Attackers have moved on from fighting the war in memory to a new attack surface, the CPU caches, with cache resident malware and cache side-channel attacks: 1) cache resident malware evades memory inspection by using Cache-as-RAM techniques to load malicious code only in cache but not in RAM. Leveraging the cache incoherence of mobile and IoT trusted execution environments (TEE), such as ARM TrustZone, new stealthy cache resident malware can even bypass the introspection from the highest privilege level; 2) cache side-channel attacks exploit the time differences between a cache hit and a cache miss to infer sensitive information to which attackers otherwise do not have access to. These attacks are effective in stealing cryptographic keys from victim programs and virtual machines, tracing the execution of programs, and performing other malicious actions. In this talk, I will discuss my recent research on advancing both the attack and defense of cache resident malware and cache side-channel attacks on mobile and IoT devices.
Ziming Zhao is an Assistant Professor at Rochester Institute of Technology, USA. He directs the CyberspACe securiTy and forensIcs lab (CactiLab). He received his PhD degree in Computer Science from Arizona State University and his master and bachelor's degree from BUPT. His research foci include system and software security, network security, usable and user-centric security, cybercrime and threat intelligence analytics. His research has led to 50+ publications in security conferences and journals, including IEEE S&P, USENIX Security, NDSS, CCS, ACSAC, ESORICS, TISSEC, etc. He was the general co-chair of ACM CODASPY 2018 and co-founder of ACM Workshop on Automobile Cybersecurity. He is recruiting self-motivated PhD students to work on cybersecurity.