Projekte pro Jahr
Abstract
In this paper, we analyze the hardware-based Meltdown mitigations in recent Intel microarchitectures, revealing that illegally accessed data is only zeroed out. Hence, while non-present loads stall the CPU, illegal loads are still executed. We present EchoLoad, a novel technique to distinguish load stalls from transiently executed loads. EchoLoad allows detecting physically-backed addresses from unprivileged applications, breaking KASLR in 40's on the newest Meltdown- and MDS-resistant Cascade Lake microarchitecture. As EchoLoad only relies on memory loads, it runs in highly-restricted environments, e.g., SGX or JavaScript, making it the first JavaScript-based KASLR break. Based on EchoLoad, we demonstrate the first proof-of-concept Meltdown attack from JavaScript on systems that are still broadly not patched against Meltdown, i.e., 32-bit x86 OSs. We propose FLARE, a generic mitigation against known microarchitectural KASLR breaks with negligible overhead. By mapping unused kernel addresses to a reserved page and mirroring neighboring permission bits, we make used and unused kernel memory indistinguishable, i.e., a uniform behavior across the entire kernel address space, mitigating the root cause behind microarchitectural KASLR breaks. With incomplete hardware mitigations, we propose to deploy FLARE even on recent CPUs.
Originalsprache | englisch |
---|---|
Titel | Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 |
Herausgeber (Verlag) | ACM/IEEE |
Seiten | 481-493 |
Seitenumfang | 13 |
ISBN (elektronisch) | 9781450367509 |
DOIs | |
Publikationsstatus | Veröffentlicht - 5 Okt. 2020 |
Veranstaltung | 15th ACM ASIA Conference on Computer and Communications Security: AsiaCCS 2020 - Virtuell Dauer: 5 Okt. 2020 → 9 Okt. 2020 |
Publikationsreihe
Name | Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 |
---|
Konferenz
Konferenz | 15th ACM ASIA Conference on Computer and Communications Security |
---|---|
Kurztitel | AsiaCCS 2020: |
Ort | Virtuell |
Zeitraum | 5/10/20 → 9/10/20 |
ASJC Scopus subject areas
- Software
- Computernetzwerke und -kommunikation
Fingerprint
Untersuchen Sie die Forschungsthemen von „KASLR: Break It, Fix It, Repeat“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 3 Abgeschlossen
-
Leakage-Free - Hardware-Software Informationsflussanalyse für Leckagefreie Code-Generierung
Gruss, D. (Teilnehmer (Co-Investigator))
1/10/18 → 30/09/20
Projekt: Forschungsprojekt
-
Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten
Mangard, S. (Teilnehmer (Co-Investigator))
1/05/18 → 31/10/20
Projekt: Forschungsprojekt
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S. (Teilnehmer (Co-Investigator))
1/09/16 → 31/12/21
Projekt: Forschungsprojekt
Aktivitäten
- 2 Vortrag bei Konferenz oder Fachtagung
-
KASLR: Break It, Fix It, Repeat
Canella, C. A. (Redner/in)
7 Okt. 2020Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science
-
Store-to-Leak Forwarding: There and Back Again
Canella, C. A. (Redner/in), Giner, L. (Redner/in) & Schwarz, M. (Redner/in)
2 Okt. 2020Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science