Grand Pwning Unit:Accelerating Microarchitectural Attacks with the GPU

Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to 'accelerate' microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-to-end microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers

Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks

Deep neural networks (DNNs) have been shown to tolerate "brain damage": cumulative changes to the network's parameters (e.g., pruning, numerical perturbations) typically result in a graceful degradation of classification accuracy. However, the limits of this natural resilience are not well understood in the presence of small adversarial changes to the DNN parameters' underlying memory representation, such as bit-flips that may be induced by hardware fault attacks. We study the effects of bitwise corruptions on 19 DNN models---six architectures on three image classification tasks---and we show that most models have at least one parameter that, after a specific bit-flip in their bitwise representation, causes an accuracy loss of over 90%. We employ simple heuristics to efficiently identify the parameters likely to be vulnerable. We estimate that 40-50% of the parameters in a model might lead to an accuracy drop greater than 10% when individually subjected to such single-bit perturbations. To demonstrate how an adversary could take advantage of this vulnerability, we study the impact of an exemplary hardware fault attack, Rowhammer, on DNNs. Specifically, we show that a Rowhammer enabled attacker co-located in the same physical machine can inflict significant accuracy drops (up to 99%) even with single bit-flip corruptions and no knowledge of the model. Our results expose the limits of DNNs' resilience against parameter perturbations induced by real-world fault attacks. We conclude by discussing possible mitigations and future research directions towards fault attack-resilient DNNs.Comment: Accepted to USENIX Security Symposium (USENIX) 201

TRRespass: Exploiting the Many Sides of Target Row Refresh

After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the RowHammer problem: Target Row Refresh (TRR). A common belief among practitioners is that, for the latest generation of DDR4 systems that are protected by TRR, RowHammer is no longer an issue in practice. However, in reality, very little is known about TRR. In this paper, we demystify the inner workings of TRR and debunk its security guarantees. We show that what is advertised as a single mitigation mechanism is actually a series of different solutions coalesced under the umbrella term TRR. We inspect and disclose, via a deep analysis, different existing TRR solutions and demonstrate that modern implementations operate entirely inside DRAM chips. Despite the difficulties of analyzing in-DRAM mitigations, we describe novel techniques for gaining insights into the operation of these mitigation mechanisms. These insights allow us to build TRRespass, a scalable black-box RowHammer fuzzer. TRRespass shows that even the latest generation DDR4 chips with in-DRAM TRR, immune to all known RowHammer attacks, are often still vulnerable to new TRR-aware variants of RowHammer that we develop. In particular, TRRespass finds that, on modern DDR4 modules, RowHammer is still possible when many aggressor rows are used (as many as 19 in some cases), with a method we generally refer to as Many-sided RowHammer. Overall, our analysis shows that 13 out of the 42 modules from all three major DRAM vendors are vulnerable to our TRR-aware RowHammer access patterns, and thus one can still mount existing state-of-the-art RowHammer attacks. In addition to DDR4, we also experiment with LPDDR4 chips and show that they are susceptible to RowHammer bit flips too. Our results provide concrete evidence that the pursuit of better RowHammer mitigations must continue.Comment: 16 pages, 16 figures, in proceedings IEEE S&P 202

Limiti di carica microbica ed accettabilità delle carni avicole fresche

The minimum number of bacteria, which correlate to end of shelf-life, should be defined by producers in order to establish microbiological standards at the end of productive process or at specifie defect action points, taking into account the possible temperature conditions the various products will probably meet. This would allow the quality assurance of all lots of products until the end of declared shelf life. Entire chicken, sliced chicken breast, skewers of chicken with pepper, ripened chicken leg and cordon bleu samples were stored at temperature condition from -0.2° to 5.9°C for 9-11 days. Then they were analysed for microbiological traits and, on the basis of sensorial characteristics, were classified as acceptable, marginally acceptable or not acceptable. It was defined the maximum number of Pseudomonas spp., total coliforms or total plate count at which unacceptable products were not found and significance of these discriminatory limits was evaluated. Per stabilire la durata commerciale delle diverse preparazioni di carni avicole i produttori dovrebbero conoscere quali sono le concentrazioni minime di batteri alteranti correlabili alla comparsa di alterazioni e quali sono, quindi, gli standard microbiologici in fase di produzione od in specifici punti critici di controllo (defect action point) che permettano di assicurare, in condizioni programmate di temperatura, la qualità di un lotto di produzione fine al termine indicato in etichetta. Campioni di diversi lotti di busti di pollo, petti di pollo a fette, spiedini con peperone, fusotti ripieni e cordon bleu sono stati sottoposti a regimi di temperatura tra -0,2° e 5,9°C per 9-11 giorni. Al termine di questo periodo sono stati fatti controlli microbiologici e sulla base delle caratteristiche organolettiche sono stati classificati accettabili, marginali o inaccettabili. È stato quindi individuato il limite più alto di Pseudomonas spp., coliformi totali o carica mesofila totale al di sotto del quale non fossero riscontrabili unità inaccettabili ed è stata valutata la significatività di questo limite discriminante

Is It Possible to Differentiate Chronic Kidney Disease and Preeclampsia by means of New and Old Biomarkers? A Prospective Study

Objective. Chronic kidney disease (CKD) and preeclampsia (PE) may both present with hypertension and proteinuria in pregnancy. Our objective is to test the possibility of distinguishing CKD from PE by means of uteroplacental flows and maternal circulating sFlt-1/PlGF ratio. Design. Prospective analysis. Population. Seventy-six patients (35 CKD, 24 PE, and 17 other hypertensive disorders), with at least one sFlt-1/PlGF and Doppler evaluation after the 20th gestational week. Methods. Maternal sFlt-1-PlGF were determined by immunoassays. Abnormal uterine artery Doppler was defined as resistance index ≥ 0.58. Umbilical Doppler was defined with gestational-age-adjusted Pulsatility Index. Clinical diagnosis was considered as reference. Performance of Doppler study was assessed by sensitivity analysis; sFlt-1/PlGF cut-off values were determined by ROC curves. Results. The lowest sFlt-1/PlGF ratio (8.29) was detected in CKD, the highest in PE (317.32) (P<0.001). Uteroplacental flows were mostly preserved in CKD patients in contrast to PE (P<0.001). ROC analysis suggested two cut-points: sFlt-1/PlGF ≥ 32.81 (sensitivity 82.93%; specificity 91.43%) and sFlt-1/PlGF ≥ 78.75 (sensitivity 62.89%, specificity 97.14%). Specificity reached 100% at sFlt-1/PlGF ≥ 142.21 (sensitivity: 48.8%). Early-preterm delivery was associated with higher sFlt-1/PlGF ratio and abnormal uteroplacental flows relative to late-preterm and term deliveries. Conclusions. sFlt-1/PlGF ratio and uteroplacental flows significantly correlated with PE or CKD and preterm delivery

The role of copper(II) in the aggregation of human amylin

Amylin is the 37-residue peptide hormone produced by the islet β-cells in the pancreas and the formation of amylin aggregates is strongly associated with β-cells degeneration in type 2 diabetes, as demonstrated by more than 95% of patients exhibiting amylin amyloid upon autopsy. It is widely recognized that metal ions such as copper(II) have been implicated in the aggregation process of amyloidogenic peptides such as Aβ and α-synuclein and there is evidence that also amylin self-assembly is largely affected by copper(II). For this reason, in this work, the role of copper(II) in the aggregation of amylin has been investigated by several different experimental approaches. Mass spectrometric investigations show that copper(II) induces significant changes in the amylin structure which decrease the protein fibrillogenesis as observed by ThT measurements. Accordingly, solid-state NMR experiments together with computational analysis carried out on a model amylin fragment confirmed the non fibrillogenic nature of the copper(II) induced aggregated structure. Finally, the presence of copper(II) is also shown to have a major influence on amylin proneness to be degraded by proteases and cytotoxicity studies on different cell cultures are reported

How future surgery will benefit from SARS-COV-2-related measures: a SPIGC survey conveying the perspective of Italian surgeons

COVID-19 negatively affected surgical activity, but the potential benefits resulting from adopted measures remain unclear. The aim of this study was to evaluate the change in surgical activity and potential benefit from COVID-19 measures in perspective of Italian surgeons on behalf of SPIGC. A nationwide online survey on surgical practice before, during, and after COVID-19 pandemic was conducted in March-April 2022 (NCT:05323851). Effects of COVID-19 hospital-related measures on surgical patients' management and personal professional development across surgical specialties were explored. Data on demographics, pre-operative/peri-operative/post-operative management, and professional development were collected. Outcomes were matched with the corresponding volume. Four hundred and seventy-three respondents were included in final analysis across 14 surgical specialties. Since SARS-CoV-2 pandemic, application of telematic consultations (4.1% vs. 21.6%; p &lt; 0.0001) and diagnostic evaluations (16.4% vs. 42.2%; p &lt; 0.0001) increased. Elective surgical activities significantly reduced and surgeons opted more frequently for conservative management with a possible indication for elective (26.3% vs. 35.7%; p &lt; 0.0001) or urgent (20.4% vs. 38.5%; p &lt; 0.0001) surgery. All new COVID-related measures are perceived to be maintained in the future. Surgeons' personal education online increased from 12.6% (pre-COVID) to 86.6% (post-COVID; p &lt; 0.0001). Online educational activities are considered a beneficial effect from COVID pandemic (56.4%). COVID-19 had a great impact on surgical specialties, with significant reduction of operation volume. However, some forced changes turned out to be benefits. Isolation measures pushed the use of telemedicine and telemetric devices for outpatient practice and favored communication for educational purposes and surgeon-patient/family communication. From the Italian surgeons' perspective, COVID-related measures will continue to influence future surgical clinical practice

Diversity and ethics in trauma and acute care surgery teams: results from an international survey

Background Investigating the context of trauma and acute care surgery, the article aims at understanding the factors that can enhance some ethical aspects, namely the importance of patient consent, the perceptiveness of the ethical role of the trauma leader, and the perceived importance of ethics as an educational subject. Methods The article employs an international questionnaire promoted by the World Society of Emergency Surgery. Results Through the analysis of 402 fully filled questionnaires by surgeons from 72 different countries, the three main ethical topics are investigated through the lens of gender, membership of an academic or non-academic institution, an official trauma team, and a diverse group. In general terms, results highlight greater attention paid by surgeons belonging to academic institutions, official trauma teams, and diverse groups. Conclusions Our results underline that some organizational factors (e.g., the fact that the team belongs to a university context or is more diverse) might lead to the development of a higher sensibility on ethical matters. Embracing cultural diversity forces trauma teams to deal with different mindsets. Organizations should, therefore, consider those elements in defining their organizational procedures. Level of evidence Trauma and acute care teams work under tremendous pressure and complex circumstances, with their members needing to make ethical decisions quickly. The international survey allowed to shed light on how team assembly decisions might represent an opportunity to coordinate team member actions and increase performance