Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate that KASLR can still be broken, even with the latest OSs where KPTI is applied. In particular, we present a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines. The proposed attack leverages the memory deduplication feature on a hypervisor, which provides a timing channel for inferring secret information regarding the victim. By conducting experiments on KVM and VMware ESXi, we show that the propose...
The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspe...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Presented on September 23, 2016 at 12:00 p.m. in the Pettit Microelectronics Research Center, Room 1...
Kernel exploits are commonly used for privilege escalation to take full control over a system, e.g.,...
Kernel Address Space Layout Randomization (KASLR) has been repeatedly targeted by side-channel attac...
IEEE Modern operating system kernels deploy Kernel Address Space Layout Randomization (KASLR) to mit...
Countermeasures against kernel vulnerability attacks on an operating system (OS) are highly importan...
Modern systems rely on Address-Space Layout Ran-domization (ASLR) and Data Execution Prevention (DEP...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
ASLR is no longer a strong defense in itself, but it still serves as a foundation for sophisticated ...
Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address sp...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
Modern operating systems use hardware support to protect against control flow hijacking attacks such...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspe...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Presented on September 23, 2016 at 12:00 p.m. in the Pettit Microelectronics Research Center, Room 1...
Kernel exploits are commonly used for privilege escalation to take full control over a system, e.g.,...
Kernel Address Space Layout Randomization (KASLR) has been repeatedly targeted by side-channel attac...
IEEE Modern operating system kernels deploy Kernel Address Space Layout Randomization (KASLR) to mit...
Countermeasures against kernel vulnerability attacks on an operating system (OS) are highly importan...
Modern systems rely on Address-Space Layout Ran-domization (ASLR) and Data Execution Prevention (DEP...
ROP attack introduced briefly in this paper is a serious threat to compute systems. Kernel ROP attac...
ASLR is no longer a strong defense in itself, but it still serves as a foundation for sophisticated ...
Operating systems adopt kernel protection methods (e.g., mandatory access control, kernel address sp...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
Modern operating systems use hardware support to protect against control flow hijacking attacks such...
Return-to-user (ret2usr) attacks redirect corrupted kernel pointers to data residing in user space. ...
The security of a computer system depends on OS kernel protection. It is crucial to reveal and inspe...
ENGELSK: A monolithic operating system (OS) - such as Windows or Linux - distinguish between executi...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...