Method of Timing Attack for Linux Against KASLR
Uloženo v:
| Název: | Method of Timing Attack for Linux Against KASLR |
|---|---|
| Autoři: | CONG Mou, ZHANG Ping, WANG NING |
| Zdroj: | Jisuanji gongcheng, Vol 47, Iss 8, Pp 177-182 (2021) |
| Informace o vydavateli: | Editorial Office of Computer Engineering, 2021. |
| Rok vydání: | 2021 |
| Sbírka: | LCC:Computer engineering. Computer hardware LCC:Computer software |
| Témata: | kernel address space layout randomization (kaslr), prefetch instruction, timing attack, kernel, cache miss, Computer engineering. Computer hardware, TK7885-7895, Computer software, QA76.75-76.765 |
| Popis: | For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures. |
| Druh dokumentu: | article |
| Popis souboru: | electronic resource |
| Jazyk: | English Chinese |
| ISSN: | 1000-3428 |
| Relation: | https://www.ecice06.com/fileup/1000-3428/PDF/20210823.pdf; https://doaj.org/toc/1000-3428 |
| DOI: | 10.19678/j.issn.1000-3428.0058582 |
| Přístupová URL adresa: | https://doaj.org/article/16aa4e3948bc4aa59fa19fc72d554f3c |
| Přístupové číslo: | edsdoj.16aa4e3948bc4aa59fa19fc72d554f3c |
| Databáze: | Directory of Open Access Journals |
Nájsť tento článok vo Web of Science | Abstrakt: | For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures. |
|---|---|
| ISSN: | 10003428 |
| DOI: | 10.19678/j.issn.1000-3428.0058582 |