This year, VUSec had 2 papers accepted at USENIX Security ’18: Malicious Management Unit (how to use the MMU to mount indirect cache attacks and bypass software-based defenses) and TLBleed (how to mount TLB side-channel attacks across threads and leak fine-grained information).
Tag Archives: sidechannels
ASLR^Cache or AnC: A MMU Sidechannel breaking ASLR from Javascript, and media coverage
Today we announce ASLR^Cache, a MMU sidechannel exploiting a micro-architectural property of all modern CPU models. This signal is even visible from Javascript and breaks ASLR in sandboxed environments. The name ASLR^Cache (or simply AnC) is a reference to the fact that ASLR and CPU caches are mutually exclusive on modern architectures. For more information, please see our AnC project page.
Press outlets and other organisations have picked up on this work: wired, arstechnica, ACM Tech News, NCSC, bleepingcomputer.com, Tom’s Hardware, security.nl, theregister, tweakers.net, digitaljournal.com, CSO Australia, hackaday, slashdot, securityweek.com, heise.de, theinquirer.net, itnews.com.au, eejournal.com, habrahabr.ru, impress.co.jp, paper.li, boingboing.net.
Also some of our favourite podcasts picked it up: securitynow episode 600, ISC Internet Storm Center podcast, risky.biz episode #444.
4 papers accepted at NDSS
This year, VUSec had 4 papers accepted at NDSS ’17: AnC (a new side-channel-based ASLR bypass), SafeInit (efficient protection against uninitialized reads), a new evolutionary fuzzer (AFL on steroids), and Marx (uncovering class hierarchies in C++ programs, with @thorstenholz’s group at @ruhrunibochum).