Pietro Borrello

Pietro Borrello

Ph.D. Student in Systems Security

Sapienza University of Rome

Biography

I am a PhD Student at the Sapienza University of Rome, working on Systems Security. My focus is applying Fuzzing and Program Analysis techniques to find and mitigate architectural and microarchitectural vulnerabilities.

I am also a passionate CTF player focusing on exploitation and reverse-engineering with TRX and mhackeroni teams.

Co-founder and current lead of the DEFCON Group in Rome.

Black Hat speaker and Pwnie Award winner:

  • Best Desktop Bug for “ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture”
  • Most Innovative Research for “Custom Processing Unit: Tracing and Patching Intel Atom Microcode”
Interests
  • Systems Security
  • Microarchitectural Attacks & Defenses
  • Side-Channels
  • Program Analysis
  • Fuzzing
Education

  • PhD in Engineering in Computer Science (current), 2023

    Sapienza University of Rome

  • MSc in Engineering in Computer Science, 2019

    Sapienza University of Rome

  • BSc in Engineering in Computer Science, 2017

    Sapienza University of Rome

Projects

Custom Processing Unit

Custom Processing Unit

The first dynamic analysis framework for CPU microcode. Pwnie Award for Most Innovative Research

Code Slides
ÆPIC Leak

ÆPIC Leak

Architecturally Leaking Uninitialized Data from the Microarchitecture. Pwnie Award for Best Desktop Bug

PDF Code Slides
Constantine

Constantine

A compiler-based system to automatically harden programs against microarchitectural side channels.

PDF Code
Intel Atom Microcode Decompiler

Intel Atom Microcode Decompiler

Ghidra Processor Module to disassemble and decompile x86 Intel Atom microcode.

Code
raindrop

raindrop

A binary translator to transform program functions into obfuscated ROP chains.

PDF Code

Talks

Custom Processing Unit
Tracing and Patching Intel Atom Microcode.
Aug 10, 2022 12:00 AM — 12:00 AM Black Hat USA 2022
PDF Project
Custom Processing Unit
ÆPIC Leak
Architecturally Leaking Uninitialized Data from the Microarchitecture.
Aug 9, 2022 12:00 AM — 12:00 AM Black Hat USA 2022
PDF Project
ÆPIC Leak
The Lord of the Ring0
Exploiting the Linux Kernel for Privilege Escalation.
Dec 10, 2021 12:00 PM — 1:00 PM TU Graz Online Talk
PDF
The Lord of the Ring0
Breaking the walls
CPU introspection through micro-architectural data sampling.
Jan 31, 2020 5:00 PM — 6:00 PM DEFCON Group Meeting
PDF Meeting
Breaking the walls
Transient Execution Attacks
Deep dive into transient execution attacks.
May 31, 2019 4:00 PM — 6:00 PM DEFCON Group Meeting
PDF 1 PDF 2 Meeting
Transient Execution Attacks

Publications

Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz (2023). CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. WOOT.

PDF Cite Code

M. Schwarzl, Pietro Borrello, G. Saileshwar, H. Mueller, D. Gruss, M. Schwarz (2023). Practical Timing Side-Channel Attacks on Memory Compression. Security & Privacy.

Cite

M. Schwarzl, Pietro Borrello, A. Kogler, T. Schuster, K. Varda, D. Gruss, M. Schwarz (2022). Robust and Scalable Process Isolation against Spectre in the Cloud. ESORICS.

PDF Cite Project DOI

Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz (2022). ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. USENIX SECURITY.

PDF Cite Code

Pietro Borrello, D.C. D'Elia, L. Querzoni, C. Giuffrida (2021). Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization. ACM CCS.

PDF Cite Code Slides DOI

Pietro Borrello, E. Coppa, D.C. D'Elia (2021). Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation. ACM DSN.

PDF Cite Code DOI

Pietro Borrello, E. Coppa, D.C. D'Elia, C. Demetrescu (2019). The ROP needle: hiding trigger-based injection vectors via code reuse. ACM SAC.

PDF Cite DOI

Pietro Borrello, E. Coppa, D.C. D'Elia, C. Demetrescu (2018). Boosting Virtualization Obfuscation with Return Oriented Programming. Poster at ACM ACSAC.

M. Angelini, G. Blasilli, Pietro Borrello, E. Coppa, D.C. D'Elia, S. Ferracci, S. Lenti, G. Santucci (2018). Ropmate: Visually Assisting the Creation of ROP-Based Exploits. IEEE VizSec.

PDF Cite Code DOI

CVEs
CVE-2023-25012 use-after-free in the Linux kernel
CVE-2022-21233 information disclosure in Intel CPUs (ÆPIC Leak)
CVE-2022-33070 undefined behavior in protobuf-c
CVE-2022-33069 DoS in solidity compiler
CVE-2022-33068 integer overflow vulnerability in Harfbuzz
CVE-2022-33067 undefined behavior in lzrip
CVE-2022-28049 DoS in njs
CVE-2022-28048 undefined behavior in stb
CVE-2022-28044 invalid free in lrzip
CVE-2022-28042 use-after-free in stb
CVE-2022-28041 integer overflow vulnerability in stb
CVE-2022-1515 DoS in matio
CVE-2022-1475 integer overflow vulnerability in FFmpeg
CVE-2020-11713 timing side-channel vulnerability in wolfSSL

[Linux kernel patches]