COMSEC presented two papers at USENIX Security 2024 this month. Cascade shows that generating highly randomized but valid programs is highly effective in finding bugs in open-source RISC-V CPUs. In fact, it finds more bugs than all previous hardware fuzzers combined! ZenHammer shows how one can trigger bit flips from AMD Zen-based CPUs. ZenHammer triggered…
All posts by krazavi
HiFi-DRAM at ISCA
COMSEC presented HiFi-DRAM at the top ISCA conference in Buenos Aires. We used Scanning Electron Microscopy (SEM) with Field Ion Beam (FIB) to reverse engineer sense amplifier designs in commodity DDR4 and DDR5 chips from all major DRAM vendors. HiFi-DRAM shows that many critical assumptions made by DRAM researchers unfortunately do not hold up in…
Welcome Ali Hajiabadi!
Dr. Ali Hajiabadi started as a postdoctoral researcher in July 2024.
Jochen Liedtke award for Kaveh Razavi
Kaveh Razavi received the Jochen Liedtke Young Researcher Award at EuroSys’24. The award was created in 2014 by ACM EuroSys to reward junior European researchers who have demonstrated exceptional creativity and innovation in systems research, broadly construed. Kaveh was awarded for “his countless and fundamental high-impact contributions to systems security”.
Welcome Sandro Rüegge!
Sandro Rüegge joined as a PhD student starting April 2024.
Welcome Silvan Niederer!
Silvan Niederer joined as a PhD student starting November 2023.
Best Paper Award for Phantom
Phantom won the best paper award at MICRO’23! Phantom shows the security implications of pre-decode speculation that is fundamental in achieving high performance. Phantom explains the root-cause of previous transient execution attacks such as Retbleed or Spectre-SLS and it can also be used as a building block in other attacks, such as Inception.
Best BSc thesis award for Zhenrong Lang
The bachelor thesis of Zhenrong Lang on studying and generalizing the half-double effect has won a best BSc award in the department. Congratulations! We called patterns that trigger these new effects Blaster and wrote a paper about them which you can read here.
ETH medal for Daniël Trujillo
Daniël Trujillo has received an ETH medal for his master thesis on Inception and Phantom. The ETH medal is awarded to the very top master theses every year (read more here). Congratulations!
Inception at USENIX Security
Inception is a new class of transient execution attacks which we made public in August during USENIX Security. Inception can leak arbitrary memory from the kernel on all AMD Zen CPUs including the latest Zen 4 CPU. Due to its impact, Inception was featured on ETH news and many tech and popular news outlets. Examples…