Part of Systems Security Research Group at the Vrije Universiteit Amsterdam
Security Researcher at the Vrije Universiteit Amsterdam
Ben Gras & Kaveh Razavi
In the abstraction stack we are accustomed to, software relies on hardware to function properly and be a secure platform on which to develop systems software and applications.
In this talk we show how this assumption can break down. If the hardware fails us, all bets are off. The Rowhammer work (also known as Flip Feng Shui) shows how it is possible, using a hardware glitch (known as Rowhammer), to cause corruption on a co-hosted victim VM. A hardware glitch such as this is hard to aim (to cause the intended corruption reliably); with Flip Feng Shui we use an OS technique (memory deduplication) and repeatability to make the exploit targeted and reliable.
Ben Gras has been part of the systems security research group at the Vrije Universiteit Amsterdam since 2015. Previously, he was a scientific programmer working on the Minix operating system under Andy Tannenbaum for 10 years. He has published on various offensive security techniques and is currently pursuing a PhD in mischief.
Kaveh Razavi is a security researcher at the Vrije Universiteit Amsterdam in the Netherlands. He is currently mostly interested in reliable exploitation and mitigation of hardware vulnerabilities and side-channel attacks on OS/hardware interfaces. He has previously been part of a CERT team specializing on operating system security, has worked on authentication systems of a Swiss bank, and has spent two summers in Microsoft Research building large-scale system prototypes. He holds a BSc from Sharif University of Technology, Tehran, an MSc from ETH Zurich and a PhD from Vrije Universiteit Amsterdam.