ToorCon TwentyOne speaker: Daniel Moghimi

Daniel Moghimi is a Computer Security Researcher working toward a Doctorate Degree in the Electrical & Computer Engineering (ECE) Department at Worcester Polytechnic Institute (WPI). Before that, He received a Master of Science Degree from Computer Science (CS) Department at WPI. His research interests include system security, side channels and applied cryptography.

He has been co-advised by Prof. Berk Sunar and Prof. Thomas Eisenbarth as a member of the Vernam Group. He has published a few papers on new CPU attacks: MemJam, SPOILER, ZombieLoad; Intel’s TEE environment, Intel SGX: CacheZoom and CacheQuote; and side-channel analysis and detection tools: MicroWalk and FortuneTeller.

Daniel enjoy reverse engineering, finding vulnerabilities and fuzzing things.

The speaker's profile picture

Talks

ZombieLoad: Leaking Data on Intel CPUs

Meltdown (BlackHat USA 2018) was the first instance of a hardware vulnerability which broke the security guarantees of modern CPUs. Meltdown allowed attackers to leak arbitrary memory by exploiting that Intel CPUs use lazy fault handling and continue transient execution with data retrieved by faulting loads. With stronger kernel isolation, a software workaround to prevent Meltdown attacks, and new CPUs with this vulnerability fixed, Meltdown seemed to be a solved issue.

In this talk, we show that Meltdown is still an issue, on current off-the-shelf CPUs. We present ZombieLoad, a Meltdown-type attack which leaks data across multiple privilege boundaries: processes, kernel, SGX, hyperthreads, and even across virtual machines. We show that Meltdown mitigations do not affect ZombieLoad. The ZombieLoad attack can be mounted without any user interactions from an unprivileged application, both on Linux and Windows.

To demonstrate the danger of the ZombieLoad attack, we present multiple attacks, such as monitoring the browsing behavior, stealing cryptographic keys, and leaking the root-password hash on Linux. In a live demo, we show that such attacks are not only practical but also easy to mount. We will then discuss mitigations against the ZombieLoad attack.

We outline challenges for future research on Meltdown-type attacks and mitigations. Finally, we will discuss the short-term and long-term implications for hardware vendors, software vendors, and users.

Jet Skiing

Rent a Jet Ski to zip around the bay on! Just meet at the dock next to the event venue. Includes an hour of usage and training with the sports center staff.

Check-In at the lawn in front of the MBSC