Pietro Borrello

Pietro Borrello

Ph.D. Student in Systems Security

Sapienza University of Rome

Biography

I am a PhD Student at the Sapienza University of Rome, working on Systems Security. My focus is applying Fuzzing and Program Analysis techniques to find and mitigate architectural and microarchitectural vulnerabilities.

I am also a passionate CTF player focusing on exploitation and reverse-engineering with TRX and mhackeroni teams.

Co-founder and current lead of the DEFCON Group in Rome.

Black Hat speaker and Pwnie Award winner:

  • Best Desktop Bug for “ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture”
  • Most Innovative Research for “Custom Processing Unit: Tracing and Patching Intel Atom Microcode”
Interests
  • Systems Security
  • Microarchitectural Attacks & Defenses
  • Side-Channels
  • Program Analysis
  • Fuzzing
Education
  • PhD in Engineering in Computer Science (current), 2023

    Sapienza University of Rome

  • MSc in Engineering in Computer Science, 2019

    Sapienza University of Rome

  • BSc in Engineering in Computer Science, 2017

    Sapienza University of Rome

Projects

Custom Processing Unit

Custom Processing Unit

The first dynamic analysis framework for CPU microcode. Pwnie Award for Most Innovative Research

ÆPIC Leak

ÆPIC Leak

Architecturally Leaking Uninitialized Data from the Microarchitecture. Pwnie Award for Best Desktop Bug

Constantine

Constantine

A compiler-based system to automatically harden programs against microarchitectural side channels.

Intel Atom Microcode Decompiler

Intel Atom Microcode Decompiler

Ghidra Processor Module to disassemble and decompile x86 Intel Atom microcode.

raindrop

raindrop

A binary translator to transform program functions into obfuscated ROP chains.

Publications

(2023). CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode. WOOT.

PDF Cite Code

(2023). Practical Timing Side-Channel Attacks on Memory Compression. Security & Privacy.

Cite

(2022). Robust and Scalable Process Isolation against Spectre in the Cloud. ESORICS.

PDF Cite Project DOI

(2022). ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. USENIX SECURITY.

PDF Cite Code

(2019). The ROP needle: hiding trigger-based injection vectors via code reuse. ACM SAC.

PDF Cite DOI

(2018). Boosting Virtualization Obfuscation with Return Oriented Programming. Poster at ACM ACSAC.

(2018). Ropmate: Visually Assisting the Creation of ROP-Based Exploits. IEEE VizSec.

PDF Cite Code DOI

CVEs

CVE-2023-25012 use-after-free in the Linux kernel
CVE-2022-21233 information disclosure in Intel CPUs (ÆPIC Leak)
CVE-2022-33070 undefined behavior in protobuf-c
CVE-2022-33069 DoS in solidity compiler
CVE-2022-33068 integer overflow vulnerability in Harfbuzz
CVE-2022-33067 undefined behavior in lzrip
CVE-2022-28049 DoS in njs
CVE-2022-28048 undefined behavior in stb
CVE-2022-28044 invalid free in lrzip
CVE-2022-28042 use-after-free in stb
CVE-2022-28041 integer overflow vulnerability in stb
CVE-2022-1515 DoS in matio
CVE-2022-1475 integer overflow vulnerability in FFmpeg
CVE-2020-11713 timing side-channel vulnerability in wolfSSL

[Linux kernel patches]