Software-Based Power Side-Channel Attacks on X86
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Efficiently Mitigating Transient Execution Attacks Using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M
Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M. Frans Kaashoek, and Nickolai Zeldovich, MIT CSAIL https://www.usenix.org/conference/osdi20/presentation/behrens This paper is included in the Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation November 4–6, 2020 978-1-939133-19-9 Open access to the Proceedings of the 14th USENIX Symposium on Operating Systems Design and Implementation is sponsored by USENIX Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract Jonathan Behrens, Anton Cao, Cel Skeggs, Adam Belay, M. Frans Kaashoek, and Nickolai Zeldovich MIT CSAIL Abstract designers have implemented a range of mitigations to defeat transient execution attacks, including state flushing, selectively Today’s kernels pay a performance penalty for mitigations— preventing speculative execution, and removing observation such as KPTI, retpoline, return stack stuffing, speculation channels [5]. These mitigations impose performance over- barriers—to protect against transient execution side-channel heads (see §2): some of the mitigations must be applied at attacks such as Meltdown [21] and Spectre [16]. each privilege mode transition (e.g., system call entry and exit), To address this performance penalty, this paper articulates and some must be applied to all running code (e.g., retpolines the unmapped speculation contract, an observation that mem- for all indirect jumps). In some cases, they are so expensive ory that isn’t mapped in a page table cannot be leaked through that OS vendors have decided to leave them disabled by de- transient execution. To demonstrate the value of this contract, fault [2, 22]. -
Class-Action Lawsuit
Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 1 of 279 Steve D. Larson, OSB No. 863540 Email: [email protected] Jennifer S. Wagner, OSB No. 024470 Email: [email protected] STOLL STOLL BERNE LOKTING & SHLACHTER P.C. 209 SW Oak Street, Suite 500 Portland, Oregon 97204 Telephone: (503) 227-1600 Attorneys for Plaintiffs [Additional Counsel Listed on Signature Page.] UNITED STATES DISTRICT COURT DISTRICT OF OREGON PORTLAND DIVISION BLUE PEAK HOSTING, LLC, PAMELA Case No. GREEN, TITI RICAFORT, MARGARITE SIMPSON, and MICHAEL NELSON, on behalf of CLASS ACTION ALLEGATION themselves and all others similarly situated, COMPLAINT Plaintiffs, DEMAND FOR JURY TRIAL v. INTEL CORPORATION, a Delaware corporation, Defendant. CLASS ACTION ALLEGATION COMPLAINT Case 3:20-cv-00863-SI Document 1 Filed 05/29/20 Page 2 of 279 Plaintiffs Blue Peak Hosting, LLC, Pamela Green, Titi Ricafort, Margarite Sampson, and Michael Nelson, individually and on behalf of the members of the Class defined below, allege the following against Defendant Intel Corporation (“Intel” or “the Company”), based upon personal knowledge with respect to themselves and on information and belief derived from, among other things, the investigation of counsel and review of public documents as to all other matters. INTRODUCTION 1. Despite Intel’s intentional concealment of specific design choices that it long knew rendered its central processing units (“CPUs” or “processors”) unsecure, it was only in January 2018 that it was first revealed to the public that Intel’s CPUs have significant security vulnerabilities that gave unauthorized program instructions access to protected data. 2. A CPU is the “brain” in every computer and mobile device and processes all of the essential applications, including the handling of confidential information such as passwords and encryption keys. -
Download a PDF Version of the 2017 Annual Review
Front Back Cover for Avisan.qxp_Layout 1 11/15/17 1:27 PM Page 1 Secure Technology Alliance 191 Clarksville Road Princeton Junction, New Jersey 08550 Annual Review 2017 Alliance A Secure Publication Technology 7 Volume www.securetechalliance.org Annual Review 2017 SCA-ad 2017 resized.indd 1 10/30/2017 10:40:22 AM EXECUTIVE DIRECTOR’S LETTER: A MESSAGE FROM RANDY VANDERHOOF Delivering Value to a Diverse Market Thank you for taking the time to read the 2017 Annual Review. This publication captures the best aspects of the membership experience for 2017 that hundreds of individual members and their organizations helped to provide. This year was especially sig- nificant, as the organization expanded its mission beyond smart cards and was re-branded as the Secure Technology Alliance. The new name and scope allows the Alliance to include embedded chip technology, hardware and software, and the future of digital security in all forms. The vast number of deliverables and member-driven activities recorded in the publication illustrates the diversity of the markets we serve and the commitment of all the industry professionals who contribute their knowledge and leadership toward expanding the market for smart card and related secure chip technologies. CHANGE COMES WITH NEW OPPORTUNITIES The decision to expand the mission and rebrand the organization was driven THE DECISION TO EXPAND by the changes in the secure chip industry, mostly from mobile technol- ogy and the growth of Internet-connected devices. This does not mean the THE MISSION AND REBRAND market for smart cards has disappeared. In fact, over the last few years, the THE ORGANIZATION WAS U.S. -
Safe and Secure Model-Driven Design for Embedded Systems Letitia Li
Safe and secure model-driven design for embedded systems Letitia Li To cite this version: Letitia Li. Safe and secure model-driven design for embedded systems. Embedded Systems. Université Paris-Saclay, 2018. English. NNT : 2018SACLT002. tel-01894734 HAL Id: tel-01894734 https://pastel.archives-ouvertes.fr/tel-01894734 Submitted on 12 Oct 2018 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Approche Orientee´ Modeles` pour la Suretˆ e´ et la Securit´ e´ des Systemes` Embarques´ These` de doctorat de l’Universite´ Paris-Saclay prepar´ ee´ a` Telecom ParisTech Ecole doctorale n◦580 Denomination´ (STIC) NNT : 2018SACLT002 Specialit´ e´ de doctorat: Informatique These` present´ ee´ et soutenue a` Biot, le 3 septembre` 2018, par LETITIA W. LI Composition du Jury : Prof. Philippe Collet Professeur, Universite´ Coteˆ d’Azur President´ Prof. Guy Gogniat Professeur, Universite´ de Bretagne Sud Rapporteur Prof. Maritta Heisel Professeur, University Duisburg-Essen Rapporteur Prof. Jean-Luc Danger Professeur, Telecom ParisTech Examinateur Dr. Patricia Guitton -
Zerohack Zer0pwn Youranonnews Yevgeniy Anikin Yes Men
Zerohack Zer0Pwn YourAnonNews Yevgeniy Anikin Yes Men YamaTough Xtreme x-Leader xenu xen0nymous www.oem.com.mx www.nytimes.com/pages/world/asia/index.html www.informador.com.mx www.futuregov.asia www.cronica.com.mx www.asiapacificsecuritymagazine.com Worm Wolfy Withdrawal* WillyFoReal Wikileaks IRC 88.80.16.13/9999 IRC Channel WikiLeaks WiiSpellWhy whitekidney Wells Fargo weed WallRoad w0rmware Vulnerability Vladislav Khorokhorin Visa Inc. Virus Virgin Islands "Viewpointe Archive Services, LLC" Versability Verizon Venezuela Vegas Vatican City USB US Trust US Bankcorp Uruguay Uran0n unusedcrayon United Kingdom UnicormCr3w unfittoprint unelected.org UndisclosedAnon Ukraine UGNazi ua_musti_1905 U.S. Bankcorp TYLER Turkey trosec113 Trojan Horse Trojan Trivette TriCk Tribalzer0 Transnistria transaction Traitor traffic court Tradecraft Trade Secrets "Total System Services, Inc." Topiary Top Secret Tom Stracener TibitXimer Thumb Drive Thomson Reuters TheWikiBoat thepeoplescause the_infecti0n The Unknowns The UnderTaker The Syrian electronic army The Jokerhack Thailand ThaCosmo th3j35t3r testeux1 TEST Telecomix TehWongZ Teddy Bigglesworth TeaMp0isoN TeamHav0k Team Ghost Shell Team Digi7al tdl4 taxes TARP tango down Tampa Tammy Shapiro Taiwan Tabu T0x1c t0wN T.A.R.P. Syrian Electronic Army syndiv Symantec Corporation Switzerland Swingers Club SWIFT Sweden Swan SwaggSec Swagg Security "SunGard Data Systems, Inc." Stuxnet Stringer Streamroller Stole* Sterlok SteelAnne st0rm SQLi Spyware Spying Spydevilz Spy Camera Sposed Spook Spoofing Splendide -
Artificial Intelligence (AI) in Security Aspects of Industrie 4.0 Imprint
RESULT PAPER Artificial Intelligence (AI) in Security Aspects of Industrie 4.0 Imprint Publisher Federal Ministry for Economic Affairs and Energy (BMWi) Public Relations Division 11019 Berlin www.bmwi.de Editorial responsibility Plattform Industrie 4.0 Bertolt-Brecht-Platz 3 10117 Berlin Design PRpetuum GmbH, Munich Status February 2019 Image credits Gorodenkoff – Fotolia (title), ipopba – iStockphoto (p. 5, p. 6), matejmo– iStockphoto (p. 13, p. 17), monsitj – iStockphoto (p. 23) You can obtain this and other brochures from: Federal Ministry for Economic Affairs and Energy (BMWi) Public Relations Email: [email protected] www.bmwi.de Central ordering service: Tel.: +49 30 182722721 Fax: +49 30 18102722721 This brochure is published as part of the public relations work of the Federal Ministry for Economic Affairs and Energy. It is distributed free of charge and is not intended for sale. The distribution of this brochure at campaign events or at infor- mation stands run by political parties is prohibited, and political party-related information or advertising shall not be inserted in, printed on, or affixed to this publication. 2 Contents Introduction . 3. Management Summary . 4. 1. Artificial Intelligence: Definition and Categories ..................................................................................................................................................... 6 1.1 Historical development – Phases of artificial intelligence...................................................................................................................... -
Combined Management Report
15 Content Combined Management Report Our Group 16 Finances and strategy 16 2019 fiscal year 21 Business focus 22 Growth drivers 29 Group strategy 37 Human Resources strategy 39 The segments 40 Automotive 45 Industrial Power Control 49 Power Management & Multimarket 52 Digital Security Solutions 56 Research and development 60 Operations 62 Internal management system 65 Sustainability at Infineon 65 The Infineon share Our 2019 fiscal year 68 Group performance 68 Review of results of operations 73 Review of financial condition 76 Review of liquidity 79 Report on outlook, risk and opportunity 79 Outlook This report combines the Group Management 83 Risk and opportunity report Report of Infineon (“Infineon” or “Group”) – comprising Infineon Technologies AG (hereafter also referred to as “the Company”) and its 95 Overall statement on Infineon’s financial condition consolidated subsidiaries – and the Management 96 Infineon Technologies AG Report of Infineon Technologies AG. 99 Corporate Governance The Combined Management Report contains forward-looking statements about the business, 99 Information pursuant to section 289a, paragraph 1, financial condition and earnings performance and section 315a, paragraph 1, of Infineon. These statements are based on assumptions and projections based on currently of the German Commercial Code (HGB) available information and present estimates. They 102 Statement on Corporate Governance pursuant are subject to a multitude of uncertainties and risks. Actual business development may therefore to section 289f, 315d of the German Commercial differ materially from what has been expected. Code (HGB)/Corporate Governance Report Beyond disclosure requirements stipulated by law, Infineon does not undertake any obligation to 103 Compensation report update forward-looking statements. -
LVI-LFB: Scenarios 3 & 4
WHITEPAPER Security Load Value Injection in the Line Fill Buffers: How to Hijack Control Flow without Spectre www.bitdefender.com Contents Abstract .............................................................................................................................3 Introduction .......................................................................................................................3 Recap – Meltdown, Spectre & MDS .................................................................................4 Meltdown .................................................................................................................................4 Spectre ..................................................................................................................................... 4 Microarchitectural Data Sampling .......................................................................................... 5 Load Value Injection in the Line Fill Buffers ....................................................................5 Exploiting LVI-LFB: scenarios 3 & 4..................................................................................7 Real-life exploit ..................................................................................................................7 Mitigations .........................................................................................................................8 Conclusions .......................................................................................................................9 -
EAFE EQUITY 2020 Year End Report
EAFE EQUITY 2020 Year End Report COMPOSITE PERFORMANCE (% TOTAL RETURN) FOR PERIODS ENDED DECEMBER 31, 20201 SINCE 3 MONTHS 1 YEAR 3 YEARS2 5 YEARS2 10 YEARS2 INCEPTION2,3 HL EAFE EQUITY (GROSS OF FEES) 14.94 23.89 11.50 13.92 9.54 10.85 HL EAFE EQUITY (NET OF FEES) 14.82 23.26 10.91 13.32 8.92 10.23 MSCI EAFE INDEX4,5 16.09 8.28 4.79 7.96 6.00 6.80 1The Composite performance returns shown are preliminary; 2Annualized Returns; 3Inception Date: February 28, 2010; 4The Benchmark Index; 5Gross of withholding taxes. Please read the above performance in conjunction with the footnotes on the last page of this report. Past performance does not guarantee future results. All performance and data shown are in US dollar terms, unless otherwise noted. SECTOR EXPOSURE (%) WHAT'S INSIDE HL EAFE MSCI EAFE (UNDER) / OVER THE BENCHMARK Market Review › INFO TECHNOLOGY 21.3 8.9 After a turbulent year, and CASH 3.7 — despite an escalation in the global pandemic, international CONS STAPLES 14.2 11.0 stock markets rose dramatically HEALTH CARE 15.1 12.9 following positive results for COVID-19 vaccine trials. INDUSTRIALS 16.8 15.2 MATERIALS 9.4 7.9 Performance and Attribution › ENERGY 1.7 3.1 Sources of relative return by FINANCIALS 14.1 16.3 region and sector. REAL ESTATE 0.0 3.1 Perspective and Outlook › COMM SERVICES 1.3 5.2 We revisit our quaint worries from UTILITIES 0.0 3.9 a year ago about a “world turned upside down” by unsustainable CONS DISCRETIONARY 2.4 12.5 valuations and turn to some (14.0) (7.0) 0.0 7.0 14.0 newer concerns about regulatory threats to Big Tech. -
2015 Conference Program
Conference Program ESWEEK.ORG OCTOBER 4-9, 2015 AMSTERDAM SPONSORED BY: Welcome to ESWEEK 2015 in Amsterdam! Embedded Systems Week (ESWEEK) is the premier event covering all aspects of research topic priorities, the cost of security and who is willing to pay for it or possibly embedded systems and software. By bringing together three leading conferences (CASES, accept reduced comfort. CODES+ISSS, and EMSOFT), three symposia (ESTIMedia, IoT, and RSP) and several Thursday and Friday are the days for symposia and workshops. The two established workshops and tutorials, ESWEEK allows attendees to benefit from the whole range of symposia, ESTIMEDIA (Real-time Multimedia) and RSP (Rapid System Prototyping), embedded system topics in research and development. which have been part of ESWEEK for many years, are now accompanied by a third, new The 21 regular sessions with three papers each are complemented by 7 invited sessions symposium on the Internet-of-Things. The Workshop on Design, Modeling and Evaluation focusing on new research trends or challenges. The regular sessions and special sessions of Cyber Physical Systems, CyPhy, is an established event that has joined ESWEEK for the of the three conferences are organized in four parallel tracks. There is a strong emphasis first time, just like the Embedded Operating Systems Workshop, EWiLi. WESE (education) on interaction: At the end of each session, there is a poster presentation during which and WESS (security) have been with ESWEEK for a while. There is one new workshop on all presented papers are discussed with the authors. As always, the paper selection Resiliency in Embedded Electronic Systems, REES, that is organized for the first time. -
Recommendations for Implementing the Strategic Initiative INDUSTRIE 4.0
Securing the future of German manufacturing industry Recommendations for implementing the strategic initiative INDUSTRIE 4.0 Final report of the Industrie 4.0 Working Group April 2013 Imprint Authors Contact details / Marketing Communication Promoters Group of the Industry-Science Office of the Industry-Science Research Alliance Research Alliance: beim Stifterverband für die Deutsche Prof. Dr. Henning Kagermann Wissenschaft Ulrike Findeklee, M.A. National Academy of Science and Engineering [email protected] (Spokesperson of the Promoters Group) Prof. forschungsunion.de Dr. Wolfgang Wahlster German Research Center for Artificial Secretariat of the Platform Industrie 4.0 Intelligence Dr. Johannes Helbig Lyoner Straße 9 60528 Deutsche Post AG Frankfurt/Main kontakt@plattform- acatech – National Academy of Science and Engineering i40.de plattform-i40.de Editorial staff Ariane Hellinger, M.A. Veronika Stumpf, M.A. With the assistance of: Christian Kobsda, B.A. acatech – National Academy of Science and Engineering Publication date: April 2013 Copy editing Linda Treugut, M.A. acatech – National Academy of Science and Engineering English translation Joaquín Blasco Dr. Helen Galloway Layout and typesetting HEILMEYERUNDSERNAU QGESTALTUNG © Copyright reserved by the authors. All rights reserved. This heilmeyerundsernau.com work and all its parts are protected by copyright. Any use not explicitly permitted by copyright law shall require the written consent of the authors. Failure to obtain this consent may result Graphics in legal action. This applies in particular to reproductions, isotype.com translations, microfilming and storage in electronic systems. The HEILMEYERUNDSERNAU QGESTALTUNG authors are not liable for the accuracy of manufacturers’ data. Contents Contents Executive summary . .. .. 04 Working group members | Authors | Technical experts . -
Program & Exhibits Guide
FROM CHIPS TO SYSTEMS – LEARN TODAY, CREATE TOMORROW CONFERENCE PROGRAM & EXHIBITS GUIDE JUNE 24-28, 2018 | SAN FRANCISCO, CA | MOSCONE CENTER WEST Mark You Calendar! DAC IS IN LAS VEGAS IN 2019! MACHINE IP LEARNING ESS & AUTO DESIGN SECURITY EDA IoT FROM CHIPS TO SYSTEMS – LEARN TODAY, CREATE TOMORROW JUNE 2-6, 2019 LAS VEGAS CONVENTION CENTER LAS VEGAS, NV DAC.COM DAC.COM #55DAC GET THE DAC APP! Fusion Technology Transforms DOWNLOAD FOR FREE! the RTL-to-GDSII Flow GET THE LATEST INFORMATION • Fusion of Best-in-Class Optimization and Industry-golden Signoff Tools RIGHT WHEN YOU NEED IT. • Unique Fusion Data Model for Both Logical and Physical Representation DAC.COM • Best Full-flow Quality-of-Results and Fastest Time-to-Results MONDAY SPECIAL EVENT: RTL-to-GDSII Fusion Technology • Search the Lunch at the Marriott Technical Program • Find Exhibitors www.synopsys.com/fusion • Create Your Personalized Schedule Visit DAC.com for more details and to download the FREE app! GENERAL CHAIR’S WELCOME Dear Colleagues, be able to visit over 175 exhibitors and our popular DAC Welcome to the 55th Design Automation Pavilion. #55DAC’s exhibition halls bring attendees several Conference! new areas/activities: It is great to have you join us in San • Design Infrastructure Alley is for professionals Francisco, one of the most beautiful who manage the HW and SW products and services cities in the world and now an information required by design teams. It houses a dedicated technology capital (it’s also the city that Design-on-Cloud Pavilion featuring presentations my son is named after).