CS 4800: Undergraduate Research
This course provides undergraduate students with opportunities to engage in research opportunities.
Faculty Advisor: Ren Quinn
If you are interested in taking this course, please discuss with a faculty advisor and fill out this form.
Towards Faster Speculative Execution Attacks
Damen Maughan – UCUR 2022, Poster
Spectre  is a CPU-level exploit that takes advantage of speculative execution to read secret data within the program space of a victim program. The process iterates through the victim program space, very slowly reading a single byte at a time. We propose a method for improving the speed by which Spectre can read secret data. Instead of reading an entire byte at a time, requiring 255 cache misses per byte, we split it up into 8 separate bits, requiring up to 8 cache misses per byte. By showing a faster method by which Spectre can read data, we expand the scope of possible ways to utilize this attack and thus reaffirm its seriousness.
Sound Wave Extraction from Background Accelerometer Readings
David Gary, Erick Gutierrez – UCUR 2022, Poster
Three-axis accelerometers, gyroscopes, and magnetometers are a necessary component for modern mobile devices, despite the fact that their data is not protected in the same way recordings from a microphone or camera would be. Studies have shown that this data can be exploited to reveal movement patterns and even matched to previously identified sound wave data for hotword detection. In this work, we attempt to expand what can be produced by using transform methods to extract full sound wave replications without previous identification or machine learning classification systems. Since there are few protections on accelerometer data in place, this study displays a severe vulnerability modern devices have to a new type of side-channel attack via the accelerometer.
ACCess Granted: Inferring Mobile Device Keystrokes Using Background Accelerometer Data.
Erick Gutierrez, David Gary – UCUR 2022, Poster
Accelerometers have become a common component in the mobile devices we use every day, and just like most data, many of the applications we use are able to access it. However, unlike the microphone and camera, there are no permission protocols protecting accelerometer data.. In this work, we collect accelerometer data on individual key presses when using a virtual on-screen keyboard. We then use that data to predict which key is pressed without acquiring the necessary security permissions to track keyboard inputs in the background. We explore how this information can be used to gather passwords and other sensitive information and emphasize the importance of required security permissions for accelerometer access.
Last Updated 04/03/2022