Are you over 18 and want to see adult content?
More Annotations
A complete backup of murraysautoclinics.com
Are you over 18 and want to see adult content?
A complete backup of venyveras6.tumblr.com
Are you over 18 and want to see adult content?
A complete backup of zhaoshang.tmall.com
Are you over 18 and want to see adult content?
A complete backup of hipaajournal.com
Are you over 18 and want to see adult content?
A complete backup of akademiaalexandra.sk
Are you over 18 and want to see adult content?
Favourite Annotations
A complete backup of dndadventurersleague.org
Are you over 18 and want to see adult content?
A complete backup of pr7acc.blogspot.com
Are you over 18 and want to see adult content?
A complete backup of upliftconnect.com
Are you over 18 and want to see adult content?
A complete backup of bibliotecadelmaestro.com
Are you over 18 and want to see adult content?
A complete backup of virtualarkansas.org
Are you over 18 and want to see adult content?
Text
ABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoANC - VUSEC
Address Space Layout Randomization Address space layout randomization or ASLR in short is a first line of defense against attackers targeting Internet users. ASLR randomizes the location of an application’s code and data in the virtual address space in order to make it difficult for attackers to leak or manipulate the data or reuse the Continue reading AnC →TRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →SMASH - VUSEC
SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate theexploit chain.
CRISTIANO GIUFFRIDA
TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes →KAVEH RAZAVI
Contact Details Email address kaveh@ethz.ch Twitter @kavehrazavi Phone +31 20 598 7907 Office 11A-57 Mailing address Kaveh Razavi Dept of Computer Science NU building, Vrije Universiteit Amsterdam De Boelelaan 1111 1081 HV, Amsterdam The Netherlands I have recently moved from VUSec to ETH Zürich. You can find my new page here. About me I am Continue reading Kaveh Razavi → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nl CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nlABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoANC - VUSEC
Address Space Layout Randomization Address space layout randomization or ASLR in short is a first line of defense against attackers targeting Internet users. ASLR randomizes the location of an application’s code and data in the virtual address space in order to make it difficult for attackers to leak or manipulate the data or reuse the Continue reading AnC →TRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →SMASH - VUSEC
SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate theexploit chain.
CRISTIANO GIUFFRIDA
TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes →KAVEH RAZAVI
Contact Details Email address kaveh@ethz.ch Twitter @kavehrazavi Phone +31 20 598 7907 Office 11A-57 Mailing address Kaveh Razavi Dept of Computer Science NU building, Vrije Universiteit Amsterdam De Boelelaan 1111 1081 HV, Amsterdam The Netherlands I have recently moved from VUSec to ETH Zürich. You can find my new page here. About me I am Continue reading Kaveh Razavi → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nl CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nlPROJECTS - VUSEC
Binary Armoring CodeArmor A binary-level solution for high-frequency code re-randomization. TypeArmor A binary-level solution against advanced code-reuse attacks. MvArmor Secure and efficient Multivariant execution for binaries. PathArmor A practical context-sensitive CFI solution for binaries. StackArmor A binary-level solution against stack-based memory errors. Binary and Malware AnalysisNETCAT - VUSEC
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients Continue reading NetCAT →ANC - VUSEC
Address Space Layout Randomization Address space layout randomization or ASLR in short is a first line of defense against attackers targeting Internet users. ASLR randomizes the location of an application’s code and data in the virtual address space in order to make it difficult for attackers to leak or manipulate the data or reuse the Continue reading AnC → RAGE AGAINST THE MACHINE CLEAR Floating-Point Machine Clear. The Floating Point Unit (FPU) in modern x86 processors assume to operate on normal numbers representable with specific precision (i.e. fast path), thus floating-point operations such as Z=X/Y in Figure 2 are executed “blindly” assuming both the operands and result are normal numbers. In the case of either the operands or the result is a denormal number (slowSMASH - VUSEC
SMASH is a new JavaScript-based attack that gives the attacker an arbitrary read and write primitive in the browser. It does not rely on software vulnerabilities or bugs, but instead takes advantage of the much harder to mitigate Rowhammer bug in hardware to initiate theexploit chain.
KAVEH RAZAVI
Contact Details Email address kaveh@ethz.ch Twitter @kavehrazavi Phone +31 20 598 7907 Office 11A-57 Mailing address Kaveh Razavi Dept of Computer Science NU building, Vrije Universiteit Amsterdam De Boelelaan 1111 1081 HV, Amsterdam The Netherlands I have recently moved from VUSec to ETH Zürich. You can find my new page here. About me I am Continue reading Kaveh Razavi → PIBE: PRACTICAL KERNEL CONTROL-FLOW HARDENING WITH PROFILE PIBE: Practical Kernel Control-Flow Hardening with Profile-Guided Indirect ASPLOS ’21, April 19ś23, 2021, Virtual, USA speculative pollution of the RSB (RSB entries pushed by specula- KMVX: DETECTING KERNEL INFORMATION LEAKS WITH MULTI Detecting Kernel Information Leaks with Multi-variant Execution ASPLOS’19, April 13–17, 2019, Providence, RI, USA Multi-variant execution kMVX draws from user space TRANSLATION LEAK-ASIDE BUFFER: DEFEATING CACHE SIDE resolution, visualized in a memorygram in . Closely related is FLUSH+RELOAD, which relies on the victim and the attacker physically sharing memory pages, so SPECULATIVE PROBING: HACKING BLIND IN THE SPECTRE ERA Speculative Probing: Hacking Blind in the Spectre Era Enes Göktaş egoktas@stevens.edu Stevens Institute of Technology Kaveh Razavikaveh@ethz.ch
ABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoPEOPLE - VUSEC
Stephan van Schaik. Natalie Xianya Mi. Ben Gras. Dennis Andriesse. Lucian Cojocar. Victor van der Veen. Marco Oliverio. Sanjay Rawat. Elias Athanasopoulos.STUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects →TRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nl NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nl KMVX: DETECTING KERNEL INFORMATION LEAKS WITH MULTI Detecting Kernel Information Leaks with Multi-variant Execution ASPLOS’19, April 13–17, 2019, Providence, RI, USA Multi-variant execution kMVX draws from user space TRRESPASS: EXPLOITING THE MANY SIDES OF TARGET ROW REFRESH TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo yEmanuele Vannacci Hasan Hassanx Victor van der Veen{ Onur Mutlux Cristiano Giuffrida Herbert Bos Kaveh Razavi Vrije Universiteit Amsterdam xETH Zurich¨ {Qualcomm Technologies Inc. yEqual contribution joint first authors Abstract—After a plethora of high-profile RowHammer at-ABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoPEOPLE - VUSEC
Stephan van Schaik. Natalie Xianya Mi. Ben Gras. Dennis Andriesse. Lucian Cojocar. Victor van der Veen. Marco Oliverio. Sanjay Rawat. Elias Athanasopoulos.STUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects →TRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nl NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nl KMVX: DETECTING KERNEL INFORMATION LEAKS WITH MULTI Detecting Kernel Information Leaks with Multi-variant Execution ASPLOS’19, April 13–17, 2019, Providence, RI, USA Multi-variant execution kMVX draws from user space TRRESPASS: EXPLOITING THE MANY SIDES OF TARGET ROW REFRESH TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo yEmanuele Vannacci Hasan Hassanx Victor van der Veen{ Onur Mutlux Cristiano Giuffrida Herbert Bos Kaveh Razavi Vrije Universiteit Amsterdam xETH Zurich¨ {Qualcomm Technologies Inc. yEqual contribution joint first authors Abstract—After a plethora of high-profile RowHammer at-PROJECTS - VUSEC
Binary Armoring CodeArmor A binary-level solution for high-frequency code re-randomization. TypeArmor A binary-level solution against advanced code-reuse attacks. MvArmor Secure and efficient Multivariant execution for binaries. PathArmor A practical context-sensitive CFI solution for binaries. StackArmor A binary-level solution against stack-based memory errors. Binary and Malware AnalysisSTUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects → RAGE AGAINST THE MACHINE CLEAR Floating-Point Machine Clear. The Floating Point Unit (FPU) in modern x86 processors assume to operate on normal numbers representable with specific precision (i.e. fast path), thus floating-point operations such as Z=X/Y in Figure 2 are executed “blindly” assuming both the operands and result are normal numbers. In the case of either the operands or the result is a denormal number (slowHERBERT BOS
Herbert Bos is full professor at the Vrije Universiteit Amsterdam and co-leads the VUSec Systems Security research group with Cristiano Giuffrida and Erik van der Kouwe.. He obtained an ERC Starting Grant to work on reverse engineering and an NWO VICI grant to work on vulnerability detection. PIBE: PRACTICAL KERNEL CONTROL-FLOW HARDENING WITH PROFILE PIBE: Practical Kernel Control-Flow Hardening with Profile-Guided Indirect ASPLOS ’21, April 19ś23, 2021, Virtual, USA speculative pollution of the RSB (RSB entries pushed by specula- NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nl KMVX: DETECTING KERNEL INFORMATION LEAKS WITH MULTI Detecting Kernel Information Leaks with Multi-variant Execution ASPLOS’19, April 13–17, 2019, Providence, RI, USA Multi-variant execution kMVX draws from user space TRANSLATION LEAK-ASIDE BUFFER: DEFEATING CACHE SIDE resolution, visualized in a memorygram in . Closely related is FLUSH+RELOAD, which relies on the victim and the attacker physically sharing memory pages, so TAGBLEED: BREAKING KASLR ON THE ISOLATED KERNEL ADDRESS table 1. kaslr entropy in linux 4.19.4 for the kernel image, kernel modules and page offset, vmmalloc and vmemmap. the number of possible slots for the kernel image are dependent on the size of the kernel image.the entropy and end address for page offset depends on whether five page table levels are supported and how much physical memory is available. start address end address entropy possible SECURE PAGE FUSION WITH VUSION Secure Page Fusion with VUsion SOSP ’17, October 28, 2017, Shanghai, China 2.1 Linux Kernel Same-page Merging The Linux kernel fuses memory pages in its KSM subsystem.ABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoPROJECTS - VUSEC
Binary Armoring CodeArmor A binary-level solution for high-frequency code re-randomization. TypeArmor A binary-level solution against advanced code-reuse attacks. MvArmor Secure and efficient Multivariant execution for binaries. PathArmor A practical context-sensitive CFI solution for binaries. StackArmor A binary-level solution against stack-based memory errors. Binary and Malware AnalysisPEOPLE - VUSEC
Stephan van Schaik. Natalie Xianya Mi. Ben Gras. Dennis Andriesse. Lucian Cojocar. Victor van der Veen. Marco Oliverio. Sanjay Rawat. Elias Athanasopoulos.STUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects → NETCAT - VUSECSEE MORE ON VUSEC.NETTRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nl NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nlABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is alsoPROJECTS - VUSEC
Binary Armoring CodeArmor A binary-level solution for high-frequency code re-randomization. TypeArmor A binary-level solution against advanced code-reuse attacks. MvArmor Secure and efficient Multivariant execution for binaries. PathArmor A practical context-sensitive CFI solution for binaries. StackArmor A binary-level solution against stack-based memory errors. Binary and Malware AnalysisPEOPLE - VUSEC
Stephan van Schaik. Natalie Xianya Mi. Ben Gras. Dennis Andriesse. Lucian Cojocar. Victor van der Veen. Marco Oliverio. Sanjay Rawat. Elias Athanasopoulos.STUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects → NETCAT - VUSECSEE MORE ON VUSEC.NETTRRESPASS - VUSEC
Project Description Rowhammer haunted us for the better part of the past decade. Most DDR3 modules were found to be susceptible to this vulnerability which can compromise data directly inside the memory cells. What made it so scary was the fact that it could be exploited from software on PCs, clouds, smartphones, over the web Continue reading TRRespass →TADDEÜS KROES
About me I have been a PhD student in this group since 2015. My main research interests are binary reverse-engineering, compilers and memory safety. I have done work on lifting binaries to LLVM, and on (source-level) program instrumentation in the compiler to do bounds checking. I also wrote an instrumentation framework for program instrumentation and Continue reading Taddeüs Kroes → GRAND PWNING UNIT: ACCELERATING MICROARCHITECTURAL ATTACKS WebGL: WebGL is the result of the increasing demand of porting the aforementioned graphically intensive applications to the Web. This API exposes the GPU-accelerated rendering CROSSTALK: SPECULATIVE DATA LEAKS ACROSS CORES ARE REAL CROSSTALK: Speculative Data Leaks Across Cores Are Real Hany Ragab y, Alyssa Milburn , Kaveh Razavix, Herbert Bos , and Cristiano Giuffrida Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands fhany.ragab,a.a.milburng@vu.nl fherbertb,giuffridag@cs.vu.nl NETCAT: PRACTICAL CACHE ATTACKS FROM THE NETWORK NetCAT: Practical Cache Attacks from the Network Michael Kurthx, Ben Gras , Dennis Andriesse , Cristiano Giuffrida , Herbert Bos , and Kaveh Razavi Department of Computer Science Vrije Universiteit Amsterdam, The Netherlands m.kurth@vu.nl, beng@cs.vu.nl, da.andriesse@few.vu.nlPROJECTS - VUSEC
Binary Armoring CodeArmor A binary-level solution for high-frequency code re-randomization. TypeArmor A binary-level solution against advanced code-reuse attacks. MvArmor Secure and efficient Multivariant execution for binaries. PathArmor A practical context-sensitive CFI solution for binaries. StackArmor A binary-level solution against stack-based memory errors. Binary and Malware AnalysisNEWS - VUSEC
TRRespass shows for the first time that state-of-the-art DDR4 DRAM from all major vendors is still vulnerable to practical Rowhammer attacks even though vendors previously claimed their products were Rowhammer-free. After our PWNIEs for Dedup Est Machina, AnC, and DRAMMER, we now have a stable of four, all equally gorgeous. TRRespass previously also won the Best Paper Award at IEEESTUDENT PROJECTS
This page contains information about Master and Bachelor projects in our group. Please read the text below and, if you are interested in doing a project with us, reach out at faculty@vusec.net. Please include in your email: in the subject. Your attached grade list and (optionally) a CV. A mention to the student project Continue reading Student projects →NETCAT - VUSEC
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients Continue reading NetCAT →PUBLICATIONS
Systems and Network Security Group at VU Amsterdam. Recent Tweets.Recent Tweets
ANC - VUSEC
Address Space Layout Randomization Address space layout randomization or ASLR in short is a first line of defense against attackers targeting Internet users. ASLR randomizes the location of an application’s code and data in the virtual address space in order to make it difficult for attackers to leak or manipulate the data or reuse the Continue reading AnC → RAGE AGAINST THE MACHINE CLEAR Floating-Point Machine Clear. The Floating Point Unit (FPU) in modern x86 processors assume to operate on normal numbers representable with specific precision (i.e. fast path), thus floating-point operations such as Z=X/Y in Figure 2 are executed “blindly” assuming both the operands and result are normal numbers. In the case of either the operands or the result is a denormal number (slow THREATS TO VALIDITY AND RELEVANCE IN SECURITY RESEARCH Threats to Validity and Relevance in Security Research. When reviewing papers and projects, we notice that many authors make the same mistakes. These mistakes undermine the claims in the papers, sometimes to the point of invalidating them. As a result, we find ourselves writing the same comments over and over again. SPECULATIVE PROBING: HACKING BLIND IN THE SPECTRE ERA Speculative Probing: Hacking Blind in the Spectre Era Enes Göktaş egoktas@stevens.edu Stevens Institute of Technology Kaveh Razavikaveh@ethz.ch
ABOUT VUSEC
About VUSec - VUSec
VUSEC
Search Primary Menu Skip to content* About VUSec
* People
* Faculty
* PhD Students
* Support
* Alumni
* Projects
* Binary Armoring
* Binary and Malware Analysis * Hardware Vulnerabilities* Mobile Security
* Side Channels
* Software Exploitation * Software Reliability* Software Testing
* Publications
* News
* Join
* Student projects
* Funding
* Contacts
Search for:
ABOUT VUSEC
VUSec is the Systems and Network Security Group at Vrije Universiteit Amsterdam and one of the larger groups in the Computer Science department at the VU. Our research covers all aspects of system-level security and reliability, including topics such as software hardening, exploitation, binary analysis, dependable systems, software testing, side channels, and reverse engineering. VUSec is also part of AMSec (Amsterdam Cyber Security Center). Check out the upcoming AMSec workshop here.
The group’s focus is on “research that matters”, by which we mean research that has impact either on the research community, or on society as whole. In the past, we actively contributed to the take-down of criminal infrastructures (botnets), and made available a wide range of tools and systems to benefit researchers and industry alike. Some of our activities hit the news . Academically, we regularly publish our research in the top venues in systems security (S&P, CCS, USENIX Sec, NDSS, etc.). See our publications . We are proud that VUSec has won multiple prestigious grants (ERC, VICI, multiple VENIs), a VMware Early Career Faculty Award,
a Dennis M. Ritchie Ph.D. Award , three Pwnie Awards(one in 2016
, two in 2017
), and no fewer than five Roger Needham Ph.D. Awards for best Ph.D. in systems in Europe. Most importantly, VUSec puts “computer systems” and “systems security” into the focus of study.VUSec with dog.
VUSec without dog.
SYSTEMS AND NETWORK SECURITY GROUP AT VU AMSTERDAMRECENT TWEETS
RECENT POSTS
The header
ASPLOS'19 lightning talk - kMVX: Detecting Kernel Information Leaks with Multi-variant Execution kMVX: Detecting Kernel Information Leaks with Multi-variant Execution Paper available at: https://www.cs.vu.nl/~herbertb/download/papers/kmvx_asplos19.pdf YouTube | April 2, 2020 XLATE + PROBE (counter) Two programs are running on their own CPU core and use the cache as a covert channel to communicate with each other. Both the sender and the receiver maintain their own 8-bit counter to verify this... YouTube | April 2, 2020 FLUSH + RELOAD (text) Two programs are running on their own CPU core and use the cache as a covert channel to communicate with each other. The sender repeatedly sends "Hello, this is the covert channel speaking.". The r... YouTube | April 2, 2020 PRIME + PROBE (text) Two programs are running on their own CPU core and use the cache as a covert channel to communicate with each other. The sender repeatedly sends "Hello, this is the covert channel speaking.". The r... YouTube | April 2, 2020 parmesan ParmeSan: Sanitizer-guided Greybox Fuzzing GitHub | March 24, 2020 Proudly powered by WordPressDetails
Copyright © 2024 ArchiveBay.com. All rights reserved. Terms of Use | Privacy Policy | DMCA | 2021 | Feedback | Advertising | RSS 2.0