Export Citations
Save this search
Please login to be able to save your searches and receive alerts for new content matching your search criteria.
- research-articleApril 2023
CloudShield: Real-time Anomaly Detection in the Cloud
CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and PrivacyPages 91–102https://doi.org/10.1145/3577923.3583639In cloud computing, it is desirable if suspicious activities can be detected by automatic anomaly detection systems. Although anomaly detection has been investigated in the past, it remains unsolved in cloud computing. Challenges are: characterizing the ...
- keynoteNovember 2021
Speculative Execution Attacks and Hardware Defenses
ASHES '21: Proceedings of the 5th Workshop on Attacks and Solutions in Hardware SecurityPage 3https://doi.org/10.1145/3474376.3487404Speculative execution attacks like Spectre and Meltdown exploit hardware performance optimization features to illegally access a secret and then leak the secret to an unauthorized recipient. Many variants of speculative execution attacks (also called ...
- research-articleJune 2022
Practical and Scalable Security Verification of Secure Architectures
HASP '21: Proceedings of the 10th International Workshop on Hardware and Architectural Support for Security and PrivacyArticle No.: 2, Pages 1–9https://doi.org/10.1145/3505253.3505256We present a new and practical framework for security verification of secure architectures. Specifically, we break the verification task into external verification and internal verification. External verification considers the external protocols, i.e. ...
- research-articleOctober 2021
Position Paper: Consider Hardware-enhanced Defenses for Rootkit Attacks
HASP '20: Proceedings of the 9th International Workshop on Hardware and Architectural Support for Security and PrivacyArticle No.: 6, Pages 1–9https://doi.org/10.1145/3458903.3458909Rootkits are malware that attempt to compromise the system’s functionalities while hiding their existence. Various rootkits have been proposed as well as different software defenses, but only very few hardware defenses. We position hardware-enhanced ...
Model inversion attacks against collaborative inference
ACSAC '19: Proceedings of the 35th Annual Computer Security Applications ConferencePages 148–162https://doi.org/10.1145/3359789.3359824The prevalence of deep learning has drawn attention to the privacy protection of sensitive data. Various privacy threats have been presented, where an adversary can steal model owners' private data. Meanwhile, countermeasures have also been introduced ...
-
- research-articleDecember 2018
Analyzing Cache Side Channels Using Deep Neural Networks
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferencePages 174–186https://doi.org/10.1145/3274694.3274715Cache side-channel attacks aim to breach the confidentiality of a computer system and extract sensitive secrets through CPU caches. In the past years, different types of side-channel attacks targeting a variety of cache architectures have been ...
- short-paperMay 2018
Leveraging Hardware Transactional Memory for Cache Side-Channel Defenses
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityPages 601–608https://doi.org/10.1145/3196494.3196501A program's use of CPU caches may reveal its memory access pattern and thus leak sensitive information when the program performs secret-dependent memory accesses. In recent studies, it has been demonstrated that cache side-channel attacks that extract ...
- short-paperOctober 2017
Blind De-anonymization Attacks using Social Networks
WPES '17: Proceedings of the 2017 on Workshop on Privacy in the Electronic SocietyPages 1–4https://doi.org/10.1145/3139550.3139562It is important to study the risks of publishing privacy-sensitive data. Even if sensitive identities (e.g., name, social security number) were removed and advanced data perturbation techniques were applied, several de-anonymization attacks have been ...
- research-articleOctober 2017
How secure is your cache against side-channel attacks?
MICRO-50 '17: Proceedings of the 50th Annual IEEE/ACM International Symposium on MicroarchitecturePages 341–353https://doi.org/10.1145/3123939.3124546Security-critical data can leak through very unexpected side channels, making side-channel attacks very dangerous threats to information security. Of these, cache-based side-channel attacks are some of the most problematic. This is because caches are ...
- research-articleJune 2017
Host-Based Dos Attacks and Defense in the Cloud
HASP '17: Proceedings of the Hardware and Architectural Support for Security and PrivacyArticle No.: 3, Pages 1–8https://doi.org/10.1145/3092627.3092630We explore host-based DoS attacks, which exploit the shared computing resources in a multi-tenant cloud server to compromise the server's resource availability. We first present a set of attack techniques targeting different types of resources. We show ...
- research-articleJune 2017
Secure Pick Up: Implicit Authentication When You Start Using the Smartphone
SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and TechnologiesPages 67–78https://doi.org/10.1145/3078861.3078870We propose Secure Pick Up (SPU), a convenient, lightweight, in-device, non-intrusive and automatic-learning system for smartphone user authentication. Operating in the background, our system implicitly observes users' phone pick-up movements, the way ...
- research-articleApril 2017
DoS Attacks on Your Memory in Cloud
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications SecurityPages 253–265https://doi.org/10.1145/3052973.3052978In cloud computing, network Denial of Service (DoS) attacks are well studied and defenses have been implemented, but severe DoS attacks on a victim's working memory by a single hostile VM are not well understood. Memory DoS attacks are Denial of Service (...
- research-articleJanuary 2017
Cloud Server Benchmark Suite for Evaluating New Hardware Architectures
IEEE Computer Architecture Letters (ICAL), Volume 16, Issue 1Pages 14–17https://doi.org/10.1109/LCA.2016.2597818Adding new hardware features to a cloud computing server requires testing both the functionality and the performance of the new hardware mechanisms. However, commonly used cloud computing server workloads are not well-represented by the SPEC integer and ...
- research-articleSeptember 2016
Monitoring and Attestation of Virtual Machine Security Health in Cloud Computing
Cloud customers need assurances regarding the security of their virtual machines (VMs) operating within an infrastructure-as-a-service cloud system. This is complicated by the customer not knowing where the VM is executing and by the semantic gap between ...
- research-articleSeptember 2016
Newcache: Secure Cache Architecture Thwarting Cache Side-Channel Attacks
Newcache is a secure cache that can thwart cache side-channel attacks to prevent the leakage of secret information. All caches today are susceptible to cache side-channel attacks, despite software isolation of memory pages in virtual address spaces or ...
- research-articleJune 2016
Implicit Sensor-based Authentication of Smartphone Users with Smartwatch
HASP '16: Proceedings of the Hardware and Architectural Support for Security and Privacy 2016Article No.: 9, Pages 1–8https://doi.org/10.1145/2948618.2948627Smartphones are now frequently used by end-users as the portals to cloud-based services, and smartphones are easily stolen or co-opted by an attacker. Beyond the initial login mechanism, it is highly desirable to re-authenticate end-users who are ...
- research-articleJune 2015
Can randomized mapping secure instruction caches from side-channel attacks?
HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and PrivacyArticle No.: 4, Pages 1–8https://doi.org/10.1145/2768566.2768570Information leakage through cache side channels is a serious threat in computer systems. The leak of secret cryptographic keys voids the protections provided by strong cryptography and software virtualization. Past cache side channel defenses focused ...
- research-articleJune 2015
CloudMonatt: an architecture for security health monitoring and attestation of virtual machines in cloud computing
ISCA '15: Proceedings of the 42nd Annual International Symposium on Computer ArchitecturePages 362–374https://doi.org/10.1145/2749469.2750422Cloud customers need guarantees regarding the security of their virtual machines (VMs), operating within an Infrastructure as a Service (IaaS) cloud system. This is complicated by the customer not knowing where his VM is executing, and on the semantic ...
Also Published in:
ACM SIGARCH Computer Architecture News: Volume 43 Issue 3S - research-articleMay 2015
Disruptive prefetching: impact on side-channel attacks and cache designs
SYSTOR '15: Proceedings of the 8th ACM International Systems and Storage ConferenceArticle No.: 14, Pages 1–12https://doi.org/10.1145/2757667.2757672Caches are integral parts in modern computers; they leverage the memory access patterns of a program to mitigate the gap between the fast processors and slow memory components.
Unfortunately, the behavior of caches can be exploited by attackers to infer ...
- ArticleMay 2015
Last-Level Cache Side-Channel Attacks are Practical
SP '15: Proceedings of the 2015 IEEE Symposium on Security and PrivacyPages 605–622https://doi.org/10.1109/SP.2015.43We present an effective implementation of the Prime Probe side-channel attack against the last-level cache. We measure the capacity of the covert channel the attack creates and demonstrate a cross-core, cross-VM attack on multiple versions of GnuPG. Our ...
