{AEX-Notify}: Thwarting Precise {Single-Stepping} Attacks through Interrupt Awareness for Intel {SGX} Enclaves
Intel® Software Guard Extensions (Intel® SGX) supports the creation of shielded enclaves
within unprivileged processes. While enclaves are architecturally protected against …
within unprivileged processes. While enclaves are architecturally protected against …
Jolt: Recovering tls signing keys via rowhammer faults
Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect
the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA …
the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA …
Synchronization Storage Channels ({{{{{S2C)}}}}}: Timer-less Cache {Side-Channel} Attacks on the Apple M1 via Hardware Synchronization Instructions
Shared caches have been a prime target for mounting crossprocess/core side-channel
attacks. Fundamentally, these attacks require a mechanism to accurately observe changes …
attacks. Fundamentally, these attacks require a mechanism to accurately observe changes …
" False negative-that one is going to kill you": Understanding Industry Perspectives of Static Analysis based Security Testing
The demand for automated security analysis techniques, such as static analysis based
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
security testing (SAST) tools continues to increase. To develop SASTs that are effectively …
A systematic evaluation of automated tools for side-channel vulnerabilities detection in cryptographic libraries
A Geimer, M Vergnolle, F Recoules, LA Daniel… - Proceedings of the …, 2023 - dl.acm.org
To protect cryptographic implementations from side-channel vulnerabilities, developers must
adopt constant-time programming practices. As these can be error-prone, many side …
adopt constant-time programming practices. As these can be error-prone, many side …
Improving software quality in cryptography standardization projects
The NIST post-quantum cryptography (PQC) standardization project is probably the largest
and most ambitious cryptography standardization effort to date, and as such it makes an …
and most ambitious cryptography standardization effort to date, and as such it makes an …
{BunnyHop}: Exploiting the Instruction Prefetcher
Z Zhang, M Tao, S O'Connell… - 32nd USENIX Security …, 2023 - usenix.org
BunnyHop: Exploiting the Instruction Prefetcher Page 1 This paper is included in the
Proceedings of the 32nd USENIX Security Symposium. August 9–11, 2023 • Anaheim, CA …
Proceedings of the 32nd USENIX Security Symposium. August 9–11, 2023 • Anaheim, CA …
Spectre declassified: Reading from the right place at the wrong time
BA Shivakumar, J Barnes, G Barthe… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Practical information-flow programming languages commonly allow controlled leakage via a
declassify construct—programmers can use this construct to declare intentional leakage. For …
declassify construct—programmers can use this construct to declare intentional leakage. For …
It's like flossing your teeth: On the importance and challenges of reproducible builds for software supply chain security
The 2020 Solarwinds attack was a tipping point that caused a heightened awareness about
the security of the software supply chain and in particular the large amount of trust placed in …
the security of the software supply chain and in particular the large amount of trust placed in …
Microwalk-CI: Practical side-channel analysis for JavaScript applications
J Wichelmann, F Sieck, A Pätschke… - Proceedings of the 2022 …, 2022 - dl.acm.org
Secret-dependent timing behavior in cryptographic implementations has resulted in
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …