All posts by herbert.bos

Awards Catch-UP!

Even though we have been neglecting the News pages a bit these past few months, it does not mean nothing has happened.

So here is a short summary of awards we have won:

(Random image of trophy, suggesting great success)

TRRespass wins Pwnie Award

TRRespass shows for the first time that state-of-the-art DDR4 DRAM from all major vendors is still vulnerable to practical Rowhammer attacks even though vendors previously claimed their products were Rowhammer-free.

After our PWNIEs for Dedup Est Machina, AnC, and DRAMMER, we now have a stable of four, all equally gorgeous. TRRespass previously also won the Best Paper Award at IEEE Security & Privacy.

Emanuele showing his equestrian excitement

Harry King Wins bachelor Thesis Prize

Recently graduated Harry King just won the (university-wide) best bachelor thesis award for his thesis on “Development Tools &
Techniques for a More Robust Operating System”. For his thesis project he built an operating system kernel from scratch in Ada. The implementation in Ada allowed him to formally verify the OS components.

RIDL Second in CSAW’19 Best applied Research

Two of VUSec’s papers were nominated for the Best Applied Research Award at CSAW’19 in Valence France: ECCploit and RIDL.

When the dust settled, “RIDL: Rogue In-Flight Data Load”, the
paper that was published at Security & Privacy in May and that shows a new class of speculative execution attacks that can leak any “in-flight” data from Intel CPUs won the second place
prize for Best Applied Research at CSAW ’19.

See also: “Much Ado about RIDL“.

Much ado about RIDL

The RIDL saga that started in September 2018 lingers on. A new embargo and a new set of insufficient patches, and it isn’t over yet. Excellent coverage by Kim Zetter in the New York Times.

In addition there were many other outlets covering this:

International:

https://www.wired.com/story/intel-mds-attack-taa/

https://www.theverge.com/2019/11/13/20962667/intel-processor-security-vulnerabilities-researchers-disclosure

https://www.ft.com/content/d60cda42-7699-11e9-be7d-6d846537acab

https://in.pcmag.com/news/133831/intel-struggles-to-fix-hardware-based-flaws-researchers-say

https://www.tomshardware.com/news/intel-reveals-taa-vulnerabilities-in-cascade-lake-chips-and-a-new-jcc-bug

https://www.dailymail.co.uk/sciencetech/article-7681917/Intel-failed-fix-dangerous-chip-flaw-affecting-MILLIONS-Apple-Microsoft-Google-devices.html

https://www.engadget.com/2019/11/13/intel-fixes-cpu-security-flaw-for-real/

https://gizmodo.com/intel-reportedly-warned-of-critical-chip-security-flaws-1839807262

Dutch:

https://www.nu.nl/tech/6010595/onderzoekers-vrije-universiteit-intel-is-niet-eerlijk-over-processorlek.html

https://www.nporadio1.nl/nieuws-en-co/onderwerpen/519738-processorchips-intel-nog-steeds-kwetsbaar

https://nos.nl/artikel/2310247-onderzoekers-intel-neemt-beveiligingslek-niet-serieus.html

https://www.ad.nl/tech/onderzoekers-vu-intel-loog-over-oplossen-lek-in-chips~acb207e0/

https://tweakers.net/nieuws/159826/vu-onderzoekers-intel-heeft-ridl-kwetsbaarheid-nog-niet-volledig-opgelost.html

https://www.computable.nl/artikel/nieuws/cloud-computing/6834006/250449/oproep-vu-zet-hyperthreading-in-intel-processor-uit.html

https://radar.avrotros.nl/nieuws/item/processorchips-van-intel-nog-steeds-kwetsbaar/

https://www.noordhollandsdagblad.nl/cnt/dmf20191113_36194155/vu-studie-intel-chips-nog-steeds-kwetsbaar

https://www.security.nl/posting/631293/VU-onderzoekers+onthullen+%22nieuwe%22+aanval+op+Intel-processors

Tabloids:

https://www.telegraaf.nl/nieuws/348361583/vu-studie-intel-chips-nog-steeds-kwetsbaar