Olivia
Online
David Kohlbrenner
@dkohlbre
Software/Hardware Security Person. Assistant Professor at @uwcse. Making whole systems just a bit more secure. PPP Alum. He/Him. @[email protected]
Joined April 2010
63 Following
437 Followers
54 Posts
@stuntpants Any idea why hugepage support is in the M1 but not in macOS? Was surprised I couldn't even force it on from userspace...
I was relying on this app to publicize that I am defending in April! And looking for 2023 jobs! Guess I'll used...LinkedIn...now?
TL;DR If you want to understand/improve security processes using data and research science methods, shoot me a note. I'll post more later if I can
Retpolines leaking is unfortunate, but its good that we have concrete examples of how.
While there, read the addendum (and the timeline on addendum, oof). Looking forward to _that_ paper quite a bit!
Today @kavehrazavi and I are finally allowed to talk about #Retbleed. In 2018, #SpectreV2 was fixed by replacing indirect jumps with returns. But, returns can be poisoned like indirect jumps, throwing us us back to 2018 again. Paper, demo, addendum, code @ https://t.co/XWzNp2kw2P
Excited to share that our proposal for a @dagstuhl seminar on "Microarchitectural attacks and defenses" has been accepted! Organizers: yours truly, @BloodyTangerine, @dkohlbre, and Chris Fletcher
Who to follow
Grant Ho
@granthotweet
Assistant Professor at @UChicagoCS.
Previously: Postdoc @UCSD_CSE, PhD @UCBerkeley, @nsfgrfp & @Facebook fellow. He/Him.
Gururaj Saileshwar
@gururajS92
Assistant Professor at University of Toronto.
Research in Computer Architecture and Security.
Zhou (Joe) Li
@lzcarl
Associate Professor at UCI EECS working on cyber-security and privacy. Opinions are my own.
This project was wild. @YingchenWang96 and @ricpacca knocked it out the park at every step. Check it out!
It is time to think about a different way of writing safe, timing-independent, code :)
We found a way to mount *remote timing* attacks on *constant-time* cryptographic code running on modern x86 processors. How is that possible? With #hertzbleed! Here is how it works (with @YingchenWang96).
https://t.co/SRUgBRQpu2
Please help distribute: I am hiring a postdoc to join my lab at @dukecompsci. Email me (with your CV) if you are interested in human-centered security and privacy, especially when it relates to data from medical/robotic application domains, and/or marginalized populations. 🙂
We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack.
Here’s how it works-
https://t.co/6Kz3jnRtwI
And now it is May 24th!
At (or remotely at) IEEE S&P? Check out @jose_vicarte 's talk on "Augury: Using Data Memory-Dependent Prefetchers to Leak Data at Rest" coming up shortly in Session 7A.
We found a way to leak data on Apple Silicon processors that is "at rest": that is, data the core never reads speculatively or non-speculatively.
This will be an odd one, so stick around for the 🧵 and see https://t.co/KCnw9PAlSS
For more information check out https://t.co/8DeBFWLcyF and go see the talk at
@IEEESSP 2022 by @jose_vicarte on May 24th
Today, GPZ and Google Cloud are releasing a technical report on a security research project in collaboration with AMD on their Secure Processor and the Secure Encrypted Virtualization feature. It includes some interesting bugs we found. Read the blog at https://t.co/CQjYeuw474
@kangadac For now it appears to be unique to Apple.
AWS Graviton 2 (neoverse N1 iirc) didn't seem to have the AoP DMP or similar in our testing.
@cutesmilee__ @matteyeux Probably :)
The challenge comes in finding an efficient way to recover the leaked pointer value via P+P or something.
We didn't get it working but I wouldn't be surprised if someone can.
@joseph_h_garvin Completely agree on prefetching being speculative.
We see the difference here because the DMP lives in the L2, not in the core. So, the core never speculatively reads the data, and never actually sees the line until it actually asks for it!
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers