JOHANNESBURG
21 - 25 May 2018

CAPE TOWN
28 & 29 May 2018

Speaker

Rodrigo Branco, senior principal security researcher, Intel Corporation

Rodrigo Branco

Senior principal security researcher, Intel Corporation

Rodrigo Rubira Branco is senior principal security researcher at Intel Corporation, based in its Security Centre of Excellence, where he leads the Client Core and BIOS Teams. Branco is the founder of the Dissect || PE Malware Analysis Project and has held positions as director of Vulnerability & Malware Research at Qualys and chief security researcher at Check Point, where he founded the Vulnerability Discovery Team (VDT) and released dozens of vulnerabilities in many important software. In 2011, Branco was honoured as one of the top vulnerability contributors of Adobe. Branco is also one of the organisers of the Hackers to Hackers Conference (H2HC), the oldest ongoing security research conference in Latin America. He has been invited and accepted to speak in relevant security research events across the world, such as Black Hat (USA), Hack in the Box (Malaysia and UAE), XCon (China), OLS (Canada), Defcon (USA), Hackito (France), Zero Nights (Russia), Troopers (Germany) and many others. Branco has published several papers in the fields of exploit writing, reverse engineering, malware analysis and rootkit development, and is part of the invited review committee for a variety of security research conferences, such as Black Hat (USA), PHDays (Russia), Hackito (France), NoSuchCon (France), Opcde (UAE), CCNC (USA), Andsec (Argentina) and others.

Rodrigo Branco will be speaking on the following topic:

09:10
International keynote speaker Blinded Random Block Corruption Attacks: the next level

Protecting user privacy in virtualised cloud environments is an increasing concern for both users and providers. This presentation argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VMs cannot be guaranteed. This will be demonstrated via a new instantiation of a Blinded Random Block Corruption Attack. Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory). This completely compromises the user's data privacy. Furthermore, we also demonstrate that even non-Boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration.

  • Find out how memory encryption by itself is not necessarily a defence-in-depth mechanism against attackers with memory read/write capabilities
  • Deliberate the concept that 'a better guarantee is achieved if the memory encryption includes some authentication mechanism'

Sponsors

Gold sponsor

Silver sponsor

Bronze sponsor

Display sponsors

Sponsors

Media Partners