Cascade and ZenHammer at USENIX Security

COMSEC presented two papers at USENIX Security 2024 this month. Cascade shows that generating highly randomized but valid programs is highly effective in finding bugs in open-source RISC-V CPUs. In fact, it finds more bugs than all previous hardware fuzzers combined! ZenHammer shows how one can trigger bit flips from AMD Zen-based CPUs. ZenHammer triggered…

HiFi-DRAM at ISCA

COMSEC presented HiFi-DRAM at the top ISCA conference in Buenos Aires. We used Scanning Electron Microscopy (SEM) with Field Ion Beam (FIB) to reverse engineer sense amplifier designs in commodity DDR4 and DDR5 chips from all major DRAM vendors. HiFi-DRAM shows that many critical assumptions made by DRAM researchers unfortunately do not hold up in…

Jochen Liedtke award for Kaveh Razavi

Kaveh Razavi received the Jochen Liedtke Young Researcher Award at EuroSys’24. The award was created in 2014 by ACM EuroSys to reward junior European researchers who have demonstrated exceptional creativity and innovation in systems research, broadly construed. Kaveh was awarded for “his countless and fundamental high-​​impact contributions to systems security”.

Best Paper Award for Phantom

Phantom won the best paper award at MICRO’23! Phantom shows the security implications of pre-decode speculation that is fundamental in achieving high performance. Phantom explains the root-cause of previous transient execution attacks such as Retbleed or Spectre-SLS and it can also be used as a building block in other attacks, such as Inception.

Inception at USENIX Security

Inception is a new class of transient execution attacks which we made public in August during USENIX Security. Inception can leak arbitrary memory from the kernel on all AMD Zen CPUs including the latest Zen 4 CPU. Due to its impact, Inception was featured on ETH news and many tech and popular news outlets. Examples…