Date: Wed, 19 Oct 2016 14:00:00 -0500 From: Beach Geek <labeachgeek@gmail.com> To: freebsd-hackers@freebsd.org Subject: Attacking Branch Predictors to Bypass ASLR Message-ID: <CA%2BCmbW=L5fj3pJ0VYbhcHdqVfenhOKt9ZmNpfmOaLqzVpAt9Ow@mail.gmail.com> In-Reply-To: <CA%2BCmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com> References: <CA%2BCmbWmNtwz%2BDfpEt5Gc0Ww3-eTT5DiMVczXgnXgoqc9KfUsxA@mail.gmail.com> <CA%2BCmbW=pOc-McyHrFS8QQy1zxByF4BUO=jqQdsf=J8d_kRi_jw@mail.gmail.com> <CA%2BCmbW=MRGHPRFjX4a_LQveyP80-1wLf44a9Jz2QGvy2KhDOcA@mail.gmail.com> <CA%2BCmbW=a06oqVZnW4uM9ijQWsnbUJq%2B95oLEbef2tZOQRWejeA@mail.gmail.com> <CA%2BCmbWkGyePScePpVgXSZDZOz1fyUsmrrR9ozR5X9Zoin5a-oQ@mail.gmail.com> <CA%2BCmbWkz9iFco_k5AEkh8dCdFxOkwJY-vUnUCE7JWZsg2waS4g@mail.gmail.com> <CA%2BCmbWkwePCPwoMKgKFqR_J=vBf%2BOTvnUEME7v7-Cip3De0yUA@mail.gmail.com> <CA%2BCmbW=gJTJDN2KYnwhmau36mJmr2ihQ2h=UwBM7QeCrQMEVaw@mail.gmail.com> <CA%2BCmbWnA3Tu4vgRggKNgL56Tf9LuajRg9HX0KJQ=ZoPbVbPjEQ@mail.gmail.com> <CA%2BCmbW=yR-tkKvuz=oBowb91xn0DkBOBK5W55jGj6mEh0=rY2g@mail.gmail.com> <CA%2BCmbW=gHAtuEMMTKYLdzvr9jipNxmyUY119Z_onB4-hqcsqxg@mail.gmail.com> <CA%2BCmbW=ed85QfP4L%2BK46Js_MtL7xkxfkXHk1VbxqHRMwcGUYkg@mail.gmail.com> <CA%2BCmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This came across my tech news feed. It's a bit early and more testing is being done, but I wanted to start a discussion about it. Does this affect FreeBSD? If so, severity? Can this be countered/fixed in the OS? Link to 13 page paper: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf Quotes: "Today, ASLR-based defenses are widely adopted in all major Operating Systems (OS), including Linux [17], Windows [18] and OS X [19]. Smartphone system software such as iOS [20] and Android [13] also use ASLR." "We demonstrate that our attack can reliably recover kernel ASLR in about 60 milliseconds when performed on a real Haswell processor running a recent version of Linux. Finally, we describe several possible protection mechanisms, both in software and in hardware." Opinions of whether this is a viable hack against FreeBSD systems? BG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BCmbW=L5fj3pJ0VYbhcHdqVfenhOKt9ZmNpfmOaLqzVpAt9Ow>