PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

New CPU vulnerability makes virtual machine environments vulnerable

Researchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers

New CPU vulnerability makes virtual machine environments vulnerable
2023-11-14
(Press-News.org) In the area of cloud computing, i.e. on-demand access to IT resources via the internet, so-called trusted execution environments (TEEs) play a major role. They are designed to ensure that the data on the virtual work environments (virtual machines) is secure and cannot be manipulated or stolen. Researchers at the CISPA Helmholtz Centre for Information Security and Graz University of Technology (TU Graz) have now discovered a security vulnerability in AMD processors that allows attackers to penetrate virtual work environments based on the trusted computing technologies AMD SEV-ES and AMD SEV-SNP. This is achieved by resetting data changes in the buffer memory (cache), which gives the intruders unrestricted access to the system. They have chosen CacheWarp as the name for this software-based attack method.

CacheWarp turns back time in memory AMD Secure Encrypted Virtualisation (SEV) is a processor extension that provides secure separation between virtual machines and the underlying software, known as the hypervisor, for managing the required resources. AMD SEV encrypts the data on the virtual machine for this purpose. CacheWarp can be used to undo data modifications in this working environment and fool the system into believing it has an outdated status. This is problematic, for example, if a variable determines whether a user is successfully authenticated or not. Successful authentication is usually marked with “0”, which is, however, the same value with which the variable is initialised. If a potential attacker enters an incorrect password, the variable is overwritten with a value not equal to “0”. However, CacheWarp can be used to reset this variable to its initial status when it indicated successful authentication. This allows an attacker to establish an already authenticated session.

This is made possible by an unexpected interaction between CPU instructions and AMD-SEV, through which the cache can be reset to its old state. Once the attacker has gained access in this way, they can subsequently gain the full access rights of an administrator to the data in the virtual machine. During their tests, the researchers were able to take all the data located there, modify it and spread from the virtual machine further into the user’s infrastructure. They first bypassed the secure login and then overcame the barrier between normal user and administrator.

AMD provides update As is usual in such cases, the researchers informed the manufacturer concerned, in this case AMD, about the security vulnerability in advance so that it could take the necessary measures before the research results are published. AMD has identified CacheWarp under the identifier CVE-2023-20592 and is providing a microcode update that fixes the vulnerability. The manufacturer has published further information on this in the AMD Security Bulletin.

“Research in the field of microarchitectural attacks is fascinating because it very often reveals just how complex our modern computer systems have become,” says Andreas Kogler from the Institute of Applied Information Processing and Communications (IAIK) at TU Graz. “It’s amazing how the interplay of several factors makes it possible to extract or change data from such systems. Our work on CacheWarp shows how an attacker can make write accesses to the memory of the affected processors virtually forgotten. You can think of it like older USB sticks. If you overwrote a document there, but removed the stick before the end of the writing process, you could find parts of the old version instead of the new one the next time you plugged in and read the document.”

The research team led by Michael Schwarz from the CISPA Helmholtz Centre for Information Security has created its own website (cachewarpattack.com) to provide information on CacheWarp. The scientific paper entitled “CacheWarp: Software-based fault injection using selective state reset” is available on the site and has already been accepted for the “USENIX Security” conference 2024. The authors are: Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Michael Schwarz (all CISPA Helmholtz Centre for Information Security), Andreas Kogler (TU Graz) and Youheng Lü (independent).

This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.

END

[Attachments] See images for this press release:
New CPU vulnerability makes virtual machine environments vulnerable New CPU vulnerability makes virtual machine environments vulnerable 2

ELSE PRESS RELEASES FROM THIS DATE:

Peer educators play key role in new recipe development and testing

2023-11-14
Philadelphia, November 14, 2023 – Cooking and recipe demonstrations encourage healthy eating and adoption of unfamiliar foods by class participants. The research brief shared in the Journal of Nutrition Education and Behavior, published by Elsevier, demonstrates that valuable input by peer educators can be obtained through a hybrid home-use testing method. The process of recipe development involves sensory evaluation about the appearance, aroma, taste, texture, and flavor of the food. Although a controlled laboratory setting is the gold standard for evaluation because of consistent preparation and presentation of food, bringing peer educators to a ...

Advances and challenges in gene therapy for rare diseases

Advances and challenges in gene therapy for rare diseases
2023-11-14
New Rochelle, NY, November 13, 2023—A new review article in the peer-reviewed journal Human Gene Therapy summarizes the significant milestones in the development of gene therapy medicinal products that have facilitated the treatment of a significant number of rare diseases. The article also describes the challenges in the progress of gene therapy for rare diseases. Click here to read the article now. Juan Bueren, from Centro de Investigaciones Energéticas Medioambientalies y Tecnológicas (CIEMAT), ...

What factors influence PrEP prescribing behavior in health care providers?

2023-11-14
HIV pre-exposure prophylaxis (PrEP), a daily dose of two medications meant to prevent HIV infection in high-risk people, has changed public health dramatically in recent years. Yet, adolescents and young adults, one high-risk group, have shown slower uptake in using this prevention method. Despite accounting for around 20 percent of new HIV infections, adolescents and young adults between the ages of 13 and 24 are still largely not being prescribed PrEP. Research has described physician intentions to prescribe PrEP to at-risk young people, but no studies until now have focused on factors that may affect actual prescribing of this evidence-based ...

ASCE establishes Dan M. Frangopol Medal for Life-Cycle Civil Engineering of Civil Structures

ASCE establishes Dan M. Frangopol Medal for Life-Cycle Civil Engineering of Civil Structures
2023-11-14
The American Society of Civil Engineers (ASCE) recently instituted the Dan M. Frangopol Medal for Life-Cycle Engineering of Civil Structures in recognition of the Lehigh Engineering professor’s contributions as a pioneering researcher and educator and leading authority in the fields of life-cycle civil engineering and life-cycle cost optimization. The award pays tribute to Frangopol, the inaugural Fazlur R. Khan Endowed Chair of Structural Engineering and Architecture in the Department of Civil and Environmental Engineering ...

Webb Telescope’s Marcia Rieke awarded Catherine Wolfe Bruce Gold Medal

Webb Telescope’s Marcia Rieke awarded Catherine Wolfe Bruce Gold Medal
2023-11-14
Dr. Marcia Rieke, principal investigator for the Near-Infrared Camera on NASA’s James Webb Space Telescope is the Astronomical Society of the Pacific’s (ASP) 2023 recipient of its most prestigious award. ASP’s Catherine Wolfe Bruce Gold Medal honors Rieke, a Regents Professor of astronomy and Elizabeth Roemer Endowed Chair, Steward Observatory, at the University of Arizona. Rieke’s award and achievements was recognized at the ASP Awards Gala on Saturday, Nov. 11, in Redwood City, California. Groundbreaking Contributions Rieke’s research has focused on infrared observations of ...

Galactic ‘lightsabers’: Answering longstanding questions about jets from black holes

Galactic ‘lightsabers’: Answering longstanding questions about jets from black holes
2023-11-14
The one thing everyone knows about black holes is that absolutely everything nearby gets sucked into them. Almost everything, it turns out. “Even though black holes are defined as objects from which nothing can escape, one of the astonishing predictions of Einstein’s theory of relativity is that black holes can actually lose energy,” says astrophysicist Eliot Quataert, Princeton’s Charles A. Young Professor of Astronomy on the Class of 1897 Foundation. “They ...

Researchers identify unexpected twist while developing new polymer-based semiconductors

Researchers identify unexpected twist while developing new polymer-based semiconductors
2023-11-14
CHAMPAIGN, Ill. — A new study led by chemists at the University of Illinois Urbana-Champaign brings fresh insight into the development of semiconductor materials that can do things their traditional silicon counterparts cannot – harness the power of chirality, a non-superimposable mirror image. Chirality is one of nature’s strategies used to build complexity into structures, with the DNA double helix perhaps being the most recognized example – two molecule chains connected by a molecular “backbone” ...

Immigrants living in the U.S. have fewer preterm births

2023-11-14
Preterm birth predicts lifelong health outcomes Worsening preterm birth rates in the U.S. represent a ‘key metric to target to improve overall societal health’ Study identifies key differences among Asian and Hispanic subgroups Minority stress could contribute to inequities that begin at birth between populations in the U.S. CHICAGO --- Preterm birth rates are an important marker in assessing a country’s overall health. And the United States isn’t fairing very well. Individuals born in the U.S. had an overall higher rate (9.7%) of giving birth prematurely compared to U.S. immigrants (9%), a new Northwestern Medicine ...

When we see what others do, our brain sees not what we see, but what we expect

When we see what others do, our brain sees not what we see, but what we expect
2023-11-14
When we see what others do, our brain sees not what we see, but what we expect When we engage in social interactions, like shaking hands or having a conversation, our observation of other people’s actions is crucial. But what exactly happens in our brain during this process: how do the different brain regions talk to each other? Researchers at the Netherlands Institute for Neuroscience provide an intriguing answer: our perception of what others do depends more on what we expect to happen than previously believed.  For some time, researchers have been trying to understand how our brains process other people’s ...

Great results with emergency care adapted for pregnant women

Great results with emergency care adapted for pregnant women
2023-11-14
Increased vigilance for high blood pressure and diffuse stomach pain. These are some of the characteristics of emergency care adapted for pregnant women and new mothers. The model, which could become clinical routine throughout Sweden, is described in a thesis at the University of Gothenburg. The aim of the thesis was to reduce morbidity and mortality among pregnant women and new mothers seeking emergency care. Sweden has relatively low rates of pregnancy-related morbidity and mortality, but pregnant women and new mothers do not currently receive ...

LAST 30 PRESS RELEASES:

How can we reduce adolescent pregnancies in low- and middle-income countries?

When sun protection begets malnutrition: vitamin D deficiency in Japanese women

Cannabis use can cause chromosomal damage, increasing cancer risk and harming offspring

Survey finds many Americans apply misguided and counterproductive advice to combat holiday weight gain

New study reveals half a century of change on Britain’s iconic limestone pavements

Green flight paths could unlock sustainable aviation, new research suggests

Community partners key to success of vaccine clinic focused on neurodevelopmental conditions

Low-carbon collaborative dual-layer optimization for energy station considering joint electricity and heat demand response

McMaster University researchers uncover potential treatment for rare genetic disorders

The return of protectionism: The impact of the Sino-US trade war

UTokyo and NARO develop new vertical seed distribution trait for soybean breeding

Research into UK’s use of plastic packaging finds households ‘wishcycle’ rather than recycle – risking vast contamination

Vaccine shows promise against aggressive breast cancer

Adverse events affect over 1 in 3 surgery patients, US study finds

Outsourcing adult social care has contributed to England’s care crisis, argue experts

The Lancet: Over 800 million adults living with diabetes, more than half not receiving treatment, global study suggests

New therapeutic approach for severe COVID-19: faster recovery and reduction in mortality

Plugged wells and reduced injection lower induced earthquake rates in Oklahoma

Yin selected as a 2024 American Society of Agronomy Fellow

Long Covid could cost the economy billions every year

Bluetooth technology unlocks urban animal secrets

This nifty AI tool helps neurosurgeons find sneaky cancer cells

Treatment advances, predictive biomarkers stand to improve bladder cancer care

NYC's ride-hailing fee failed to ease Manhattan traffic, new NYU Tandon study reveals

Meteorite contains evidence of liquid water on Mars 742 million years ago

Self-reported screening helped reduce distressing symptoms for pediatric patients with cancer

Which risk factors are linked to having a severe stroke?

Opening borders for workers: Abe’s profound influence on Japan’s immigration regime

How skills from hospitality and tourism can propel careers beyond the industry

Research shows managers of firms handling recalls should review media scrutiny before deciding whether to lobby

[Press-News.org] New CPU vulnerability makes virtual machine environments vulnerable
Researchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers