BLOGS WEBSITE
Category: Security Research
Virtualisation is a key potential approach to alleviating performance issues within constrained environments. However, within defence environments, security is a constant concern, and virtualised environments must be assessed to ensure that they do not introduce additional security risks with their introduction.
In this research, we explore security issues within defence and constrained environments, including analysis of existing virtualisation environments for security concerns, identification and mitigation against security attacks, and the design and development of virtualised environments that are more resilient against security attacks.
Project Leaders: Yuval Yarom and A/Prof Katrina Falkner
Summer research projects
We welcome Jack Gerrits, Sean Marciniak and David Piper who have joined DIG to work on three summer research projects. Jack is looking at ways of exploiting Google Chrome Native clients to mount side-channel attacks on the user’s machine. Sean is investigating the potential for attacking machines using malicious USB devices. David is looking at […]
Comments Off on Summer research projects
CT-RSA 2015: Just a Little Bit More
Extending our work from CHES 2014, we exploit a weakness in several standard curves to achieve an order of magnitude reduction in the number of signatures we need to observe in order to break the key. J. van de Pol, N. P. Smart and Y.Yarom, Just a Little Bit More. accepted for CT-RSA 2015.
Comments Off on CT-RSA 2015: Just a Little Bit More
Visitor from the Worcester Polytechnic Institue: Gorka Irazoqui
Gorka Irazoqui from the Worcester Polytechnic Institute (MA, USA) visited DIG this week. During his visit, Gorka presented his recent works on LLC-based side channel attacks on AES.
Comments Off on Visitor from the Worcester Polytechnic Institue: Gorka Irazoqui
Information and Software Technology: A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies
Anton Uzunov is leading work into the development of a pattern-oriented approach to the engineering of secure software methodologies. Recent work in this space, accepted for publication in the Journal of Information and Software Technology, builds upon existing method engineering ideas to form a new comprehensive approach to engineering security methodologies. Developing secure software systems […]
Comments Off on Information and Software Technology: A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies
DIG presenting at ECC 2014
Yuval Yarom recently attended the workshop on Elliptic Curves Cryptography 2014 at Chennai, India, where he was invited to present our work on cryptanalysing ECDSA Side-channel attacks on ECDSA Side-channel attacks aim to break cryptosystems by exploiting information leaked through the interaction of the Implementation of the cryptosystem with its environment. This talk presents some […]
Research Grant: Assessment and OS-Level Mitigation of Timing Channels. K. Falkner and Y. Yarom, NICTA CRP ($232,167) (2014-2015)
Assessment and OS-Level Mitigation of Timing Channels. K. Falkner and Y. Yarom, NICTA CRP ($232,167) (2014-2015) DIG will be working with Professor Gernot Heiser’s team at NICTA/UNSW on a new collaborative project exploring timing channels and side channels on modern architectures. Led at Adelaide by Yuval Yarom, this project will explore the design and implementation […]
Comments Off on Research Grant: Assessment and OS-Level Mitigation of Timing Channels. K. Falkner and Y. Yarom, NICTA CRP ($232,167) (2014-2015)
CDIT team presenting at USENIX Security and ECSA 2014
Yuval Yarom recently attended the USENIX Security 2014 conference in San Diego to present our work in defining the Flush+Reload side-channel attack: FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack, Yuval Yarom and Katrina Falkner, The University of Adelaide Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of […]
Comments Off on CDIT team presenting at USENIX Security and ECSA 2014
Sam Jaeschke Joins DIG
We welcome Sam Jaeschke, who has joined DIG to complete his Honours year research project. Sam work will extend our earlier work on micro-architectural side-channel attacks. Past research has demonstrated that Intel X86 processors are vulnerable to the FLUSH+RELOAD side-channel attack. The attack allows malicious virtual machine to recover secret information from a victim virtual […]
CHES 2014: “Ooh Aah… Just a Little Bit” : A Small Amount of Side Channel Can Go a Long Way
Working with colleagues from the University of Bristol and from our local School of Mathematical Sciences, we combine our FLUSH+RELOAD side channel with an improved lattice attack to break the Bitcoin elliptic curve. N. Benger, J. van de Pol, N. P. Smart and Y.Yarom, “Ooh, Aah… Just a Little Bit”: A Small Amount of Side […]
Comments Off on CHES 2014: “Ooh Aah… Just a Little Bit” : A Small Amount of Side Channel Can Go a Long Way
USENIX 2014: FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
A new side-channel attack that came out of our research into security within virtualised environments has been accepted for publication at USENIX 2014: Y. Yarom and K. Falkner, FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. Accepted for USENIX Security, August 2014.
Comments Off on USENIX 2014: FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack