CSE held its fifteenth annual CSE Graduate Student Honors Competition on November 7, 2018. The competition is the culmination of a process that narrows a field of entrants from each of the department research areas to a handful of finalists, each of whom gives a summary presentation on an area of their research. CSE faculty and an industry sponsor from Toyota Research Institute ranked the finalists’ presentations.
Top Presentation Chosen
The top presentation at this year’s competition was “Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution,” given by Ofir Weisse, who represented CSE’s Software research area.
About the Research
Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from a digital lockbox feature known as Intel Software Guard Extensions, or SGX, and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
Foreshadow-SGX: SGX is a new feature in modern Intel CPUs which allows computers to protect users’ data even if the entire system falls under the attacker’s control. While it was previously believed that SGX is resilient to speculative execution attacks (such as the previously documented Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine’s private attestation key.
Foreshadow Next Generation: While investigating the vulnerability that causes Foreshadow, Intel identified two related attacks, called Foreshadow-NG. These attacks can potentially be used to read any information residing in the L1 cache, including information belonging to the System Management Mode (SMM), the Operating System’s Kernel, or Hypervisor. Perhaps most devastating, Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. Finally, in some cases, Foreshadow-NG might bypass previous mitigations against speculative execution attacks, including countermeasures to Meltdown and Spectre.
Runners Up 2018
Runners up in this year’s competition were:
“Heterogeneous Memory Subsystem for Natural Graph Analytics”
“Hybrid Intelligence Systems for Understanding Digital and Physical Environments”
“Reliable Navigation in Dynamic Social Environments Using Multi-Policy Decision Making”
“Dynamics and Social Networks: Nonhomogeneous Kleinberg’s Small World Model and Myopic Routing”