BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Date iCal//NONSGML kigkonsult.se iCalcreator 2.20.2// METHOD:PUBLISH X-WR-CALNAME;VALUE=TEXT:Eventi DIAG BEGIN:VTIMEZONE TZID:Europe/Paris BEGIN:STANDARD DTSTART:20191027T030000 TZOFFSETFROM:+0200 TZOFFSETTO:+0100 TZNAME:CET END:STANDARD BEGIN:DAYLIGHT DTSTART:20200329T020000 TZOFFSETFROM:+0100 TZOFFSETTO:+0200 TZNAME:CEST END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:calendar.19541.field_data.0@oba.diag.uniroma1.it DTSTAMP:20260407T080444Z CREATED:20200225T214230Z DESCRIPTION:What would the world be like if software had no bugs? Software systems would be impenetrable and our data shielded from prying eyes? Not quite. In this talk\, I will present evidence that reliable attacks target ing even 'perfect' software are a realistic threat. Such attacks exploit p roperties of modern hardware such as glitches (e.g.\, Rowhammer) and side channels (e.g.\, deduplication) to completely subvert a system\, even in a bsence of software or configuration bugs. To substantiate this claim\, I w ill illustrate practical attacks in real-world systems settings\, such as browsers\, clouds\, and mobile.The implications of these attacks are worri some. Even bug-free (say formally verified) software can be successfully t argeted by a relatively low-effort attacker. Moreover\, state-of-the-art s ecurity defenses\, which have proven useful to raise the bar against tradi tional software exploitation techniques\, are completely ineffective again st such attacks. It is time to revisit our assumptions on realistic advers arial models and investigate defenses that consider threats in the entire hardware/software stack. Pandora's box has been opened.BIO: Cristiano Giuf frida is a Tenured Assistant Professor in the Computer Science Department at the Vrije Universiteit Amsterdam. His research interests span across se veral aspects of computer systems\, with a strong focus on systems securit y. He received a Ph.D. cum laude from the Vrije Universiteit Amsterdam in 2014. He was awarded the Roger Needham Award at EuroSys and the Dennis M. Ritchie Award at SOSP for the best PhD dissertation in Computer Systems in 2015 (Europe and worldwide). He was awarded a VENI grant (the Dutch Equiv alent of a NSF CAREER Award\, PhD+3) in 2017. He has served on the program committee of a number of top systems and security venues\, such as SOSP\, OSDI\, EuroSys\, S&P\, CCS\, NDSS\, and USENIX Security. DTSTART;TZID=Europe/Paris:20200303T113000 DTEND;TZID=Europe/Paris:20200303T113000 LAST-MODIFIED:20230710T173816Z LOCATION:Aula Magna\, DIAG\, Via Ariosto 25 SUMMARY:Software Exploitation: Hardware is the New Black - Cristiano Giuffr ida URL;TYPE=URI:http://oba.diag.uniroma1.it/node/19541 END:VEVENT END:VCALENDAR