The University of Toronto’s Department of Computer Science, Mitacs and the Fields institute are launching a new student mobility collaboration, strengthening research ties with India.
University of Toronto team discovers vulnerability at hardware-software boundary in cloud systems
From left to right: David Lie, director of the Schwartz Reisman Institute, Gururaj Saileshwar, assistant professor in the Department of Computer Science, and Yuqin Yan, a student at the Department of Electrical & Computer Engineering, discovered a security flaw in AMD’s cloud protection technology, revealing how interactions between hardware and software can expose sensitive data. (Photos: provided)
Cloud computing has become an essential part of our everyday lives, both personally and professionally. Whether it’s storing family photos, running a business or training cutting-edge AI models, we rely on remote servers to keep our data safe and secure and trust that it won’t be modified in any way.
Although storing information in the cloud exposes data to potential risks, hardware vendors like AMD mitigate these risks by collaborating with major cloud providers such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure, to provide hardware-level protection that is meant to keep data secure and confidential even if the cloud provider experiences a security breach.
However, a team of University of Toronto researchers led by David Lie, director of the Schwartz Reisman Institute (SRI) and Gururaj Saileshwar, assistant professor in the Department of Computer Science, and executed by Yuqin Yan, a student at the Department of Electrical & Computer Engineering (ECE), found a flaw in these systems. They discovered that the complex interactions between the software that the cloud providers run, and the hardware-level protection, leads to new security challenges and vulnerabilities.
“Unlike most security vulnerabilities that are found in either the hardware or the software, what sets this discovery apart is that it was found in the interplay between the software and AMD’s hardware” said Lie, who is cross-appointed to the Department of Computer Science. “In this case, it was found when the hypervisor and central processing unit (CPU) interacted.”
We can think of a hypervisor as the “virtual landlord” of AMD’s chips. It is software that “rents” out computing resources, such as memory, to the cloud customer “tenants” allowing various customer workloads to run securely, independently and confidentially on its CPU.
AMD’s confidential computing technology is designed to protect such tenants in the event that the landlord is controlled by a malicious entity; in other words, if it is hacked. It encrypts data in a way that depends on its location within memory, so if the same data is stored in two places, it is encrypted completely differently. That makes it difficult for the hypervisor to know anything about the data or track it across locations, increasing the security of the data.
“The system lets the hypervisor move data around to manage memory efficiently,” explained Lie. “So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But, what we found was that by doing this over and over again, a malicious hypervisor can learn recurring patterns from within the data, which could lead to privacy breaches.”
Vulnerabilities like this have the potential to affect people and organizations alike.
“These are the kinds of unexpected consequences that come from the complexity of modern systems,” said Saileshwar. “The attack we discovered, which we call Relocate-Vote, shows how that complexity, especially at the boundary between secure hardware and untrusted software, can lead to serious vulnerabilities.”
The majority of the research was performed by ECE student Yuqin Yan. It also included now-graduated ECE student Wei Huang, ECE and SRI Postdoctoral Fellow Ilya Grishchenko, and UBC faculty member Aastha Mehta.
“Our role in academia is to identify vulnerabilities in real systems,” said Saileshwar. “I am proud of the work our team did. We are pleased that Yuqin was able to present this paper at the USENIX Security Symposium in Seattle, Washington.”
Going forward, Saileshwar notes that the consequences of hardware security are only going to grow and affect more organizations over time.
“As we move more of our data to the cloud, hardware security is becoming more important than ever,” said Saileshwar. “Hardware is becoming more complex, it’s adding more features all the time, and we’re relying on its security features even more. We’re placing a lot of trust in hardware, making the research our team is doing at the University of Toronto into hardware security issues more impactful than ever.”
For more information about Relocate-Vote, please visit the project website.
Original story by Andrea Wiseman for the Schwartz Reisman Institute
U of T CS faculty earn Ontario Early Researcher Awards for work in AI and imaging
U of T researchers find GPU vulnerability with ‘catastrophic’ effects on AI model accuracy
AI used to ‘democratize’ how we predict the weather
U of T CS professors launch venture studio to boost Canadian AI innovation: Globe and Mail
Vanguard and University of Toronto announce strategic artificial intelligence research partnership
(Photo: Matthew Volpe)
Vanguard today announced a new research initiative in collaboration with the Department of Computer Science at the University of Toronto to advance AI research and innovation for investors and the financial services industry by drawing on the University of Toronto’s world-renowned artificial intelligence (AI) and machine learning (ML) program.
As part of this collaboration, the University of Toronto Department of Computer Science will establish several labs composed of professors, post-doctoral fellows, and students to collaborate with Vanguard’s existing Toronto-based AI research team. Collectively, they will develop broad AI solutions and insights to address complex business challenges and drive innovation within the financial services industry.
“We are delighted to partner with the University of Toronto, a world-renowned academic institution at the cutting edge of AI innovation and research. This collaboration will not only enhance our capabilities to better serve investors with top-tier expertise and resources but also contribute to the broader field of AI, ultimately benefiting our clients and industry,” said Nitin Tandon, Managing Director and Chief Information Officer, Vanguard.
The initial focus of this initiative and research will include developing greater insight into:
Responsible AI Principles: Ensuring ethical and transparent use of AI.
Cognitive AI: Developing AI systems that can understand and interact with humans more naturally.
Autonomous AI Agents: Creating AI systems capable of independent decision-making.
Adaptive Frameworks for LLM Training: Enhancing the training of large language models to improve performance and reliability.
“This partnership with Vanguard is a significant step forward in applying AI and ML to the financial services sector. By collaborating with Vanguard’s skilled team, we aim to develop practical AI solutions that can directly improve people’s financial decision-making and outcomes. This collaboration will also provide valuable hands-on opportunities for our students and faculty to work on real-world projects, contributing to Toronto’s status as a global hub for AI research and innovation,” said Eyal de Lara, Professor and Chair of the University of Toronto Department of Computer Science.
“Over the past fourteen years, we have proudly served Canadian investors and we are happy to grow our presence and team in Toronto, a city that is rapidly becoming a global hub for AI innovation and top technology talent,” added Kathy Bock, Managing Director and Head of Vanguard Investments Canada Inc.
Investment in AI Research and Innovation
This program will include co-creating research papers, jointly participating in and hosting meetings, seminars, conferences and recruitment initiatives for research projects. This initiative will expand Vanguard’s AI team in Toronto to 90 roles, along with providing internship opportunities for University of Toronto students.
About Vanguard
Canadians own CAD $132 billion in Vanguard assets, including Canadian and U.S.-domiciled ETFs and Canadian mutual funds. Vanguard Investments Canada Inc. manages CAD $96 billion in assets (as of April 30, 2025) with 38 Canadian ETFs and ten mutual funds currently available. The Vanguard Group, Inc. is one of the world's largest investment management companies and a leading provider of company-sponsored retirement plan services. Vanguard manages USD $10 trillion (CAD $13.7 trillion) in global assets, including over USD $3.3 trillion (CAD $4.5 trillion) in global ETF assets (as of April 30, 2025). Vanguard has offices in the United States, Canada, Mexico, Europe and Australia. The firm offers 441 funds, including ETFs, to its more than 50 million investors worldwide.
Vanguard operates under a unique operating structure. Unlike firms that are publicly held or owned by a small group of individuals, The Vanguard Group, Inc. is owned by Vanguard's U.S.-domiciled funds and ETFs. Those funds, in turn, are owned by Vanguard clients. This unique mutual structure aligns Vanguard interests with those of its investors and drives the culture, philosophy, and policies throughout the Vanguard organization worldwide. As a result, Canadian investors benefit from Vanguard's stability and experience, low-cost investing, and client focus. For more information, please visit vanguard.ca.
About the University of Toronto Department of Computer Science
The Department of Computer Science at the University of Toronto is a global leader in computing research and education, consistently ranked among the top computer science departments worldwide. Known for its pioneering contributions to areas such as artificial intelligence, machine learning, human-computer interaction and systems, the department fosters a vibrant academic community that brings together world-renowned faculty, innovative researchers, and ambitious students. With strong ties to industry and a collaborative, interdisciplinary approach, U of T’s Department of Computer Science drives technological advancement and prepares graduates to become leaders in academia, industry and beyond.
The University of Toronto, founded in 1827, is Canada’s leading public research university, recognized globally for its academic excellence and innovation. Across its three campuses, the university offers over 700 undergraduate and 200 graduate programs. U of T is home to world-changing discoveries and continues to shape a better future through research, teaching and public impact.
Media Inquiries:
Matt Hintsa
Department of Computer Science, University of Toronto
Phone: 416-946-4098
matt.hintsa@utoronto.ca
Matt Gierasimczuk
Vanguard Canada Public Relations
Phone: 416-263-7087
matthew_gierasimczuk@vanguard.com
Three papers authored by U of T computer scientists among the most cited of the 21st century: Nature
Neural network behind Geoffrey Hinton’s Nobel Prize to be preserved by Computer History Museum
$2M from Ontario Research Fund to help scientists demystify black holes
ARIA showcase brings computer science innovation to life
U of T computational imaging researchers harness AI to ‘fly’ with light in motion
Ubisoft partners with U of T CS professors to transform digital avatars in video games
In awarding Nobel Prize, committee cites collaborative black hole research including U of T computer scientist Aviad Levis
In its scientific background for the 2024 Nobel Prize in Physics, the Nobel Committee notes the relevance of artificial intelligence in astrophysics and astronomy, including the first direct visual evidence of a supermassive black hole at the centre of our galaxy, research involving Assistant Professor Aviad Levis.
