Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.
Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.
Vulnerabilities in AMD Chips Highlight Trend Toward Hardware-based Attacks
March 15, 2018 | By Joel Odom
According to hardware security firm CTS-Labs, several widely-deployed AMD microprocessors contain vulnerabilities that allow attackers to take a successful attack to a more advanced level. The vulnerabilities, disclosed in a 20-page white paper entitled, "Severe Security Advisory on AMD Processors," all require an attacker to gain full control of a target's operating system before the AMD attacks may be employed. This means that a successful attack against an operating system would allow attackers to pivot the attack to the hardware, where the attack will be more persistent, more difficult to detect, and where the attacks can reach to parts of the victim's hardware that would normally be out of reach from purely software-based attacks.
- ArsTechnica: https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/
- CTS-Labs Severe Security Advisory: https://amdflaws.com/
IISP Analyst Joel Odom: "The past few years have seen an increase in cyberattacks against hardware. Last year, Chris M. Roberts and I commented on the AnC Attack, which defeats Address Space Layout Randomization (ASLR). I also wrote about a problem that allows attackers to take over a PC via USB. Most recently, Spectre and Meltdown have demonstrated how difficult it is to secure a modern microprocessor. It is my opinion that this upward trend in hardware-based attacks will continue.
The manner by which these particular AMD vulnerabilities were disclosed is noteworthy. The standard practice in the security industry is to give companies at least 90 days to fix a vulnerability before public disclosure. In this case, CTS-Labs (an Israeli research organization that published the white paper) gave AMD just one day of notice. The disclosure report also has a disclaimer that states, "The report and all statements contained herein are opinions of CTS and are not statements of fact," and that CTS may hold "an economic interest in the performance of the securities of the companies whose products are the subject of our reports." The cybersecurity world has noted that CTS's handling of the disclosure smells foul. That said, other side discussions that I have been tracking in the information security community lead me to believe that the disclosed flaws are serious problems and warrant immediate attention."
Compliance Does Not Equal Security
Feb. 27, 2018
Better Biometric-Based Authentication
Feb. 20, 2018
Fines for Faulty Defense in the U.K.
Jan. 30, 2018
Patch for Meltdown and Spectre? On Standby
Jan. 25, 2018
Countermeasures to Intel's Biggest Vulnerability
Jan. 17, 2018
NIST to Demonstrate Automation of IoT Security
Jan. 5, 2018
About the Analysts
Holly Dragoo is a research associate with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly
Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting).
Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden
Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel
Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis. Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris
Stone Tillotson is a research scientist with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute, where he develops applications for security involving attack/defense simulations, social media affinity mapping, and transitioning teams to Agile development. His focus includes design and development of front-end, back-end, and the data layer with considerations for architecture, design patterns, and user experience. More by Stone