CISPA-Faculty Dr. Michael Schwarz has been honored with the Award of Excellence for his dissertation "Software-based Side-Channel Attacks and Defenses in Restricted Environments". The 29-year-old is one of 40 scientists honored by Austrian Science Minister Heinz Faßmann. The research areas of the award-winning dissertations are diverse, ranging from prehistory to population genetics, from music education to industrial mathematics.
Michael Schwarz's doctoral thesis was written at the Graz University of Technology under Ass.Prof. Dr. Daniel Gruss. In his doctoral thesis Schwarz starts from the following facts: Side-channel attacks have been known for quite some time, in which very small side-effects of programs are observed. In Hollywood, criminals use side-channel attacks to open safes with stethoscopes. Side-channel attacks on computers, however, do not rely on sounds but on tiny nanosecond timing differences that can be measured in software. The dangerous thing about these software-based side-channel attacks is that they can be carried out by any program. Such attacks are even possible in browsers.
The paper shows that current countermeasures are not always effective. Among other things, it presents the first attacks on Intel SGX, a software vault in modern computers for extremely sensitive data. Furthermore, the paper is the first to show that side-channel attacks combined with speed optimizations lead to novel, extremely powerful attacks where an attacker can grab arbitrary data. This even works from the browser, where visiting a malicious web page is enough to have data stolen. These novel attacks created a lot of buzz, not only in the scientific community, but also in the media.
Spectre, Meltdown, and a little later ZombieLoad, were covered worldwide, as they called into question the very basis of computer security, and by extension, cloud and smartphone security, from one day to the other. What is particularly serious about these attacks is that they cannot simply be fixed by a software update, but new hardware that is no longer vulnerable has to be designed first.
All of this led to a better understanding of the attack requirements and attack surface. As a result, we were able to propose better defenses against side-channel attacks in different scenarios.
"The dissertations show an overwhelming panorama of scientific university research in Austria," Faßmann said. "As Minister of Science, it is a special pleasure for me to bring the best works to the forefront. I warmly congratulate all the award winners and wish them all continued success."
The Award of Excellence is endowed with 3,000 euros. Due to the Corona pandemic, Minister Faßmann sent a digital message of greeting to the award winners. In addition to the work itself, he praised the "flexibility and resilience that the scientists have shown in completing their dissertations in these challenging times."
The Award of Excellence has been presented since 2008. Proposals for it come from the universities. Michael Schwarz is honored to receive the award, "I am honored that my work has been recognized as one of the best dissertations, especially since my topic was considered a niche subject of little interest a few years ago. I'm glad that my efforts have also led to bringing this topic somewhat into the public eye."
The text was translated by: Tobias Ebelshäuser