COMSEC was honored with three awards at the 34th USENIX Security this week.
Branch Privilege Injection received a Distinguished Paper Award. This work exposes race conditions that result in branch prediction entries to be tagged with an incorrect security domain in all recent Intel CPUs that we tested. This allowed us to bypass the deployed Spectre v2 eIBRS mitigation and build a reliable and fast end-to-end exploit. The issue was under embargo for almost 9 months with a microcode update that was deployed by Intel to fix the issue.
Encarsia received a Distinguished Artifact Award. Existing hardware fuzzers make strong claims about what makes them great. To evaluate these claims, we built a new solution to inject bugs in RTL designs automatically. We then used these bug-infested designs to test different fuzzers, debunking some these claims and highlighting interesting directions for future research in hardware fuzzing. Encarsia has a high-quality artifact as evident by this award, so there is no excuse not to use it to evaluate and compare your next hardware fuzzer!
Last but not least, Patrick Jattke, received a Distinguished Artifact Reviewer Award. Congratulations!