TU Graz publishes “Æpic Leak” and “SQUIP”

Believes software Depends on reliable and error-free Computer parts. hardwareCollateral vulnerabilities are receiving increasing attention from both attackers and developers. Last but not least, the discovery of side channel attacks contributed to this melting And the ghost 2018 by researchers from the Graz University of Technology. Since then, researchers – including researchers from the Graz University of Technology – have discovered new methods of attack and vulnerabilities in hardware One Computers Benefit. This is currently posted Team To Daniel Gross from Institute of Applied Information Processing and Communication Technology Two other weaknesses: Æpic Leak and SQUIP.

Æpic Leak: No side channel necessary

Romanian researcher Pietro Borrilo came across a new attack variant in the fall of 2021 during a research stay in the team of IT security expert Daniel Gross at the Graz University of Technology. “As with all potential attacks discovered, we first reported the issue to the manufacturer, in this specific case, to Intel, and gave them time to provide fixes,” says Daniel Gross. The time is up now in coordination with Intel and researchers are now posting details on Æpic a leak the aforementioned attack.

Æpic LeakIt is the first attack that uses data directly from the main processor microarchitecture.CPU, central processing unit) can read. The attack exploits a vulnerability in hardwareto remove data that has not yet been overwritten CPU– Reading directly from the internal memory. This includes sensitive data SGX Pockets (Intel Software Guard Extensionswhich is a specially secured area on CPUwhich handles sensitive data securely and separate from the rest of the system) which actually makes the system safe from attacks like Malware Manufacture.

The vulnerability is affected by micro-engineering “Sunny Cove” Based on CPUs In addition to others from the manufacturer Intel. Intel has already made the necessary patches and these patches are for server Posted today – to customers– Applications will be launched SGX Now he’s completely dispensed with. New processors should have integrated solutions – but according to the researchers: “We know that the general solution to such architecture-based vulnerabilities and the like is an open research topic that must first be resolved.” As the researchers explain in their publications, device vulnerabilities follow the same patterns as vulnerabilities in software. Troubleshoot and avoid errors hardwarebut in contrast to software– The page is still at the beginning.

da pic a leak But only at a very high level of security – admin or root It can be implemented, the vast majority of systems are secure. pic a leak This week will be in the prestigious USENIX Security Seminar in Boston and in black hat in Las vigas Gifts.

leak pic: Architecturally unconfigured data leakage from microarchitecture. Pietro Borillo (Sabines University in Rome), Andreas Kugler (TU Graz), Martin Schwarzl (TU Graz), Moritz Lieb (Amazon Web Services) and Daniel Gross (University of Graz) and Michael Schwartz (CISPA Helmholtz Center for Information Security). USENIX Security Symposium 2022.

SQUIP: Another side channel attack

At the same time, another research team led by Daniel Gross published a newly discovered attack: SQUIP (Scheduler Queue Agreement Side Channel Exploitation). This is again a side-channel attack that does not attack data directly, but draws inferences about information from observations of temporal relationships. SQUIP is used for the first time Scheduler queues, i.e. the chronology and organization of the computation steps. These parts of the system haven’t been attacked yet because they were among the most prevalent wrinkle From the manufacturer Intel does not offer any advantages over other attacks – but it does with large manufacturers such as AMD, and in some cases too apple. “Our attack takes advantage of the limited ability of Scheduler queue beaten. If this fills up, the processor has to wait for the space to be freed up again. We measure these waiting times and use them to draw conclusions about the program schedule,” says Stefan Gast.

SQUIP: Exploit the scheduler queue side channel contention. Stefan Gast (Lamar Security Research, Graz University of Technology), Jonas Govinger (Lamar Security Research, Graz University of Technology), Martin Schwarz (Graz University of Technology), Gururaj Saileshwar (Georgia Institute of Technology), Andreas Kugler (Graz University of Technology), Simon Franza (Graz University of Technology).), Markus Kostel (University of Graz) and Daniel Gross (University of Graz).

Other (common) attacks discovered by TU Graz:
• Breakdown and Specter
• ZombieLoad and store for leak
• Plateps