Fallout Canella, Claudio; Genkin, Daniel; Giner, Lukas ...
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security,
11/2019
Conference Proceeding
Odprti dostop
Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance ...overhead. Due to hardware fixes, these mitigations are disabled on recent processors. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
This paper analyzes a coordinated cyber-physical attack on power systems, which could lead to undetectable line outages. Coordinated with physical attacks that cause line outages, the two-step ...cyberattacks comprising topology preserving and load redistribution attacks could mask and potentially exasperate outages to trigger cascading failures. These coordinated cyber-physical attacks are analyzed in a proposed bilevel model, which aims at identifying the most damaging and undetectable physical attacks constrained by attackers' total budget. After being transformed into a mixed-integer linear programming problem, the proposed bilevel model is solved by a rigorous two-stage solution approach. This paper also discusses the relevant countermeasure strategies. The proposed model, the solution algorithm, and the effectiveness of countermeasures are examined by case studies based on the IEEE 14- and 118-bus test systems.
Strong adaptive radar, such as cognitive radar (CNR), can perform various missions while ensuring its own security in electronic warfare, via detecting environments and changing the radar parameters ...in real time. Unfortunately, most of the current military countermeasures, such as jamming-based electronic countermeasures, have rarely been related to jamming for CNR. Since the behaviours of radar in the traditional design of the jammer-radar scenario are always static, it is easy to create a subjective or local optimal jamming effect. In order to dynamically analyse the execution process of a complete jamming radar mission, this work establishes an equivalent attack-defence game in which the radar is regarded as a defence decision agent, and the jammer is an attack decision agent. The attributes of the game's players, the rules of the game, and the conditions for the end of the game are set clearly by setting reasonable parameters. After searching for antagonism strategies by exhaustive method, it can be found that the survivability of the predictive cognitive jamming is much stronger than that of the normal jamming based on real-time sampling data of radars. This conclusion is demonstrated through a 1 ms simulation of the game process.
Speculative Taint Tracking (STT) Yu, Jiyong; Yan, Mengjia; Khyzha, Artem ...
Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture,
10/2019
Conference Proceeding
Odprti dostop
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural ...covert channels. Since these attacks first rely on being able to read arbitrary data (potential secrets), a conservative approach to defeat all attacks is to delay the execution of instructions that read those secrets, until those instructions become non-speculative.
This paper's premise is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, which improves performance, as long as we can prove that the forwarded results do not reach potential covert channels. We propose a comprehensive hardware protection based on this idea, called Speculative Taint Tracking (STT), capable of protecting all speculatively accessed data.
Our work addresses two key challenges. First, to safely selectively forward secrets, we must understand what instruction(s) can form covert channels. We provide a comprehensive study of covert channels on speculative microarchitectures, and use this study to develop hardware mechanisms that block each class of channel. Along the way, we find new classes of covert channels related to implicit flow on speculative machines. Second, for performance, it is essential to disable protection on previously protected data, as soon as doing so is safe. We identify that the earliest time is when the instruction(s) producing the protected data become non-speculative, and design a novel microarchitecture for disabling protection at this moment.
We provide an extensive formal analysis showing that STT enforces a novel form of non-interference, with respect to all speculatively accessed data. We further evaluate STT on 21 SPEC and 9 PARSEC workloads, and find it adds only 8.5%/14.5% overhead (depending on attack model) relative to an insecure machine, while reducing overhead by 4.7×/18.8× relative to a baseline secure scheme.
Secure communication is crucial in the Internet Age, and quantum mechanics stands poised to revolutionize cryptography as we know it today. In this Review, we introduce the motivation and the current ...state of the art of research in quantum cryptography. In particular, we discuss the present security model together with its assumptions, strengths and weaknesses. After briefly introducing recent experimental progress and challenges, we survey the latest developments in quantum hacking and countermeasures against it.
The development of the digital radio frequency memory (DRFM) has led to the interrupted sampling repeater jamming (ISRJ) becoming increasingly popular in electronic countermeasure (ECM). It is ...coherent with the emitted signal and extremely limits radar target detection which significantly obstructs radar electronic countercountermeasure (ECCM). In this paper, we study the ISRJ suppression for pseudo random code continuous wave (PRC-CW) radars. First, the relationship between the ISRJ and the radar waveform is obtained by analyzing the ISRJ principle. Second, the intermittent feature of the ISRJ with matched filter sliding is discussed and used to determine the retransmitted sampled slices (RSS). Third, the jamming signal is reconstructed using the minimum residual criterion and excluded from the echo signal. In the proposed method, we make the most of the information of the jamming signal for improving the anti-ISRJ performance in the low SNR regimes. This information pertains to the amplitude of the jamming signal being considerably higher than that of the real target signal. Fourth, utilizing this characteristic of the jamming signal, we propose an improved sliding matched filter method based on the RSS reconstruction. Last, numerical simulations illustrate the effectiveness of the proposed method and validation of the theoretical analysis.
Rapid technological advances are currently being misused by some people to sell abortion drugs, this mode of selling abortion drugs is a type of crime that is difficult to prosecute because of the ...limitations of the rules in the Criminal Code. The problems in writing this thesis are first, how are the police efforts in tackling the crime of selling abortion drugs through social media, secondly what are the inhibiting factors for the police in overcoming the sale of abortion products through social media. The method used in this research is using a normative juridical approach and an empirical juridical approach. Types of data consist of primary data and secondary data. the results of research and discussion obtained by the police's efforts in dealing with criminal acts The sale of abortion drugs through social media is the first through penal and non-penal efforts. The inhibiting factors for police efforts in overcoming the crime of selling abortion drugs through online media are the first, the lack of infrastructure facilities owned by the police IT, secondly, the human resources of the police in using the available facilities are not maximized, there is no legal awareness of the community and the indifferent attitude of the community. to the problem of selling abortion drugs through social media.
This article describes recent advances in the use of neurosteroids as novel anticonvulsants for refractory status epilepticus (RSE) and as medical countermeasures (MCs) for organophosphates and ...chemical nerve agents (OPNAs). We highlight a comprehensive 15-year journey to bring the synthetic neurosteroid ganaxolone (GX) from bench to clinic. RSE, including when caused by nerve agents, is associated with devastating morbidity and permanent long-term neurologic dysfunction. Although recent approval of benzodiazepines such as intranasal midazolam and intranasal midazolam offers improved control of acute seizures, novel anticonvulsants are needed to suppress RSE and improve neurologic function outcomes. Currently, few anticonvulsant MCs exist for victims of OPNA exposure and RSE. Standard-of-care MCs for postexposure treatment include benzodiazepines, which do not effectively prevent or mitigate seizures resulting from nerve agent intoxication, leaving an urgent unmet medical need for new anticonvulsants for RSE. Recently, we pioneered neurosteroids as next-generation anticonvulsants that are superior to benzodiazepines for treatment of OPNA intoxication and RSE. Because GX and related neurosteroids that activate extrasynaptic GABA-A receptors rapidly control seizures and offer robust neuroprotection by reducing neuronal damage and neuroinflammation, they effectively improve neurologic outcomes after acute OPNA exposure and RSE. GX has been selected for advanced, Biomedical Advanced Research and Development Authority-supported phase 3 trials of RSE and nerve agent seizures. In addition, in mechanistic studies of neurosteroids at extrasynaptic receptors, we identified novel synthetic analogs with features that are superior to GX for current medical needs. Development of new MCs for RSE is complex, tedious, and uncertain due to scientific and regulatory challenges. Thus, further research will be critical to fill key gaps in evaluating RSE and anticonvulsants in vulnerable (pediatric and geriatric) populations and military persons. SIGNIFICANCE STATEMENT: Following organophosphate and nerve agent intoxication, refractory status epilepticus (RSE) occurs despite benzodiazepine treatment. RSE occurs in 40% of status epilepticus patients, with a 35% mortality rate and significant neurological morbidity in survivors. To treat RSE, neurosteroids are better anticonvulsants than benzodiazepines. Our pioneering use of neurosteroids for RSE and nerve agents led us to develop ganaxolone as a novel anticonvulsant and neuroprotectant with significantly improved neurological outcomes. This article describes the bench-to-bedside journey of bringing neurosteroid therapy to patients, with ganaxolone leading the way.
ZombieLoad Schwarz, Michael; Lipp, Moritz; Moghimi, Daniel ...
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security,
11/2019
Conference Proceeding
In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger ...isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient-execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer.
In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. In contrast to concurrent attacks on the fill buffer, we are the first to report data leakage of recently loaded and stored stale values across logical cores even on Meltdown- and MDS-resistant processors. Hence, despite Intel's claims, we show that the hardware fixes in new CPUs are not sufficient. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent at least the most-powerful cross-hyperthread attack scenarios on current processors, as Intel's software fixes are incomplete.
Research on ecosystem services (ESs) has increased substantially in recent decades, but the findings have been slow to affect actual management, perhaps because most studies to date have neglected ...ESs supply and demand coupling mechanisms. Human reliance on ESs is due to the capacity of the landscape to supply services, but also to a societal need for these services. Sustainable land management requires supply and demand mismatches to be reconciled and the needs of different stakeholders to be balanced. Explicit spatial mapping of ESs supply and demand associated with land use changes can provide relevant insights for enhancing land management in urban areas. The emphasis is now shifting to enhancing sustainable land use, to ensure that supply meets or exceeds demand. In this study, a comprehensive framework comprising four core steps for quantifying ESs supply and demand changes associated with land use changes was developed and applied in a case study on Shanghai municipality, on the basis of environmental quality standards and policy goals. The balance thresholds of ESs supply and demand were derived by regression analysis between ESs and land use/land cover types. The results revealed large spatial heterogeneity in supply and demand for four key ESs tested: carbon sequestration, water retention, particulate (PM10) removal and recreation. Carbon sequestration, water retention and recreation services all showed major shortfalls in supply that changed dramatically with urban land use change. This is valuable empirical evidence and has timely policy implications for management in a rapid urbanising world.
Display omitted
•Framework for linking ecosystem services supply and demand is presented.•PM10 removal service is in a state of surplus while the other three have shortfalls.•The ecosystem services assessed had spatial heterogeneity in supply and demand.•The balance thresholds of ecosystem services supply and demand were derived.•Countermeasures to help reduce shortfalls and mismatches are suggested.
PDF
