Our Dedup+Rowhammer research made it to various international publications, including The Register, SearchSecurity (with mistakes), Softpedia, TechTarget, Risky Business (http://risky.biz/RB414 @ 13:37), and others.
It also featured on national Dutch radio in BNR Digitaal (from 9:10 onward), De Volkskrant, Tweakers, and a security advisory by NCSC (all Dutch).
The slides from Erik Bosman’s S&P 2016 talk are here.
Erik is presenting Dedup Est Machina, a cool new attack (abusing memory deduplication and rowhammer) on Microsoft Edge browser with all defenses up — without a single software bug. See also our demo.
Enes and Victor are presenting TypeArmor, our new strict binary-level Control-Flow Integrity (CFI) and Control-Flow Containment (CFC) solution to mitigate advanced code-reuse attacks.
Herbert participated in a panel discussion on Cyber Security on BNR (Business News Radio).
This year, VUSec had 4 papers accepted at USENIX Security. (1) flip feng shui (or how to abuse memory deduplication to make Rowhammer attacks deterministic), (2) an in-depth analysis of disassembly, (3) thread spraying to attack information hiding, and (4) a paper that also “pokes holes into information hiding” and demonstrates that using ASLR/64 to hide safe regions is completely insecure.
Our work on owning Microsoft Edge by a combination of dedup primitives and rowhammer was accepted for presentation at Black Hat USA in July/August 2016.