KASLR is Dead: Long Live KASLR
نویسندگان
چکیده
Modern operating system kernels employ address space layout randomization (ASLR) to prevent control-flow hijacking attacks and code-injection attacks. While kernel security relies fundamentally on preventing access to address information, recent attacks have shown that the hardware directly leaks this information. Strictly splitting kernel space and user space has recently been proposed as a theoretical concept to close these side channels. However, this is not trivially possible due to architectural restrictions of the x86 platform. In this paper we present KAISER, a system that overcomes limitations of x86 and provides practical kernel address isolation. We implemented our proof-of-concept on top of the Linux kernel, closing all hardware side channels on kernel address information. KAISER enforces a strict kernel and user space isolation such that the hardware does not hold any information about kernel addresses while running in user mode. We show that KAISER protects against double page fault attacks, prefetch side-channel attacks, and TSX-based side-channel attacks. Finally, we demonstrate that KAISER has a runtime overhead of only 0.28%.
منابع مشابه
Meltdown
The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indis...
متن کاملQur’anic Metaphors and Their English and Persian Translations: Dead or Alive?
The present study aims at discussing whether metaphors in the Qur’an, revealed more than 1400 years ago, are dead, moribund or live and how these three types of metaphors have been translated in three English and three Persian translations of the Qur’an. The results reveal that among 70 metaphors examined, while only about 32.85% are live metaphors, about 67.14% are moribund, but none of the ca...
متن کاملSpeculose: Analyzing the Security Implications of Speculative Execution in CPUs
Whenever modern CPUs encounter a conditional branch for which the condition cannot be evaluated yet, they predict the likely branch target and speculatively execute code. Such pipelining is key to optimizing runtime performance and is incorporated in CPUs for more than 15 years. In this paper, to the best of our knowledge, we are the first to study the inner workings and the security implicatio...
متن کاملDetermination of RT-PCR detection limit of live and dead Salmonella cells in raw and sterilized milk
The objective of the current study was to evaluate the reproducibility of a reverse transcriptase PCR (RT-PCR)-based technique to differentiate viable and dead Salmonella cells in raw and sterilized milk. The microorganism was initially inoculated into the milk samples followed by incubating at 37°C for 4 h prior to inactivation by heat at 80°C for 10 min. The treated and non-treated samples we...
متن کامل