Offensive Security Research in Computer Architecture Conferences
We rarely see attack papers published in architecture conferences. What is the benefit of publishing attacks? What makes an attack paper instructive and valuable?
Archive of posts tagged: Security
Freedom vs. Security in Computer Systems
Is it time to consider designing and operating computer systems with an “off-by-default” attitude to proactively defend against such attacks?
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)
What should vendors do when they discover that a hardware 0-day has been used to exploit systems built on their product? Some vulnerabilities may permit vendors to patch the vulnerability using microcode updates. For instance, a mitigation for the row hammer DRAM...
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)
What should academics do if they come across a hardware 0-day attack? Obviously, disseminate. But before the vulnerability is made public, it is important to responsibly disclose the vulnerability to the vendor to give them a chance to fix it. If the vendor determines...
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)
What should governments do when they discover a hardware 0-day? In the US, as a matter of policy, any vulnerability that is deemed to affect critical infrastructure is disclosed to the vendors by the government [VEP]. The government can hide vulnerabilities (and...Subscribe
