(Press-News.org) In the area of cloud computing, i.e. on-demand access to IT resources via the internet, so-called trusted execution environments (TEEs) play a major role. They are designed to ensure that the data on the virtual work environments (virtual machines) is secure and cannot be manipulated or stolen. Researchers at the CISPA Helmholtz Centre for Information Security and Graz University of Technology (TU Graz) have now discovered a security vulnerability in AMD processors that allows attackers to penetrate virtual work environments based on the trusted computing technologies AMD SEV-ES and AMD SEV-SNP. This is achieved by resetting data changes in the buffer memory (cache), which gives the intruders unrestricted access to the system. They have chosen CacheWarp as the name for this software-based attack method.
CacheWarp turns back time in memory
AMD Secure Encrypted Virtualisation (SEV) is a processor extension that provides secure separation between virtual machines and the underlying software, known as the hypervisor, for managing the required resources. AMD SEV encrypts the data on the virtual machine for this purpose. CacheWarp can be used to undo data modifications in this working environment and fool the system into believing it has an outdated status. This is problematic, for example, if a variable determines whether a user is successfully authenticated or not. Successful authentication is usually marked with “0”, which is, however, the same value with which the variable is initialised. If a potential attacker enters an incorrect password, the variable is overwritten with a value not equal to “0”. However, CacheWarp can be used to reset this variable to its initial status when it indicated successful authentication. This allows an attacker to establish an already authenticated session.
This is made possible by an unexpected interaction between CPU instructions and AMD-SEV, through which the cache can be reset to its old state. Once the attacker has gained access in this way, they can subsequently gain the full access rights of an administrator to the data in the virtual machine. During their tests, the researchers were able to take all the data located there, modify it and spread from the virtual machine further into the user’s infrastructure. They first bypassed the secure login and then overcame the barrier between normal user and administrator.
AMD provides update
As is usual in such cases, the researchers informed the manufacturer concerned, in this case AMD, about the security vulnerability in advance so that it could take the necessary measures before the research results are published. AMD has identified CacheWarp under the identifier CVE-2023-20592 and is providing a microcode update that fixes the vulnerability. The manufacturer has published further information on this in the AMD Security Bulletin.
“Research in the field of microarchitectural attacks is fascinating because it very often reveals just how complex our modern computer systems have become,” says Andreas Kogler from the Institute of Applied Information Processing and Communications (IAIK) at TU Graz. “It’s amazing how the interplay of several factors makes it possible to extract or change data from such systems. Our work on CacheWarp shows how an attacker can make write accesses to the memory of the affected processors virtually forgotten. You can think of it like older USB sticks. If you overwrote a document there, but removed the stick before the end of the writing process, you could find parts of the old version instead of the new one the next time you plugged in and read the document.”
The research team led by Michael Schwarz from the CISPA Helmholtz Centre for Information Security has created its own website (cachewarpattack.com) to provide information on CacheWarp. The scientific paper entitled “CacheWarp: Software-based fault injection using selective state reset” is available on the site and has already been accepted for the “USENIX Security” conference 2024. The authors are: Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Michael Schwarz (all CISPA Helmholtz Centre for Information Security), Andreas Kogler (TU Graz) and Youheng Lü (independent).
This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.
END
New CPU vulnerability makes virtual machine environments vulnerable
Researchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers
2023-11-14
ELSE PRESS RELEASES FROM THIS DATE:
Peer educators play key role in new recipe development and testing
2023-11-14
Philadelphia, November 14, 2023 – Cooking and recipe demonstrations encourage healthy eating and adoption of unfamiliar foods by class participants. The research brief shared in the Journal of Nutrition Education and Behavior, published by Elsevier, demonstrates that valuable input by peer educators can be obtained through a hybrid home-use testing method.
The process of recipe development involves sensory evaluation about the appearance, aroma, taste, texture, and flavor of the food. Although a controlled laboratory setting is the gold standard for evaluation because of consistent preparation and presentation of food, bringing peer educators to a ...
Advances and challenges in gene therapy for rare diseases
2023-11-14
New Rochelle, NY, November 13, 2023—A new review article in the peer-reviewed journal Human Gene Therapy summarizes the significant milestones in the development of gene therapy medicinal products that have facilitated the treatment of a significant number of rare diseases. The article also describes the challenges in the progress of gene therapy for rare diseases. Click here to read the article now.
Juan Bueren, from Centro de Investigaciones Energéticas Medioambientalies y Tecnológicas (CIEMAT), ...
What factors influence PrEP prescribing behavior in health care providers?
2023-11-14
HIV pre-exposure prophylaxis (PrEP), a daily dose of two medications meant to prevent HIV infection in high-risk people, has changed public health dramatically in recent years. Yet, adolescents and young adults, one high-risk group, have shown slower uptake in using this prevention method.
Despite accounting for around 20 percent of new HIV infections, adolescents and young adults between the ages of 13 and 24 are still largely not being prescribed PrEP. Research has described physician intentions to prescribe PrEP to at-risk young people, but no studies until now have focused on factors that may affect actual prescribing of this evidence-based ...
ASCE establishes Dan M. Frangopol Medal for Life-Cycle Civil Engineering of Civil Structures
2023-11-14
The American Society of Civil Engineers (ASCE) recently instituted the Dan M. Frangopol Medal for Life-Cycle Engineering of Civil Structures in recognition of the Lehigh Engineering professor’s contributions as a pioneering researcher and educator and leading authority in the fields of life-cycle civil engineering and life-cycle cost optimization.
The award pays tribute to Frangopol, the inaugural Fazlur R. Khan Endowed Chair of Structural Engineering and Architecture in the Department of Civil and Environmental Engineering ...
Webb Telescope’s Marcia Rieke awarded Catherine Wolfe Bruce Gold Medal
2023-11-14
Dr. Marcia Rieke, principal investigator for the Near-Infrared Camera on NASA’s James Webb Space Telescope is the Astronomical Society of the Pacific’s (ASP) 2023 recipient of its most prestigious award. ASP’s Catherine Wolfe Bruce Gold Medal honors Rieke, a Regents Professor of astronomy and Elizabeth Roemer Endowed Chair, Steward Observatory, at the University of Arizona. Rieke’s award and achievements was recognized at the ASP Awards Gala on Saturday, Nov. 11, in Redwood City, California.
Groundbreaking Contributions
Rieke’s research has focused on infrared observations of ...
Galactic ‘lightsabers’: Answering longstanding questions about jets from black holes
2023-11-14
The one thing everyone knows about black holes is that absolutely everything nearby gets sucked into them.
Almost everything, it turns out.
“Even though black holes are defined as objects from which nothing can escape, one of the astonishing predictions of Einstein’s theory of relativity is that black holes can actually lose energy,” says astrophysicist Eliot Quataert, Princeton’s Charles A. Young Professor of Astronomy on the Class of 1897 Foundation. “They ...
Researchers identify unexpected twist while developing new polymer-based semiconductors
2023-11-14
CHAMPAIGN, Ill. — A new study led by chemists at the University of Illinois Urbana-Champaign brings fresh insight into the development of semiconductor materials that can do things their traditional silicon counterparts cannot – harness the power of chirality, a non-superimposable mirror image.
Chirality is one of nature’s strategies used to build complexity into structures, with the DNA double helix perhaps being the most recognized example – two molecule chains connected by a molecular “backbone” ...
Immigrants living in the U.S. have fewer preterm births
2023-11-14
Preterm birth predicts lifelong health outcomes
Worsening preterm birth rates in the U.S. represent a ‘key metric to target to improve overall societal health’
Study identifies key differences among Asian and Hispanic subgroups
Minority stress could contribute to inequities that begin at birth between populations in the U.S.
CHICAGO --- Preterm birth rates are an important marker in assessing a country’s overall health. And the United States isn’t fairing very well.
Individuals born in the U.S. had an overall higher rate (9.7%) of giving birth prematurely compared to U.S. immigrants (9%), a new Northwestern Medicine ...
When we see what others do, our brain sees not what we see, but what we expect
2023-11-14
When we see what others do, our brain sees not what we see, but what we expect
When we engage in social interactions, like shaking hands or having a conversation, our observation of other people’s actions is crucial. But what exactly happens in our brain during this process: how do the different brain regions talk to each other? Researchers at the Netherlands Institute for Neuroscience provide an intriguing answer: our perception of what others do depends more on what we expect to happen than previously believed.
For some time, researchers have been trying to understand how our brains process other people’s ...
Great results with emergency care adapted for pregnant women
2023-11-14
Increased vigilance for high blood pressure and diffuse stomach pain. These are some of the characteristics of emergency care adapted for pregnant women and new mothers. The model, which could become clinical routine throughout Sweden, is described in a thesis at the University of Gothenburg.
The aim of the thesis was to reduce morbidity and mortality among pregnant women and new mothers seeking emergency care. Sweden has relatively low rates of pregnancy-related morbidity and mortality, but pregnant women and new mothers do not currently receive ...
LAST 30 PRESS RELEASES:
Twelve questions to ask your doctor for better brain health in the new year
Microelectronics Science Research Centers to lead charge on next-generation designs and prototypes
Study identifies genetic cause for yellow nail syndrome
New drug to prevent migraine may start working right away
Good news for people with MS: COVID-19 infection not tied to worsening symptoms
Department of Energy announces $179 million for Microelectronics Science Research Centers
Human-related activities continue to threaten global climate and productivity
Public shows greater acceptance of RSV vaccine as vaccine hesitancy appears to have plateaued
Unraveling the power and influence of language
Gene editing tool reduces Alzheimer’s plaque precursor in mice
TNF inhibitors prevent complications in kids with Crohn's disease, recommended as first-line therapies
Twisted Edison: Bright, elliptically polarized incandescent light
Structural cell protein also directly regulates gene transcription
Breaking boundaries: Researchers isolate quantum coherence in classical light systems
Brain map clarifies neuronal connectivity behind motor function
Researchers find compromised indoor air in homes following Marshall Fire
Months after Colorado's Marshall Fire, residents of surviving homes reported health symptoms, poor air quality
Identification of chemical constituents and blood-absorbed components of Shenqi Fuzheng extract based on UPLC-triple-TOF/MS technology
'Glass fences' hinder Japanese female faculty in international research, study finds
Vector winds forecast by numerical weather prediction models still in need of optimization
New research identifies key cellular mechanism driving Alzheimer’s disease
Trends in buprenorphine dispensing among adolescents and young adults in the US
Emergency department physicians vary widely in their likelihood of hospitalizing a patient, even within the same facility
Firearm and motor vehicle pediatric deaths— intersections of age, sex, race, and ethnicity
Association of state cannabis legalization with cannabis use disorder and cannabis poisoning
Gestational hypertension, preeclampsia, and eclampsia and future neurological disorders
Adoption of “hospital-at-home” programs remains concentrated among larger, urban, not-for-profit and academic hospitals
Unlocking the mysteries of the human gut
High-quality nanodiamonds for bioimaging and quantum sensing applications
New clinical practice guideline on the process for diagnosing Alzheimer’s disease or a related form of cognitive impairment or dementia
[Press-News.org] New CPU vulnerability makes virtual machine environments vulnerableResearchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers