Spotting hacks automatically, before the hackers do

in #dlike5 years ago

Dhared From Dlike

In early 2018, cybersecurity researchers discovered two security flaws they said were present in almost every high-end processor made and used by major companies. Known ominously as Spectre and Meltdown, these flaws were troubling because they represented a new type of breach not previously known that could allow hackers to infer secret data—passwords, social security numbers, medical records—from the way computers pre-calculate certain data using architectural features called "out-of-order execution" and "speculative execution" to speed up their processes.

Rising to this emerging threat, a team led by computer scientists at TU Kaiserslautern, Germany, in collaboration with researchers from Stanford University in California, has taken a novel approach to exposing potential flaws in new chip designs. It is an algorithm, Unique Program Execution Checking, or UPEC, for short.

"UPEC is a form of automated security verification that will alert designers to potential flaws in their microarchitectures, long before the chips are mass produced," says lead Professor Wolfgang Kunz, Chair of Electronic Design Automation at TU Kaiserslautern.

What's more important is that they've shown that such security holes exist in a much wider spectrum of processors than previously thought, affecting not just high-end processors but even the simple processors that are omnipresent in numerous applications of daily life, such as in the Internet of Things.

In essence, UPEC analyzes microarchitectural side effects of design decisions and detects if they can be exploited to create covert channels. What is particularly key is that UPEC is exhaustive. It takes into account all possible programs that can run on the processor. The researchers believe UPEC can expose any potential covert channel vulnerabilities in future chip designs, even those that designers had not anticipated.

In real-world tests, the research team had UPEC analyze several open source chip designs and identified a number of previously unknown flaws. The team created and analyzed different design variations of these processors and demonstrated that such weaknesses easily result from normal design processes and can affect virtually any processor, particularly simple processors not just the class of high-end processors analyzed in the Spectre/Meltdown attacks.


Source of shared Link

#dlike-technology #computers #design #security
5 years ago in #dlike by
$0.76
  • Max accepted payout: $900.00
  • Past Payouts $0.76, 0.00 TRX
  • - Author $0.58, 0.00 TRX
  • - Curators $0.18, 0.00 TRX
82 votes
Reply 0

Coin Marketplace

STEEM 0.17
TRX 0.15
JST 0.028
BTC 62264.03
ETH 2431.11
USDT 1.00
SBD 2.50