Method of Timing Attack for Linux Against KASLR
Saved in:
| Title: | Method of Timing Attack for Linux Against KASLR |
|---|---|
| Authors: | CONG Mou, ZHANG Ping, WANG NING |
| Source: | Jisuanji gongcheng, Vol 47, Iss 8, Pp 177-182 (2021) |
| Publisher Information: | Editorial Office of Computer Engineering, 2021. |
| Publication Year: | 2021 |
| Collection: | LCC:Computer engineering. Computer hardware LCC:Computer software |
| Subject Terms: | kernel address space layout randomization (kaslr), prefetch instruction, timing attack, kernel, cache miss, Computer engineering. Computer hardware, TK7885-7895, Computer software, QA76.75-76.765 |
| Description: | For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures. |
| Document Type: | article |
| File Description: | electronic resource |
| Language: | English Chinese |
| ISSN: | 1000-3428 |
| Relation: | https://www.ecice06.com/fileup/1000-3428/PDF/20210823.pdf; https://doaj.org/toc/1000-3428 |
| DOI: | 10.19678/j.issn.1000-3428.0058582 |
| Access URL: | https://doaj.org/article/16aa4e3948bc4aa59fa19fc72d554f3c |
| Accession Number: | edsdoj.16aa4e3948bc4aa59fa19fc72d554f3c |
| Database: | Directory of Open Access Journals |
Nájsť tento článok vo Web of Science | Abstract: | For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures. |
|---|---|
| ISSN: | 10003428 |
| DOI: | 10.19678/j.issn.1000-3428.0058582 |