Zum Hauptinhalt springen
TU Graz
Focus on TU Graz
University
Overview: University
TU Graz at a Glance
Organisational Basis
Mission Statement
Key Objectives and Focus Areas
Cooperations
Climate-Neutral TU Graz
TU Graz Portfolio of Affiliated Companies
Data Protection at TU Graz
History
Info Portal: Sexual Harassment
Accessibility at TU Graz
University Gazettes
Career
Overview: Career
Job Vacancies
Professional Fields
Professorships
Apprenticeships
TU Graz as an Employer
Living in Graz
Starting Work at TU Graz
Accessible Working
Services
Overview: Services
News+Stories
Follow TU Graz
TU Graz events
Media Service
Form a Partnership with TU Graz
Founders at TU Graz
Publish Job Vacancies
Services for Children and Young People
Offers for Schools
TU Graz Library
Archive Research
Services for Alumni
Childcare
Nostrification
Organisational Structure
Overview: Organisational Structure
Organisational Chart
Rectorate of TU Graz
Senate of TU Graz
University Council of TU Graz
Deans
Service Departments and Staff Units
Representative Bodies for Members of TU Graz
Committees
Close Menu
Studying and Teaching
Focus on Studying and Teaching
Degree and Certificate Programmes
Overview: Degree and Certificate Programmes
Bachelor's Degree Programmes
Master's Degree Programmes
Teacher Education Programme
Doctoral Programmes
Continuing Education
Studying at TU Graz
Overview: Studying at TU Graz
Prospective Students
New Students
Students
Graduates
Studying Internationally
Overview: Studying Internationally
Incoming Students – Exchange at TU Graz
Outgoing Students – Study Abroad
International Students
International House
Summer and Winter Programmes
Blog
Teaching at TU Graz
Overview: Teaching at TU Graz
Strategy Teaching and Learning
Services and Advancements for Teaching Staff
Teaching in Dialogue
Teaching Blog
International Teaching
Close Menu
Research
Focus on Research
Fields of Expertise
Overview: Fields of Expertise
Advanced Materials Science
Human & Biotechnology
Information, Communication & Computing
Mobility & Production
Sustainable Systems
Research at TU Graz
Overview: Research at TU Graz
Services for Researchers
Research Centers
Lead Projects at TU Graz
Christian Doppler (CD) Laboratories
ERC Grants at TU Graz
Research Cooperation Ventures
Business Enterprises – Start-ups and Spin-offs
Responsible Science
Doctoral Schools
TU Graz Research Portal
Cooperate with TU Graz
Overview: Cooperate with TU Graz
Joint Research
Support Students and Attract Young Talents
Form a Partnership with TU Graz
Collaboration Partners from Business and Industry
International Research
Overview: International Research
Research Stays Abroad
Research Stays at TU Graz
Research and Technology Advisory Committee
Close Menu
Faculties and Institutes
Overview: Faculties and Institutes
Faculty of Architecture
Faculty of Civil Engineering
Faculty of Electrical and Information Engineering
Faculty of Computer Science and Biomedical Engineering
Faculty of Mechanical Engineering and Economic Sciences
Faculty of Mathematics, Physics and Geodesy
Faculty of Technical Chemistry, Chemical and Process Engineering, Biotechnology
Close Menu
Information for...
Quick Links
Prospective Students
Researchers
Teaching Staff
Pupils
Internationals
Companies
New Students
Continuing Education
Media Representatives
Alumni
Prospective Employees
Close Menu
TU Graz
Graz University of Technology
TU Graz/ TU Graz/ Services/ News+Stories/

TU Graz researchers discover serious security vulnerabilities

01/04/2018 | TU Graz news

By Birgit Baustädter

An 10-strong international team of researchers – including researcher from TU Graz – has revealed two new vulnerabilities in computer processors: Meltdown and Spectre. PCs, server and cloud services are affected. A patch could help.

Four man are standing behind a black computer screen with white letters on it.
Michael Schwarz, Daniel Gruss, Stefan Mangard and Moritz Lipp from TU Graz were chiefly involved in the recent descovery of devastating vulnerabilities in computer processors.
Around the turn of the year speculation was rife about new, serious vulnerabilities that could affect all modern microprocessors. Now it is official: two newly-discovered exploits, Meltdown and Spectre, could allow unauthorised users to gain direct access to kernel memory, at the heart of computer systems. The issue was discovered by an 10-strong international research team, in which Graz University of Technology’s Institute of Applied Information Processing and Communications plays a central role. Both exploits take advantage of a central operating principle of fast processors. Intel, AMD and ARM processors are chiefly affected.

Meltdown“ and „Spectre“ info site.

Simple code with devastating consequences

“Meltdown is a very simple exploit – only four lines of code are needed to gain access,” explained Moritz Lipp, Michael Schwarz, Stefan Mangard and Daniel Gruss from TU Graz. “Spectre is significantly more labour-intensive, and consequently more difficult to protect against. It uses the code itself to trick the system into giving up its secrets.” The vulnerabilities affect private computers as well as most server infrastructure and cloud-based services currently in use. In order for computer systems to work faster, modern processors perform calculations in parallel rather than sequentially. In parallel to lengthy tasks, the processor attempts to predict the next steps that will be required and prepare for them. “For performance reasons, at that point no check is made as to whether the program accessing data actually has permission to do so,” the Graz researchers explained. If a predicted step is not required, or if permissions are not present, the processor discards the preparations it has made. This preparation phase can be exploited to read data from the kernel – for example passwords saved in commonly used browsers.

Patch from Graz protects against Meltdown exploit

KAISER, a patch developed by the Graz researchers at the institute, is designed to help secure the vulnerabilities. Because attacks would be directed against hardware but carried out via software, developers from the major IT companies have adapted and further developed their proposal, and are delivering patches with their latest security updates. “The update affects the central functions of fast processors, and could make a difference especially in terms of speed,” explained Gruss, Lipp, Mangard and Schwarz. “Nevertheless, we would appeal to all users to install these updates. The largest providers of cloud and server solutions will implement them in the coming days.” Manufacturers still have work to do to solve the problem in the hardware itself – especially since the patch is effective against Meltdown, but not against the Spectre exploit.

The research was done in the framework of the ERC-funded project “SOPHIA”.  

Information

The international team is made up of researchers from Graz University of Technology, the independent researcher Paul Kocher, the University of Pennsylvania, the University of Maryland, Cyperus Technology, Rambus, the University of Adelaide and Data61. Their research was published in two different papers. The papers on Meltdown“ and „Spectre“ can be downloaded directly and can also be found on the information website about these serious vulnerabilities.

Contact

Daniel GRUSS
Dipl.-Ing. Dr.techn. BSc
TU Graz | Institute of Applied Information Processing and Communications
Phone: +43 316 873 5544
daniel.gruss@iaik.tugraz.at

Back to: Overview: Media Service