Sign In

Communications of the ACM

ACM TechNews

A Chip Flaw Strips Away Hacking Protections for Millions of Devices


Ccorrecting the exploit will require new chips with architectures that partition the MMU and its page table from the cache.

A team of Dutch researchers has found a technique that undermines address space layout randomization.

Credit: Getty Images

The VUSec team at the Free University of Amsterdam in the Netherlands has demonstrated an exploit that undercuts address space layout randomization (ASLR), a basic safeguard used in all modern operating systems.

ASLR randomizes where programs run in device memory, but the VUSec approach exploits microprocessor and memory interaction to enable a simple Javascript attack.

"By monitoring the MMU (memory management unit) very closely, the Javascript can find out about its own addresses, which it's not supposed to do," says Free University's Ben Gras.

The malevolent code overwrites the processor's cache, one unit of memory at a time, until the MMU decelerates. "The cache is like the cogs in the safe that produce those little clicks that allow you to crack it," Gras notes.

The VUSec team says correcting the exploit will require new chips with architectures that partition the MMU and its page table from the cache.

From Wired
View Full Article

 

Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA


 

No entries found