Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.
Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.
Patch for Meltdown and Spectre? On Standby
January 25, 2018 | By Panagiotis Kintis
Earlier in January, two critical vulnerabilities in Intel microchips were disclosed, Meltdown and Spectre. Although several patches have been made available, Intel advised customers on Jan. 23 not to apply firmware patches and instead wait for other updates due to reports of instability. The vulnerabilities continue.
Meltdown and Spectre patches: https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help
IISP Analyst Panagiotis Kintis: "What is special about Meltdown and Spectre is that they do not affect a single application or a specific protocol, but target modern processors and cause severe memory leaks. Unfortunately, 'modern' refers to almost every processor built since 1995, including the most popular architectures like Intel, AMD, and ARM.
The fact that a computer giant like Intel is 'taking its time' with fixing such a significant vulnerability is really concerning. Systems affected by Meltdown can immediately leak arbitrary data from memory and allow private data to exchange hands. Similarly, Spectre allows remote execution of code that can also leak memory to a third party. These both reminded me a lot of the chaos when the Heartbleed bug emerged, more than three years ago. The big difference is that Heartbleed was fixed with a simple change in the source code of OpenSSL that anybody could patch very easily. Meltdown and Spectre require much more work, from several different vendors, to make sure that processors -- the core of every computer system -- are not vulnerable anymore.
Moreover, the patch Intel provides, instead of being a transparent fix, requires the user to opt-in and enable it before it takes effect. This opt-in mechanism has raised significant criticism. Linus Torvalds publicly complained about Intel's approach, asking for something better. Even though his messages might be a little blunt, I am not sure he is completely wrong. We are facing two very important vulnerabilities, which can leak private data (like passwords, encryption keys, certificates, etc.) and we are asked to just wait. At the same time, the patches Intel has provided seem to affect CPU performance, making it slower than expected. Intel's solution to this issue was to make the customer choose between performance and security. By default, CPU's performance is not affected if the customer does not opt in the vulnerability fix. If the user chooses security though, they will have to forfeit performance.
We have been designing systems, protocols, and applications with performance and efficiency in mind. Security by design almost never has been the norm. We are victims of that approach and we have been trying to solve security problems for years, the cost of which is paramount. Today, Intel is contributing towards the former perspective. The question is, do customers understand how important the tradeoff is?"
Countermeasures to Intel's Biggest Vulnerability
Jan. 17, 2017
NIST to Demonstrate Automation of IoT Security
Jan. 5, 2018
The Best Cybersecurity Stories of 2017
Dec. 20, 2017
Cryptocurrencies: Why Bubble Machines Crash the Party
Nov. 30, 2017
User Whereabouts on Trial
Nov. 27, 2017
De-Neutralizing the Net
Nov. 22, 2017
About the Analysts
Holly Dragoo is a research associate with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly
Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting).
Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden
Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel
Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis. Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris
Stone Tillotson is a research scientist with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute, where he develops applications for security involving attack/defense simulations, social media affinity mapping, and transitioning teams to Agile development. His focus includes design and development of front-end, back-end, and the data layer with considerations for architecture, design patterns, and user experience. More by Stone