Hardware is often considered as an abstract layer that behaves correctly, executing instructions and giving an output. However, side effects due to software implementation and its execution on actual hardware can cause information leakage from side channels, resulting in critical vulnerabilities impacting both the security and privacy of these systems.
The MIAOUS project targets in particular information leakage that does not require any physical proximity to devices and that is due to processor microarchitecture, as well as the constructions of novel countermeasures.
The main goal of this project is to propose a generic framework to provide a better understanding of the attack surface for microarchitectural attacks, both on the hardware and on the software side, and the tools to close the attack surface.
All publications can be found on HAL archive:
A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
ACM Conference on Computer and Communications Security (CCS'23), Copenhagen, Denmark (acceptance rate: 19.1%)
The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption
20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'23), Hamburg, Germany (acceptance rate: 28.3%)
Best Paper Award, Runner-Up
Characterizing Prefetchers using CacheObserver
34th International Symposium on Computer Architecture and High Performance Computing (IEEE SBAC-PAD'22), Bordeaux, France
CPU Port Contention Without SMT
27th European Symposium on Research in Computer Security (ESORICS'22), Copenhagen, Denmark (acceptance rate: 18.5%)
Port Contention Goes Portable: Port Contention Side Channels in Web Browsers
17th ACM ASIA Conference on Computer and Communications Security (ASIACCS'22), Nagasaki, Japan (acceptance rate: 18.4%)
DrawnApart: A Device Identification Technique
based on Remote GPU Fingerprinting
Network and Distributed System Security Symposium 2022 (NDSS'22), San Diego, California, USA
Media:
Gizmodo,
PCMag,
Tom's Hardware,
Le Monde Informatique [fr]
1st place at CSAW'22 Applied Research Competition MENA
SoK: In Search of Lost Time: A Review of JavaScript’s Timers in Browsers
6th IEEE European Symposium on Security and Privacy (EuroS&P'21), Vienna, Austria (acceptance rate: 19.4%)
Calibration Done Right: Noiseless Flush+Flush Attacks
18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'21), Lisbon, Portugal, Online (acceptance rate: 28.8%)
Nethammer: Inducing Rowhammer Faults through Network Requests
Workshop on the Security of Software/Hardware Interfaces (SILM'20, co-located with EuroS&P 2020), Genova, Italy
Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
15th ACM ASIA Conference on Computer and Communications Security (ASIACCS'20), Taipei, Taiwan (acceptance rate: 21.8%)