Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 19 Oct 2016 14:00:00 -0500
From:      Beach Geek <labeachgeek@gmail.com>
To:        freebsd-hackers@freebsd.org
Subject:   Attacking Branch Predictors to Bypass ASLR
Message-ID:  <CA%2BCmbW=L5fj3pJ0VYbhcHdqVfenhOKt9ZmNpfmOaLqzVpAt9Ow@mail.gmail.com>
In-Reply-To: <CA%2BCmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com>
References:  <CA%2BCmbWmNtwz%2BDfpEt5Gc0Ww3-eTT5DiMVczXgnXgoqc9KfUsxA@mail.gmail.com> <CA%2BCmbW=pOc-McyHrFS8QQy1zxByF4BUO=jqQdsf=J8d_kRi_jw@mail.gmail.com> <CA%2BCmbW=MRGHPRFjX4a_LQveyP80-1wLf44a9Jz2QGvy2KhDOcA@mail.gmail.com> <CA%2BCmbW=a06oqVZnW4uM9ijQWsnbUJq%2B95oLEbef2tZOQRWejeA@mail.gmail.com> <CA%2BCmbWkGyePScePpVgXSZDZOz1fyUsmrrR9ozR5X9Zoin5a-oQ@mail.gmail.com> <CA%2BCmbWkz9iFco_k5AEkh8dCdFxOkwJY-vUnUCE7JWZsg2waS4g@mail.gmail.com> <CA%2BCmbWkwePCPwoMKgKFqR_J=vBf%2BOTvnUEME7v7-Cip3De0yUA@mail.gmail.com> <CA%2BCmbW=gJTJDN2KYnwhmau36mJmr2ihQ2h=UwBM7QeCrQMEVaw@mail.gmail.com> <CA%2BCmbWnA3Tu4vgRggKNgL56Tf9LuajRg9HX0KJQ=ZoPbVbPjEQ@mail.gmail.com> <CA%2BCmbW=yR-tkKvuz=oBowb91xn0DkBOBK5W55jGj6mEh0=rY2g@mail.gmail.com> <CA%2BCmbW=gHAtuEMMTKYLdzvr9jipNxmyUY119Z_onB4-hqcsqxg@mail.gmail.com> <CA%2BCmbW=ed85QfP4L%2BK46Js_MtL7xkxfkXHk1VbxqHRMwcGUYkg@mail.gmail.com> <CA%2BCmbWkSsWBGWCe7R-32Qtb8u92RN2VDTShGOKgxvOLrB2-_bQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This came across my tech news feed. It's a bit early and more testing is
being done, but I wanted to start a discussion about it.

Does this affect FreeBSD?
If so, severity?
Can this be countered/fixed in the OS?

Link to 13 page paper:
http://www.cs.ucr.edu/~nael/pubs/micro16.pdf

Quotes:

"Today, ASLR-based defenses are
widely adopted in all major Operating Systems (OS), including
Linux [17], Windows [18] and OS X [19]. Smartphone system
software such as iOS [20] and Android [13] also use ASLR."

"We demonstrate that our attack can reliably recover
kernel ASLR in about 60 milliseconds when performed on a real
Haswell processor running a recent version of Linux. Finally, we
describe several possible protection mechanisms, both in software
and in hardware."

Opinions of whether this is a viable hack against FreeBSD systems?

BG



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BCmbW=L5fj3pJ0VYbhcHdqVfenhOKt9ZmNpfmOaLqzVpAt9Ow>