CyLab Seminar: Riccardo Paccagnella
April 22, 2024
12:00 p.m. ET
Zoom or Hamburg Hall Room A301
April 22, 2024
12:00 p.m. ET
Zoom or Hamburg Hall Room A301
*Please note: this CyLab seminar is open only to partners and Carnegie Mellon University faculty, students, and staff.
Speaker:
Riccardo Paccagnella
Assistant Professor, Carnegie Mellon University Software and Societal Systems and the Department of Electrical and Computer Engineering
Talk Title:
Timing Attacks on Constant-Time Code
Abstract:
The past two decades have seen the discovery of a slew of side-channel attacks where an adversary exploits hardware features to leak software's sensitive data. These attacks have shaken the foundations of computer security and caused a disruption in the software industry. In response, constant-time programming has emerged as the prevailing mitigation strategy. This approach involves writing code so that its execution does not create timing differences depending on secrets, a practice now common in security-critical software.
In this talk, I will introduce some of the first side-channel attacks that can leak secrets even from correctly implemented constant-time code. First, I will present Hertzbleed, which exploits CPU frequency scaling to turn power side-channels attacks into remote timing attacks. Second, I will present GPU.zip, which exploits software-transparent compression to expose visual data processed on GPUs. Third, I will present GoFetch, which exploits modern prefetchers to induce secret-dependent loads of non-architecturally accessed memory.
Bio:
Riccardo Paccagnella is an Assistant Professor of Computer Science in Carnegie Mellon’s Software and Societal Systems department. He is a core faculty member of CyLab’s Security and Privacy Institute, with a courtesy appointment in the Electrical and Computer Engineering Department. He earned his Ph.D. in Computer Science at the University of Illinois Urbana-Champaign in 2023.
Paccagnella’s research interests lie in system and hardware security. His recent work has focused on uncovering and mitigating new classes of hardware vulnerabilities that undermine the prevailing models for building secure software. Paccagnella has also worked on improving the security of operating system audit frameworks.