Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

May 30, 2020
in Internet Privacy
New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed.

The findings are from a paper “DABANGG: Time for Fearless Flush based Cache Attacks” published by a pair of researchers, Biswabandan Panda and Anish Saxena, from the Indian Institute of Technology (IIT) Kanpur earlier this week.

You might also like

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

Dubbed “Dabangg” (meaning fearless), the approach builds upon the Flush+Reload and Flush+Flush attacks, which have been exploited previously by other researchers to leak data from Intel CPUs.

However, the new variant aims to improve the accuracy of these attacks even in a noisy multi-core system. It also works seamlessly against non-Linux Operating Systems, like macOS.

“Like any other cache attacks, flush based cache attacks rely on the calibration of cache latency,” Biswabandan Panda, assistant professor at IIT Kanpur, told The Hacker News. “State-of-the-art cache timing attacks are not effective in the real world as most of them work in a highly controlled environment.”

“With DABANGG, we make a case for cache attacks that can succeed in the real world that’s resilient to system noise and work perfectly even in a highly noisy environment,” he added.

Flush+Reload and Flush+Flush attacks work by flushing out the memory line (using the “clflush” instruction), then waiting for the victim process to access the memory line, and subsequently reloading (or flushing) the memory line, measuring the time needed to load it.

DABANGG is a lot like Flush+Reload and Flush+Flush attacks in that it’s a flush-based attack, which depends on the execution timing difference between cached and non-cached memory accesses. But unlike the latter two, DABANGG makes the thresholds used to differentiate a cache hit from a miss dynamic.

Power management techniques like dynamic voltage and frequency scaling (DVFS) in modern processors allow for frequency changes based on overall CPU utilization, with cores running compute-intensive processes operating at a higher frequency than those that do not.

This core-wise frequency difference results in a variable execution latency for instructions, and renders the thresholds chosen to distinguish a cache hit from a miss useless, the researchers stated.

“We make these thresholds dynamic as a function of processor frequency (that gets throttled up and down based on the DVFS controllers) which in turn make the flush based attacks resilient to system noise,” Prof. Panda said.

DABANGG refines the shortcomings by capturing the processor’s frequency distribution in the pre-attack stage and using a compute-heavy code to stabilize the frequency, before proceeding with a Flush+Reload or Flush+Flush attack to calculate latency and check for a cache hit.

The consequence of these side-channel attacks is a reliable way to eavesdrop on user input, extract AES private key, exfiltrate data via a covert channel between a malicious process and its victim, and carry out Spectre-like speculative execution to access cached information.

Given that DABANGG is also a flush-based attack, it can be mitigated using the same techniques corresponding to Flush+Reload and Flush+Flush, namely, modifying the clflush instruction and monitoring cache misses as well as making hardware changes to prevent such attacks.

“Flush-based attacks must be aware of processor frequency for better accuracy,” Prof. Panda said. “Generally speaking, if an attack cannot effectively target a victim’s access unless all the conditions are controlled, that attack doesn’t pose a real-world risk. We believe this is just the beginning in terms of pushing the cache attacks into the real world, and it will trigger better and more robust cache attacks in the future.”

Researchers will release the source code for proof-of-concept on Github after 15th June 2020.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Is Meghan Markle Risking Archie’s Safety for Hollywood Validation?

Next Post

Singapore researchers tapping quantum cryptography to enhance network encryption

Related Posts

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
Internet Privacy

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
Internet Privacy

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

March 4, 2021
A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account
Internet Privacy

A $50,000 Bug Could’ve Allowed Hackers Access Any Microsoft Account

March 4, 2021
Next Post
Singapore researchers tapping quantum cryptography to enhance network encryption

Singapore researchers tapping quantum cryptography to enhance network encryption

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

FTC joins 38 states in takedown of massive charity robocall operation
Internet Security

FTC joins 38 states in takedown of massive charity robocall operation

March 5, 2021
Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount
Internet Privacy

Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount

March 5, 2021
Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  
Artificial Intelligence

Three Finalists Selected in $4.5 Million Watson AI XPrize Competition  

March 5, 2021
How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU
Machine Learning

How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU

March 5, 2021
Accellion zero-day claims a new victim in cybersecurity company Qualys
Internet Security

Accellion zero-day claims a new victim in cybersecurity company Qualys

March 5, 2021
How to Meet the Enterprise-Grade Challenge of Scaling AI 
Artificial Intelligence

How to Meet the Enterprise-Grade Challenge of Scaling AI 

March 5, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • FTC joins 38 states in takedown of massive charity robocall operation March 5, 2021
  • Google Cloud Certifications — Get Prep Courses and Practice Tests at 95% Discount March 5, 2021
  • Three Finalists Selected in $4.5 Million Watson AI XPrize Competition   March 5, 2021
  • How to Boost Machine Learning in Healthcare Market Compound Annual Growth Rate (CAGR)? – KSU March 5, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates