Sandsifter to Make Debut at Black Hat 2017
As a Cyber Scientist, Chris Domas spends his days at Battelle solving computer security problems. And as a true hacker, he spends his evenings at home doing the same thing.
“When you really enjoy what you are working on, you invest time in it. You really immerse yourself and find out as much as you can about it,” Chris said.
One of his recent at-home projects involved a deep dive into x86 processors. Something had been bothering him. About 20 years ago, a critical hardware flaw called the “F00F” bug was discovered on Intel processors. This particular glitch in the chip would cause the processor to lock up – and an attacker could use this to effectively disable a computer.
“Nobody has really seen anything like that since then. I wondered if that was because the problem doesn’t exist anymore or if it’s because nobody was looking for it,” said Chris.
He worked to create a method of looking into the actual hardware of the x86 processors to see if he could find an answer to the question. The result is a tool called Sandsifter.
“The name comes from the idea of what the tool generates: hundreds of millions of pieces of data. You need to sift through that to find something interesting,” he said.
While working on the tool, Chris found instructions in the processors that don’t exist in the manuals. And anytime you find something that wasn’t supposed to be there, that can call into question the security of the hardware.
“There are capabilities in these processors that we didn’t know about. From a security perspective, that’s not great,” said Chris.
He also got an answer to his original question about the locking up bug that had been discovered 20 years ago. Another version of it exists today. Just in the last couple weeks, Chris found a new processor bug that locks people out of the system.
Chris shared the full story of his recent discoveries and the Sandsifter tool during his Black Hat briefing on July 27. Black Hat is the world’s leading information security event and features the latest in research, development and trends. Chris is one of a limited number of people who have presented at Black Hat more than once. This will be his third go.
Sandsifter is an open-sourced tool for everyone to use and can be found on GitHub.
Check out Chris’ tips for making the cut at Black Hat (multiple times) in this article: 8 Tips to Get Your Research Accepted at Black Hat.
“When you really enjoy what you are working on, you invest time in it. You really immerse yourself and find out as much as you can about it,” Chris said.
One of his recent at-home projects involved a deep dive into x86 processors. Something had been bothering him. About 20 years ago, a critical hardware flaw called the “F00F” bug was discovered on Intel processors. This particular glitch in the chip would cause the processor to lock up – and an attacker could use this to effectively disable a computer.
“Nobody has really seen anything like that since then. I wondered if that was because the problem doesn’t exist anymore or if it’s because nobody was looking for it,” said Chris.
He worked to create a method of looking into the actual hardware of the x86 processors to see if he could find an answer to the question. The result is a tool called Sandsifter.
“The name comes from the idea of what the tool generates: hundreds of millions of pieces of data. You need to sift through that to find something interesting,” he said.
While working on the tool, Chris found instructions in the processors that don’t exist in the manuals. And anytime you find something that wasn’t supposed to be there, that can call into question the security of the hardware.
“There are capabilities in these processors that we didn’t know about. From a security perspective, that’s not great,” said Chris.
He also got an answer to his original question about the locking up bug that had been discovered 20 years ago. Another version of it exists today. Just in the last couple weeks, Chris found a new processor bug that locks people out of the system.
Chris shared the full story of his recent discoveries and the Sandsifter tool during his Black Hat briefing on July 27. Black Hat is the world’s leading information security event and features the latest in research, development and trends. Chris is one of a limited number of people who have presented at Black Hat more than once. This will be his third go.
Sandsifter is an open-sourced tool for everyone to use and can be found on GitHub.
Check out Chris’ tips for making the cut at Black Hat (multiple times) in this article: 8 Tips to Get Your Research Accepted at Black Hat.
BATTELLE UPDATES
Receive updates from Battelle for an all-access pass to the incredible work of Battelle researchers.