Foundations for Sustainable Security

ERC (European Research Council)HORIZON-ERCID: 101076409
EC Contribution
€14,985
Consortium Size
1 orgs
Start Year
2023
Summary

Security and efficiency are often seen as a conflict. IT already consumes 11% of electricity globally, with a steep upwards trend. Resource sharing increases efficiency but introduces information leakage vulnerabilities, such as Meltdown and Spectre. Reducing reliability margins also increases efficiency but introduces fault attacks, such as Rowhammer and Plundervolt. This reveals a fundamental problem in current systems: Reliability mechanisms are not designed with adversaries in mind. Security is then patched on top of reliability mechanisms, incurring additional energy costs.We will overcome the conflict between security and efficiency with novel foundations to make security sustainable and use security to increase efficiency. We will research how to measure the efficiency of security, design principled and efficient security mechanisms, utilize security to increase efficiency, secure microarchitectural optimizations, and secure lightweight isolation.Our methodology is to integrate principled cryptography-grade security into all system layers to minimize and supersede inefficient reliability mechanisms. We will develop a framework for fine-grained energy efficiency measurements. We will research fine-grained replication for side-channel isolation, maintaining efficiency. We will explore selective resource sharing for secure variables, enclaves, and virtual machines, superseding today's inefficient and insecure techniques.The originality of FSSec stands out in that energy efficiency has played no role in security so far. In particular, using cryptography to replace established error correction methods will be the key to our goal of using security to increase efficiency by 20% compared to current systems. We will construct secure optimizations with fine-grained isolation, increasing the efficiency without adding side channels.Asst.-Prof. Daniel Gruss heads an internationally renowned security research group. FSSec will fund 6 PhD students.

Consortium (1)

Project Results (25)

Source: CORDIS, the EU research results database.

Publications (24)
A Systematic Evaluation of Novel and Existing Cache Side Channels
Proceedings 2025 Network and Distributed System Security Symposium· 2025
Fabian Rauscher, Carina Fiedler, Andreas Kogler, Daniel Gruss
Cohere+Reload: Re-enabling High-Resolution Cache Attacks on AMD SEV-SNP
Lecture Notes in Computer Science, Detection of Intrusions and Malware, and Vulnerability Assessment· 2025DOI
Lukas Giner, Sudheendra Raghav Neela, Daniel Gruss
CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP
Proceedings of the Network and Distributed System Security (NDSS) Symposium 2025· 2025DOI
Stefan Gast, Hannes Weissteiner, Robin Leander Schröder, Daniel Gruss
Cross-Core Interrupt Detection: Exploiting User and Virtualized IPIs
Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security· 2025DOI
Fabian Rauscher, Daniel Gruss
Fast and Efficient Secure L1 Caches for SMT
Lecture Notes in Computer Science, Availability, Reliability and Security· 2025DOI
Lukas Giner, Roland Czerny, Simon Lammer, Aaron Giner, Paul Gollob, Jonas Juffinger, Daniel Gruss
Not So Secure TSC
Proceedings of the International Conference on Applied Cryptography and Network Security (ACNS)· 2025
Jonas Juffinger, Sudheendra Raghav Neela, Daniel Gruss
Power-Related Side-Channel Attacks using the Android Sensor Framework
Proceedings of the Network and Distributed System Security Symposium 2025· 2025
Mathias Oberhuber, Martin Unterguggenberger, Lukas Maar, Andreas Kogler, Stefan Mangard
Secret Spilling Drive: Leaking User Behavior through SSD Contention
Proceedings of the Network and Distributed System Security Symposium 2025· 2025
Jonas Juffinger, Fabian Rauscher, Giuseppe La Manna, Daniel Gruss
Systematic Analysis of Kernel Security Performance and Energy Costs
Proceedings of the 20th ACM Asia Conference on Computer and Communications Security· 2025DOI
Fabian Rauscher, Benedict Herzog, Timo Hönig, Daniel Gruss
TDXploit: Novel Techniques for Single-Stepping and Cache Attacks on Intel TDX
Proceedings of the 34th USENIX Security Symposium· 2025
Fabian Rauscher, Luca Wilke, Hannes Weissteiner, Thomas Eisenbarth, Daniel Gruss
TEEcorrelate: An Information-Preserving Defense against Performance-Counter Attacks on TEEs
Proceedings of the 34th USENIX Security Symposium· 2025
Hannes Weissteiner, Fabian Rauscher, Robin Leander Schröder, Jonas Juffinger, Stefan Gast, Jan Wichelmann, Thomas Eisenbarth, Daniel Gruss
The HMB Timing Side Channel: Exploiting the SSD’s Host Memory Buffer
Lecture Notes in Computer Science, Detection of Intrusions and Malware, and Vulnerability Assessment· 2025DOI
Jonas Juffinger, Hannes Weissteiner, Thomas Steinbauer, Daniel Gruss
When Good Kernel Defenses Go Bad: Reliable and Stable Kernel Exploits via Defense-Amplified TLB Side-Channel Leaks
Proceedings of the 34th USENIX Security Symposium· 2025
Lukas Maar, Lukas Giner, Daniel Gruss, Stefan Mangard
Zero-Click SnailLoad: From Minimal to No User Interaction
Lecture Notes in Computer Science, Computer Security – ESORICS 2025· 2025DOI
Stefan Gast, Nora Puntigam, Simone Franza, Sudheendra Raghav Neela, Daniel Gruss, Johanna Ullrich
CacheWarp: Software-based Fault Injection using Selective State Reset
Proceedings of the 33rd USENIX Security Symposium· 2024
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz
Generic and Automated Drive-by GPU Cache Attacks from the Browser
Proceedings of the 19th ACM Asia Conference on Computer and Communications Security· 2024DOI
Lukas Giner, Roland Czerny, Christoph Gruber, Fabian Rauscher, Andreas Kogler, Daniel De Almeida Braga, Daniel Gruss
IdleLeak: Exploiting Idle State Side Effects for Information Leakage
Proceedings 2024 Network and Distributed System Security Symposium· 2024DOI
Fabian Rauscher, Andreas Kogler, Jonas Juffinger, Daniel Gruss
KernelSnitch: Side-Channel Attacks on Kernel Data Structures
Proceedings 2024 Network and Distributed System Security Symposium· 2024
Lukas Maar, Jonas Juffinger, Thomas Steinbauer, Daniel Gruss, Stefan Mangard
Presshammer: Rowhammer and Rowpress Without Physical Address Information
Lecture Notes in Computer Science, Detection of Intrusions and Malware, and Vulnerability Assessment· 2024DOI
Jonas Juffinger, Sudheendra Raghav Neela, Martin Heckel, Lukas Schwarz, Florian Adamsky, Daniel Gruss
Remote Scheduler Contention Attacks
Proceedings of the International Conference on Financial Cryptography and Data Security· 2024
Stefan Gast, Jonas Juffinger, Lukas Maar, Christoph Royer, Andreas Kogler, Daniel Gruss
SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel
Proceedings of the 33rd USENIX Security Symposium· 2024
Lukas Maar, Stefan Gast, Martin Unterguggenberger, Mathias Oberhuber, Stefan Mangard
SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript
Proceedings of the 33rd USENIX Security Symposium· 2024
Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, Daniel Gruss
SUIT: Secure Undervolting with Instruction Traps
Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2· 2024DOI
Jonas Juffinger, Stepan Kalinin, Daniel Gruss, Frank Mueller
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
Proceedings of the 32nd USENIX Security Symposium· 2023
Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard
Deliverables (1)
Data Management Plan