COMSEC presented two papers at USENIX Security 2024 this month. Cascade shows that generating highly randomized but valid programs is highly effective in finding bugs in open-source RISC-V CPUs. In fact, it finds more bugs than all previous hardware fuzzers combined! ZenHammer shows how one can trigger bit flips from AMD Zen-based CPUs. ZenHammer triggered…
All posts in News
HiFi-DRAM at ISCA
COMSEC presented HiFi-DRAM at the top ISCA conference in Buenos Aires. We used Scanning Electron Microscopy (SEM) with Field Ion Beam (FIB) to reverse engineer sense amplifier designs in commodity DDR4 and DDR5 chips from all major DRAM vendors. HiFi-DRAM shows that many critical assumptions made by DRAM researchers unfortunately do not hold up in…
Inception at USENIX Security
Inception is a new class of transient execution attacks which we made public in August during USENIX Security. Inception can leak arbitrary memory from the kernel on all AMD Zen CPUs including the latest Zen 4 CPU. Due to its impact, Inception was featured on ETH news and many tech and popular news outlets. Examples…
REGA at S&P
COMSEC had one presentation at the flagship S&P conference this year. REGA shows how to build a stateless and scalable in-DRAM Rowhammer mitigation by cleanly separating the duties of DRAM’s sense amplifiers. REGA also includes the first open source model of a modern DRAM chip called REM.
Presentation at MICRO
Flavien Solt presented his paper at MICRO’22 conference on how design validation and testing tools can be improved using a novel categorization of existing errata documents. More information can be found here.
USENIX Security presentations
COMSEC has two presentations this week at the annual USENIX Security conference. CellIFT shows a novel approach for scalable Information Flow Tracking (IFT) in RTL. CellIFT is open source and ready to be used on in many new projects that can benefit from IFT, such as finding hardware vulnerabilities. Retbleed shows that return instructions leak information…
Retbleed in the news
We disclosed Retbleed during July patch Tuesday. Retbleed shows that similar to indirect branches, return instructions leak sensitive information during speculative execution. Retbleed was covered in an ETH news article and many news items in popular media such as WIRED, Ars Technica, The Register, Watson, Heise and podcasts such as Security Now!
Two presentations at S&P
COMSEC has two presentations this week at the annual S&P conference. Blacksmith shows that all TRR mitigations deployed in (LP)DDR4 devices are vulnerable to non-uniform access patterns and ProTRR shows how one can build a space-refresh optimal in-DRAM TRR mitigation with principled security guarantees. We also have a paper called Spring at the co-located WOOT…
Blacksmith in the news
Our recent efforts in the area of DRAM Security resulted in the discovery of new non-uniform access patterns that can bypass all currently deployed TRR mitigations on recent (LP)DDR4 devices and revive Rowhammer attacks on new devices. Citing the paper: “after almost a decade of research and deployed in-DRAM mitigations, we are perhaps in a…
1st DRAMSec Workshop
Together with Stefan Saroiu (Microsoft), we are organizing the first First Workshop on DRAM Security (DRAMSec) co-located with ISCA 2021. We have an excellent TPC representing industry and academic experts to bring you a very nice program including paper presentations, a keynote and a lively panel. If you are interested in the topic, please consider…