a cache covert channel. In a previous attack, an OS signal handler and hardware transactional memory support (i.e., Intel TSX) were used to establish the cache covert channel. However, both methods restricted the effectiveness of the attack owing to the large amount of system noise caused by the context switching of signal handlers and the narrow range of TSX-enabled processors. Hence, we propose a new variant of the Meltdown attack using a return stack buffer (RSB). The RSB enables the establishment of a low-noise cache covert channel without relying on processor-specific hardware features, such as TSX. The wide usage of the RSB in commodity processors further improves the effectiveness of the proposed attack. We present the details of our implementation of the attack and evaluate the performance. Furthermore, we overview several existing countermeasures against the proposed attack.
Taehyun Kim - One of the best experts on this subject based on the ideXlab platform.
-
AsiaCCS - High Efficiency, Low-noise Meltdown Attack by using a Return Stack Buffer
Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019Co-Authors: Taehyun Kim, Youngjoo ShinAbstract:Meltdown attack exploits out-of-order execution in modern micro-architectures to extract sensitive data in kernel space of operating systems. Out-of-order execution opens a window of transient execution in which unauthorized access to kernel space is allowed. The original Meltdown attack utilizes an OS signal handler and hardware transactional memory support (e.g., Intel TSX) to create transient executions. Both methods, however, restrict the effectiveness of the attack due to a large amount of system noise from signal handlers and a limited number of processors that support TSX. To overcome this limitation, we propose a new variant of Meltdown attack by using a return stack buffer (RSB). Without the aid of TSX, the proposed attack introduces lower level of noise than the signal handler-based method, which broadens the impact of Meltdown attacks to a wide range of processors. We conclude this paper by presenting several countermeasures against the proposed attack.
-
Reinforcing Meltdown Attack by Using a Return Stack Buffer
IEEE Access, 2019Co-Authors: Taehyun Kim, Youngjoo ShinAbstract:Meltdown is a microarchitectural side-channel attack that extracts sensitive data in the kernel space of operating systems (OSs). Meltdown deliberately creates transient executions by exploiting an out-of-order execution technique and obtains the execution results through a cache covert channel. In a previous attack, an OS signal handler and hardware transactional memory support (i.e., Intel TSX) were used to establish the cache covert channel. However, both methods restricted the effectiveness of the attack owing to the large amount of system noise caused by the context switching of signal handlers and the narrow range of TSX-enabled processors. Hence, we propose a new variant of the Meltdown attack using a return stack buffer (RSB). The RSB enables the establishment of a low-noise cache covert channel without relying on processor-specific hardware features, such as TSX. The wide usage of the RSB in commodity processors further improves the effectiveness of the proposed attack. We present the details of our implementation of the attack and evaluate the performance. Furthermore, we overview several existing countermeasures against the proposed attack.
C. K. Kim - One of the best experts on this subject based on the ideXlab platform.
-
Enhancement of the Meltdown Temperature of a Lithium Ion Battery Separator via a Nanocomposite Coating
Industrial & Engineering Chemistry Research, 2009Co-Authors: S. H. Yoo, C. K. KimAbstract:In a previous study, a lithium ion battery separator was coated with polymers synthesized from various ethylene glycol dimethacrylates to enhance its Meltdown temperature. The Meltdown temperature ...
-
enhancement of Meltdown temperature of the polyethylene lithium ion battery separator via surface coating with polymers having high thermal resistance
Industrial & Engineering Chemistry Research, 2009Co-Authors: Y S Chung, S. H. Yoo, C. K. KimAbstract:When a lithium-ion battery is overcharged, it starts to self-heat because of exothermic reactions occurring within the components of the cell. Separator shutdown is a useful safety feature for preventing thermal runaway reactions in lithium-ion batteries. The polyethylene (PE) separators used here had shutdown temperatures of around 135 °C. Because the cell temperature continues to increase before actually beginning to cool even after shutdown, the separator should have a higher Meltdown temperature than the shutdown temperature to work as an insulator even above the shutdown temperature. To enhance the Meltdown temperature of the separator, in this study, a PE separator was coated with polymers synthesized from various ethylene glycol dimethacrylate monomers. When the separator was coated with polymer synthesized from diethylene glycol dimethacrylate (DEGDMA), its shutdown temperature and Meltdown temperature were increased to 142 and 155 °C, respectively. Furthermore, a slight increase in the air permea...
Sabrina P. Ramet - One of the best experts on this subject based on the ideXlab platform.
-
Explaining the Yugoslav Meltdown, 2 A theory about the causes of the Yugoslav Meltdown: The Serbian national awakening as a “revitalization movement”*
Nationalities Papers, 2004Co-Authors: Sabrina P. RametAbstract:The argument to be presented here is that the Yugoslav Meltdown involved three factors or sets of factors: first, the various underlying problems such as economic deterioration, political illegitim...
Daniel Genkin - One of the best experts on this subject based on the ideXlab platform.
-
CCS - Fallout: Leaking Data on Meltdown-resistant CPUs
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019Co-Authors: Claudio Canella, Michael Schwarz, Lukas Giner, Daniel Gruss, Daniel Genkin, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Berk SunarAbstract:Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
-
fallout leaking data on Meltdown resistant cpus
Computer and Communications Security, 2019Co-Authors: Claudio Canella, Michael Schwarz, Lukas Giner, Daniel Gruss, Daniel Genkin, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Berk SunarAbstract:Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
-
Meltdown reading kernel memory from user space
USENIX Security Symposium, 2018Co-Authors: Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul C Kocher, Daniel GenkinAbstract:The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security guarantees provided by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leakage.
-
USENIX Security Symposium - Meltdown: reading kernel memory from user space
2018Co-Authors: Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul C Kocher, Daniel GenkinAbstract:The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security guarantees provided by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown. We stress that KAISER must be deployed immediately to prevent large-scale exploitation of this severe information leakage.
