Back to Table of contents

Primeur weekly 2016-08-22

Special

ExaCT team shows how Legion S3D code is a tribute to co-design on the way to exascale supercomputing ...

Focus

Sunway TaihuLight's strengths and weaknesses highlighted by Jack Dongarra ...

Exascale supercomputing

Big PanDA tackles Big Data for physics and other future extreme scale scientific applications ...

Computer programming made easier ...

Quantum computing

Cryptographers from the Netherlands win 2016 Internet Defense Prize ...

Focus on Europe

STFC Daresbury Laboratory to host 2016 Hands-on Tutorial on CFD using open-source software Code_Saturne ...

Middleware

Germany joins ELIXIR ...

Columbus Collaboratory announces CognizeR, an Open Source R extension that accelerates data scientists' access to IBM Watson ...

Cycle Computing optimizes NASA tree count and climate impact research ...

GPU-accelerated computing made better with NVIDIA DCGM and PBS Professional ...

Hardware

Mellanox demonstrates accelerated NVMe over Fabrics at Intel Developers Forum ...

Nor-Tech has developed the first affordable supercomputers designed to be used in an office, rather than a data centre ...

NVIDIA CEO delivers world's first AI supercomputer in a box to OpenAI ...

AMD demonstrates breakthrough performance of next-generation Zen processor core ...

CAST and PLDA Group demonstrate x86-compliant high compression ratio GZIP acceleration on FPGA, accessible to non-FPGA experts using the QuickPlay software defined FPGA development tool ...

IBM Research - Almaden celebrates 30 years of innovation in Silicon Valley ...

Wiring reconfiguration saves millions for Trinity supercomputer ...

Cavium completes acquisition of QLogic ...

Applications

Soybean science blooms with supercomputers ...

NOAA launches America's first national water forecast model ...

Computers trounce pathologists in predicting lung cancer type, severity, researchers find ...

Star and planetary scientists get millions of hours on EU supercomputers ...

Bill Gropp named acting director of NCSA ...

Latest NERSC/Intel/Cray dungeon session yields impressive code speed-ups ...

User-friendly language for programming efficient simulations ...

New book presents how deep learning neural networks are designed ...

Liquid light switch could enable more powerful electronics ...

Energy Department to invest $16 million in computer design of materials ...

Pitt engineers receive grant to develop fast computational modelling for 3D printing ...

Environmental datasets help researchers double the number of microbial phyla known to be infected by viruses ...

Teaching machines to direct traffic through deep reinforcement learning ...

Simulations by PPPL physicists suggest that magnetic fields can calm plasma instabilities ...

New material discovery allows study of elusive Weyl fermion ...

New maths to predict dangerous hospital epidemics ...

Kx financial analytics technology tackles Big Data crop research at biotech leader Earlham Institute ...

The Cloud

New hacking technique imperceptibly changes memory virtual servers ...

New hacking technique imperceptibly changes memory virtual servers

11 Aug 2016 Amsterdam - For the first time ever a team of Dutch hacking experts, led by cyber security professor Herbert Bos at Vrije Universiteit Amsterdam, managed to alter the memory of virtual machines in the Cloud without a software bug, using a new attack technique.

With this technique an attacker can crack the keys of secured virtual machines or install malware without it being noticed. It's a new deduplication-based attack in which data can not only be viewed and leaked, but also modified using a hardware glitch. By doing so the attacker can order the server to install malicious and unwanted software or allow logins by unauthorized persons.

With the new attack technique Flip Feng Shui (FSS), an attacker rents a virtual machine on the same host as the victim. This can be done by renting many virtual machines until one of them lands next to the victim. A virtual machine in the Cloud is often used to run applications, test new software, or run a website. There are public (for everyone), community (for a select group) and private (for one organisation accessible) Clouds. The attacker writes a memory page that he knows exists in the victim on the vulnerable memory location and lets it deduplicate. As a result, the identical pages will be merged into one in order to save space - the information is, after all, the same. That page is stored in the same part of the memory of the physical computer. The attacker can now modify the information in the general memory of the computer. This can be done by triggering a hardware bug dubbed Rowhammer, which causes flip bits from 0 to 1 or vice versa, to seek out the vulnerable memory cells and change them.

The researchers of the Vrije Universiteit Amsterdam, who worked together with a researcher from the Catholic University of Leuven, describe in their research two attacks on the operating systems Debian and Ubuntu. The first FFS attack gained access to the virtual machines through weakening OpenSSH public keys. The attacker did this by changing the victim's public key with one bit. In the second attack, the settings of the software management application apt were adjusted by making minor changes to the URL from where apt downloads software. The server could then install malware that presents itself as a software update. The integrity check could be circumvented by making a small change to the public key that verifies the integrity of the apt-get software packages.

Debian, Ubuntu, OpenSSH and other companies included in the research were notified before the publication and all have responded. The National Cyber Security Centre (NSCS) of the Dutch government has issued a fact sheet containing information and advice on FFS.

The researchers presented their findings during the UNESIX Security Symposium 2016 in the United States. Recently they won the Oscar of hacking: the Pwnie for another attack technique that allows attackers to take over state-of-the-art software, such as the new Edge browser on Microsoft Windows, with all defences up, even if the software has no bugs. Moreover, they can do this from JavaScript in the browser.

The research paper is available at http://www.cs.vu.nl/~kaveh/pubs/pdf/ffs-usenixsec16.pdf

Source: Vrije Universiteit Amsterdam

Back to Table of contents

Primeur weekly 2016-08-22

Special

ExaCT team shows how Legion S3D code is a tribute to co-design on the way to exascale supercomputing ...

Focus

Sunway TaihuLight's strengths and weaknesses highlighted by Jack Dongarra ...

Exascale supercomputing

Big PanDA tackles Big Data for physics and other future extreme scale scientific applications ...

Computer programming made easier ...

Quantum computing

Cryptographers from the Netherlands win 2016 Internet Defense Prize ...

Focus on Europe

STFC Daresbury Laboratory to host 2016 Hands-on Tutorial on CFD using open-source software Code_Saturne ...

Middleware

Germany joins ELIXIR ...

Columbus Collaboratory announces CognizeR, an Open Source R extension that accelerates data scientists' access to IBM Watson ...

Cycle Computing optimizes NASA tree count and climate impact research ...

GPU-accelerated computing made better with NVIDIA DCGM and PBS Professional ...

Hardware

Mellanox demonstrates accelerated NVMe over Fabrics at Intel Developers Forum ...

Nor-Tech has developed the first affordable supercomputers designed to be used in an office, rather than a data centre ...

NVIDIA CEO delivers world's first AI supercomputer in a box to OpenAI ...

AMD demonstrates breakthrough performance of next-generation Zen processor core ...

CAST and PLDA Group demonstrate x86-compliant high compression ratio GZIP acceleration on FPGA, accessible to non-FPGA experts using the QuickPlay software defined FPGA development tool ...

IBM Research - Almaden celebrates 30 years of innovation in Silicon Valley ...

Wiring reconfiguration saves millions for Trinity supercomputer ...

Cavium completes acquisition of QLogic ...

Applications

Soybean science blooms with supercomputers ...

NOAA launches America's first national water forecast model ...

Computers trounce pathologists in predicting lung cancer type, severity, researchers find ...

Star and planetary scientists get millions of hours on EU supercomputers ...

Bill Gropp named acting director of NCSA ...

Latest NERSC/Intel/Cray dungeon session yields impressive code speed-ups ...

User-friendly language for programming efficient simulations ...

New book presents how deep learning neural networks are designed ...

Liquid light switch could enable more powerful electronics ...

Energy Department to invest $16 million in computer design of materials ...

Pitt engineers receive grant to develop fast computational modelling for 3D printing ...

Environmental datasets help researchers double the number of microbial phyla known to be infected by viruses ...

Teaching machines to direct traffic through deep reinforcement learning ...

Simulations by PPPL physicists suggest that magnetic fields can calm plasma instabilities ...

New material discovery allows study of elusive Weyl fermion ...

New maths to predict dangerous hospital epidemics ...

Kx financial analytics technology tackles Big Data crop research at biotech leader Earlham Institute ...

The Cloud

New hacking technique imperceptibly changes memory virtual servers ...