logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Black Hat Asia 2023
Authors: Sandro Pinto, Cristiano Rodrigues
2023-05-12

The discovery of Spectre and Meltdown has turned systems security upside down. These attacks have opened a novel frontier for exploration to hackers and shed light on the untapped potential of hidden transient states created by shared microarchitectural resources. Since then, we have witnessed the rise of a plethora of effective software-based microarchitectural timing side-channel attacks capable of breaking and bypassing the security (isolation) boundaries of numberless processors from mainstream CPU vendors (Intel, AMD, Arm). Notwithstanding, one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs). MCUs are shipped in billions annually and are at the heart of every embedded and IoT device. There is a common belief that MCUs are not vulnerable to these attacks because their microarchitecture is intrinsically simple.In this talk, we challenge the status quo by unveiling a novel class of microarchitectural timing side-channel attacks affecting MCUs. First, we provide evidence of the existence of this channel on multiple platforms. Then, we explain the building blocks, the overall methodology, and the main challenges we faced in successfully mounting the attack. To close our talk, we discuss and demonstrate how to bypass the isolation guarantees of a reference TEE architecture on a state-of-art MCU. We perform a live demo of this attack emulating a secure smart lock IoT application.
Authors: Jiewen Yao, Jun Nakajima
2022-09-15

tldr - powered by Generative AI

Device attestation is necessary for maintaining confidentiality of workload in a hardware-based Trusted Execution Environment (TEE) virtual machine (VM) when transferring workload to a device for acceleration.
  • Physical devices in TEE environment
  • Device attestation model
  • Verification of device identity and evidence information
  • Device initialization flow
Authors: Robert Ficcaglia
2022-05-20

tldr - powered by Generative AI

The presentation discusses the challenges and considerations in implementing trusted computing in a Kubernetes environment.
  • Trusted computing is not a silver bullet and requires careful consideration of the attack surface and minimizing it
  • Enclaves have shortcomings and are susceptible to side channel attacks
  • Compliance with government standards such as NIST can be achieved with enclaves
  • Hardware components are susceptible to tampering and must be carefully evaluated
  • Kubernetes can use trusted computing at the container level, but the control plane should be constrained to minimize attack surface