Hlavní navigace

Názor ke zprávičce Nový javascriptový útok ASLR⊕Cache vyřadí ASLR na 22 procesorech od LH - Zdaaarek. Zrejme doslo k nedorozumeniu. Ta cast vety "ze...

  • Aktualita je stará, nové názory již nelze přidávat.
  • 16. 2. 2017 22:10

    LH (neregistrovaný)

    Zdaaarek.

    Zrejme doslo k nedorozumeniu. Ta cast vety "ze je deravej ten js" nie je v kontexte toho dokumentu pravdiva resp. ak pripustime, ze je pravdiva tak nepodstatna. Pani demonstrovali to, ze problem je v architekture spravy cache v modernych procesoroch (MMU) a ze spravanie sa cache v tychto systemoch je mozne vyuzit v prospech derandomizacie virtualnych adries pamatovych regionov (code a data) cielovych procesov (obeti) so zakladnymi pamatovymi opravneniami. Zakladne pamatove opravnenia boli preukazane tym, ze derandomizacia bola uspesna aj z tak restriktivneho prostredia ako je javascriptovy kod v priehladaci (vacsinou spustany v urcitej forme sw klietky (sandbox)).

    ;-)

    Cast z dokumentu
    "In this paper, we show that the problem is much more serious and that ASLR is fundamentally insecure on modern cache-based architectures. Specifically, we show that it is possible to derandomize ASLR completely from JavaScript, without resorting to esoteric operating system or application features. Unlike all previous approaches, we do not abuse weaknesses in the software (that are relatively easy to fix). Instead, our attack builds on hardware behavior that is central to efficient code execution: the fast translation of virtual to physical addresses in the MMU by means of page tables.

    Mitigating this attack without naively disabling caches is hard, since it targets the low-level operations of the MMU.We conclude that ASLR is fundamentally flawed in sandboxed environments such as JavaScript and future defenses should not rely on randomized virtual addresses as a building block."