One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 2031501 |
| Date de publication | 2020-11-12 14:00:00 (vue: 2020-11-12 22:05:19) |
| Titre | Intel SGX users need CPU microcode patch to block PLATYPUS secrets-leaking attack |
| Texte | Researchers have devised a new method that allows potential attackers to leak sensitive information such as encryption keys from the Linux kernel's memory and Intel SGX enclaves. The attack, dubbed PLATYPUS, abuses a legitimate CPU interface for monitoring and controlling the power consumption.[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ] "Using PLATYPUS, we demonstrate that we can observe variations in the power consumption to distinguish different instructions and different Hamming weights of operands and memory loads, allowing inference of loaded values," the team of researchers from the Graz University of Technology, the University of Birmingham in UK, and CISPA Helmholtz Center for Information Security said on a website dedicated to the attack. "PLATYPUS can further infer intra-cacheline control flow of applications, break KASLR, leak AES-NI keys from Intel SGX enclaves and the Linux kernel, and establish a timing-independent covert channel." |
| Envoyé | Oui |
| Condensat | abuses aes allowing allows applications article attack attackers birmingham block boost break cacheline can career center certifications: channel cispa click cold consumption control controlling cost covert cpu cso cyber dedicated demonstrate devised different distinguish dubbed enclaves encryption establish flow from full further give going graz hamming have helmholtz here hot independent infer inference information instructions intel interface intra kaslr keep kernel keys leak leaking legitimate linux loaded loads memory method microcode monitoring need new newsletters observe operands patch platypus please potential power read researchers said secrets security sensitive sgx sign such team technology they timing top trends university users using values variations website weights what which who your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.