ANR JCJC MIAOUS
Microarchitectural Attacks On Ubiquitous Systems
Hardware is often considered as an abstract layer that behaves correctly, executing instructions and giving an output. However, side effects due to software implementation and its execution on actual hardware can cause information leakage from side channels, resulting in critical vulnerabilities impacting both the security and privacy of these systems.
The MIAOUS project targets in particular information leakage that does not require any physical proximity to devices and that is due to processor microarchitecture, as well as the constructions of novel countermeasures.
The main goal of this project is to propose a generic framework to provide a better understanding of the attack surface for microarchitectural attacks, both on the hardware and on the software side, and the tools to close the attack surface.
Details
- PI: Clémentine Maurice (CNRS, CRIStAL)
- Start date: October 1, 2019
- Project duration: 4 years (extended until 03/2025)
- Partner: IAIK, Graz University of Technology
- ANR funding: 252,860€
- ANR JCJC project: ANR-19-CE39-0007
News
- July 2023: Our "Finger in the power" paper @DIMVA'23 got the Best Paper Award, Runner-Up
- November 2022: Thomas Rokicki, PhD student funded by MIAOUS, defended his PhD!
- November 2022: Our "DrawnApart" paper @NDSS'22 got 1st place at CSAW'22 Applied Research Competition MENA
- January 2020: website is live!
Publications
All publications can be found on HAL archive:
-
2023
A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries
ACM Conference on Computer and Communications Security (CCS'23), Copenhagen, Denmark (acceptance rate: 19.1%) -
The Finger in the Power: How to Fingerprint PCs by Monitoring Their Power Consumption
20th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'23), Hamburg, Germany (acceptance rate: 28.3%)
Best Paper Award, Runner-Up -
2022
Characterizing Prefetchers using CacheObserver
34th International Symposium on Computer Architecture and High Performance Computing (IEEE SBAC-PAD'22), Bordeaux, France
-
CPU Port Contention Without SMT
27th European Symposium on Research in Computer Security (ESORICS'22), Copenhagen, Denmark (acceptance rate: 18.5%)
-
Port Contention Goes Portable: Port Contention Side Channels in Web Browsers
17th ACM ASIA Conference on Computer and Communications Security (ASIACCS'22), Nagasaki, Japan (acceptance rate: 18.4%)
-
DrawnApart: A Device Identification Technique based on Remote GPU Fingerprinting
Network and Distributed System Security Symposium 2022 (NDSS'22), San Diego, California, USA
Media: Gizmodo, PCMag, Tom's Hardware, Le Monde Informatique [fr]
1st place at CSAW'22 Applied Research Competition MENA -
2021
SoK: In Search of Lost Time: A Review of JavaScript’s Timers in Browsers
6th IEEE European Symposium on Security and Privacy (EuroS&P'21), Vienna, Austria (acceptance rate: 19.4%)
-
Calibration Done Right: Noiseless Flush+Flush Attacks
18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'21),Lisbon, Portugal, Online (acceptance rate: 28.8%)
-
2020
Nethammer: Inducing Rowhammer Faults through Network Requests
Workshop on the Security of Software/Hardware Interfaces (SILM'20, co-located with EuroS&P 2020), Genova, Italy
-
Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
15th ACM ASIA Conference on Computer and Communications Security (ASIACCS'20), Taipei, Taiwan (acceptance rate: 21.8%)
-
