Method of Timing Attack for Linux Against KASLR
For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resul...
| Published in: | Jisuanji gongcheng |
|---|---|
| Main Author: | |
| Format: | Article |
| Language: | English |
| Published: |
Editorial Office of Computer Engineering
2021-08-01
|
| Subjects: | |
| Online Access: | https://www.ecice06.com/fileup/1000-3428/PDF/20210823.pdf |
| _version_ | 1848664450809200640 |
|---|---|
| author | CONG Mou, ZHANG Ping, WANG NING |
| author_facet | CONG Mou, ZHANG Ping, WANG NING |
| author_sort | CONG Mou, ZHANG Ping, WANG NING |
| collection | DOAJ |
| container_title | Jisuanji gongcheng |
| description | For Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures. |
| format | Article |
| id | doaj-art-16aa4e3948bc4aa59fa19fc72d554f3c |
| institution | Directory of Open Access Journals |
| issn | 1000-3428 |
| language | English |
| publishDate | 2021-08-01 |
| publisher | Editorial Office of Computer Engineering |
| record_format | Article |
| spelling | doaj-art-16aa4e3948bc4aa59fa19fc72d554f3c2025-10-31T03:06:41ZengEditorial Office of Computer EngineeringJisuanji gongcheng1000-34282021-08-0147817718210.19678/j.issn.1000-3428.0058582Method of Timing Attack for Linux Against KASLRCONG Mou, ZHANG Ping, WANG NING01. Institute of Computer Science and Technology, Changchun University of Science and Technology, Changchun 130022, China;2. Army Academy of Armored Forces, Beijing 100072, China;3. The Third Research Institute of Ministry of Public Security, Beijing 100142, ChinaFor Linux systems with Kernel Address Space Layout Randomization(KASLR) protection, this paper proposes a Cache instant attack method based on CPU prefetch instruction. When the prefetch instructions of Intel CPU prefetch data that is not mapped to physical address, a Cache failure will occur, resulting in the consumption of CPU clock cycles longer than the data mapped to physical address. According to this feature, the CPU clock cycle consumption is obtained by using the rdtscp instruction, and the protection of KASLR technology is bypassed by using timing attacks, so as to accurately obtain the Offset of kernel address mapping. Experimental results show that this attack method can bypass the KASLR protection of Linux operating system to obtain the accurate mapping location of kernel address, and avoid causing a large number of Cache failures.https://www.ecice06.com/fileup/1000-3428/PDF/20210823.pdfkernel address space layout randomization (kaslr)|prefetch instruction|timing attack|kernel|cache miss |
| spellingShingle | CONG Mou, ZHANG Ping, WANG NING Method of Timing Attack for Linux Against KASLR kernel address space layout randomization (kaslr)|prefetch instruction|timing attack|kernel|cache miss |
| title | Method of Timing Attack for Linux Against KASLR |
| title_full | Method of Timing Attack for Linux Against KASLR |
| title_fullStr | Method of Timing Attack for Linux Against KASLR |
| title_full_unstemmed | Method of Timing Attack for Linux Against KASLR |
| title_short | Method of Timing Attack for Linux Against KASLR |
| title_sort | method of timing attack for linux against kaslr |
| topic | kernel address space layout randomization (kaslr)|prefetch instruction|timing attack|kernel|cache miss |
| url | https://www.ecice06.com/fileup/1000-3428/PDF/20210823.pdf |
| work_keys_str_mv | AT congmouzhangpingwangning methodoftimingattackforlinuxagainstkaslr |