Sign In

Communications of the ACM

ACM TechNews

A Chip Flaw Strips Away Hacking Protections for Millions of Devices


Ccorrecting the exploit will require new chips with architectures that partition the MMU and its page table from the cache.

A team of Dutch researchers has found a technique that undermines address space layout randomization.

Credit: Getty Images

The VUSec team at the Free University of Amsterdam in the Netherlands has demonstrated an exploit that undercuts address space layout randomization (ASLR), a basic safeguard used in all modern operating systems.

ASLR randomizes where programs run in device memory, but the VUSec approach exploits microprocessor and memory interaction to enable a simple Javascript attack.

"By monitoring the MMU (memory management unit) very closely, the Javascript can find out about its own addresses, which it's not supposed to do," says Free University's Ben Gras.

The malevolent code overwrites the processor's cache, one unit of memory at a time, until the MMU decelerates. "The cache is like the cogs in the safe that produce those little clicks that allow you to crack it," Gras notes.

The VUSec team says correcting the exploit will require new chips with architectures that partition the MMU and its page table from the cache.

From Wired
View Full Article

 

Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


 

No entries found

Read CACM in a free mobile app!
Access the latest issue, plus archived issues and more
ACM Logo
  • ACM CACM apps available for iPad, iPhone and iPod Touch, and Android platforms
  • ACM Digital Library apps available for iOS, Android, and Windows devices
  • Download an app and sign in to it with your ACM Web Account
Find the app for your mobile device
ACM DL Logo