3rd INESC-ID Security & Privacy Talk by Sandro Pinto (Centro Algoritmi, UMinho)
On May 23, Sandro Pinto will present the 3rd INESC-ID Security & Privacy Talk titled: “You were BUSted!!! Microarchitectural Timing Side-Channel Attacks on Arm Microcontrollers are Practical”.
Date: May 23, 2024
Time: 15h00-16h00
Where: INESC-ID, Alves Redol Building, Auditorium (Room 9), Ground Floor
Abstract:
The discovery of Spectre and Meltdown has turned systems security upside down. These attacks have opened a novel frontier for exploration to hackers and shed light on the untapped potential of hidden transient states created by shared microarchitectural resources. Since then, we have witnessed the rise of a plethora of effective software-based microarchitectural timing side-channel attacks capable of breaking and bypassing the security (isolation) boundaries of numberless processors from mainstream CPU vendors (Intel, AMD, Arm). Notwithstanding, one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs). MCUs are shipped in billions annually and are at the heart of every embedded and IoT device. There is a common belief that MCUs are not vulnerable to these attacks because their microarchitecture is intrinsically simple.
In this talk, we present BUSted. BUSted is a novel side-channel attack that explores the side effects of the MCU bus interconnect arbitration logic to bypass security guarantees enforced by memory protection primitives. First, we provide evidence of the existence of this channel on multiple platforms. Then, we explain the building blocks, the overall methodology, and the main challenges we faced in successfully mounting the attack. To close our talk, we discuss and demonstrate how to bypass the isolation guarantees of TrustZone-M on a state-of-the-art MCU. We present this attack emulating a secure smart lock IoT application.
Bio:
Sandro Pinto is an Associate Research Professor at the University of Minho, Portugal. He holds a Ph.D. in Electronics and Computer Engineering. Sandro has a deep academic background and several years of industry collaboration focusing on operating systems, virtualization, and security for embedded and IoT systems. He has published 100+ scientific papers in top-tier conferences/journals (e.g., IEEE S&P Oakland, USENIX Security, Euro S&P) and is a skilled presenter with speaking experience in several high-profile conferences (e.g., Black Hat, HArdwear.io, RISC-V Summit). Sandro is a long-term supporter of open source. He co-founded the open-source Bao Project and is actively pushing for RISC-V.
About INESC-ID
INESC-ID, “Instituto de Engenharia de Sistemas e Computadores: Investigação e Desenvolvimento em Lisboa” is a Research and Development and Innovation Organization (R&D+i) in the fields of Computer Science and Electrical and Computer Engineering. INESC-ID mission is to produce added value to people and society, supporting the response of public policies to scientific, health, environmental, cultural, social, economic and political challenges. INESC-ID promotes cooperation between academia and industry by addressing research on daily life issues, such as healthcare, space, mobility, agri-food, industry 4.0, and smart grids. This high level of knowledge transfer is achieved through both competitive research projects and direct contracted research. Public and private entities have therefore access to a pool of knowledge, resources and services provided through the unique competencies available at the institution.
INESC-ID is supported by:
