Proceedings 2017 Network and Distributed System Security Symposium 2017
DOI: 10.14722/ndss.2017.23271
|View full text |Cite
|
Sign up to set email alerts
|

ASLR on the Line: Practical Cache Attacks on the MMU

Abstract: Address space layout randomization (ASLR) is an important first line of defense against memory corruption attacks and a building block for many modern countermeasures. Existing attacks against ASLR rely on software vulnerabilities and/or on repeated (and detectable) memory probing. In this paper, we show that neither is a hard requirement and that ASLR is fundamentally insecure on modern cachebased architectures, making ASLR and caching conflicting requirements (ASLR⊕Cache, or simply AnC). To support this clai… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
177
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 169 publications
(177 citation statements)
references
References 41 publications
0
177
0
Order By: Relevance
“…In both attacks, the attacker manipulates the state of the cache and later on checks whether the state has changed. Besides attacks on cryptographic implementations [34], [55], these attack primitives can also be used to defeat ASLR [13] or to build covert-channels [22].…”
Section: A Microarchitectural Attacksmentioning
confidence: 99%
See 4 more Smart Citations
“…In both attacks, the attacker manipulates the state of the cache and later on checks whether the state has changed. Besides attacks on cryptographic implementations [34], [55], these attack primitives can also be used to defeat ASLR [13] or to build covert-channels [22].…”
Section: A Microarchitectural Attacksmentioning
confidence: 99%
“…ArrayBuffers are used in the same way as ordinary arrays but are faster and more memory efficient, as the underlying data is actually an array which cannot be resized [26]. If one virtual address within an ArrayBuffer is identified, the remaining addresses are also known, as both the addresses of the memory and the array indices are linear [14], [13].…”
Section: B Microarchitectural and Side-channel Attacks In Javascriptmentioning
confidence: 99%
See 3 more Smart Citations