CDIT team presenting at USENIX Security and ECSA 2014

Yuval Yarom recently attended the  USENIX Security 2014 conference in San Diego to present our work in defining the Flush+Reload side-channel attack:

FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack, Yuval Yarom and Katrina Falkner, The University of Adelaide

Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to information leaks. We present FLUSH+RELOAD, a cache side-channel attack technique that exploits this weakness to monitor access to memory lines in shared pages. Unlike previous cache side-channel attacks, FLUSH+RELOAD targets the Last- Level Cache (i.e. L3 on processors with three cache levels). Consequently, the attack program and the victim do not need to share the execution core. We demonstrate the efficacy of the FLUSH+RELOAD attack by using it to extract the private encryption keys from a victim program running GnuPG 1.4.13. We tested the attack both between two unrelated processes in a single operating system and between processes running in separate virtual machines. On average, the attack is able to recover 96.7% of the bits of the secret key by observing a single signature or decryption round.


Meanwhile, Dr Claudia Szabo and Marianne Rieckmann have joined our former colleague and now collaborator, Dr Vanea Chiprianov, in presenting recent advances in our work in performance modelling at the European Conference on Software Architecture (ECSA 2014) conference in Vienna.

Claudia and Marianne will be presenting a demonstration of our performance modelling and analysis toolset, while Vanea will be presenting a research paper outlining new software architecture patterns defined within the architecture of our system:

Architectural Support for Model-driven Performance Prediction of Distributed Real-time Embedded Systems of Systems, Vanea Chiprianov, Katrina Falkner, Claudia Szabo, Gavin Puddy,  University of Adelaide

Systems of systems (SoS) are large-scale systems composed of complex systems with difficult to predict emergent properties. One of the most significant challenges in the engineering of such systems is how to predict their non-functional properties such as performance, and more specifically, how to model non-functional properties when the overall system functionality is not available. In this paper, we define an approach to SoS performance prediction based on the modelling of system interactions and their impacts. We adopt an Event Driven Architecture to support this modelling, as it allows for more realistic and flexible performance simulation, which enables more accurate performance prediction. We introduce a generic architecture and present its instantiation in a software architecture for the performance prediction of defence SoS. Our architecture allows for loose coupling, interoperability, and adaptability and facilitates sustainable evolution of the performance model of the SoS.


This entry was posted in Modelling and Analysis, News, Security. Bookmark the permalink.

Comments are closed.