“We have built a side-channel attack, specifically an EVICT+TIME cache attack, that can detect which locations in the page table pages are accessed during a page table walk performed by the MMU. For example, on the x86_64 architecture, our attack can find the offsets that are accessed by the MMU for each of the four-page table pages. The offset within each page breaks nine bits of entropy so even a perfect ASLR implementation with 36 bits of entropy is not safe.”
So, how does the attack work? Well, ASLR⊕Cache (AnC) flushes part of the last level cache and subsequently times the MMU’s page table walk performed due to a memory access.
“This already finds cache lines of interest in the page table page,” the researchers explained. “To further distinguish which cache lines belong to which page table level and find the page table entry offset (e.g., 8 bytes on x86_64) within the cache line (e.g., 64 bytes on x86_64), AnC accesses various offsets within the target buffer or code.”
“This resource sharing creates side-channels that allow untrusted code to subvert system security,” Rohatgi told Rambus Press. “That is why, for security conscious customers, we recommend that critical system security functionality be implemented in a separate root-of-trust solution such as CryptoManagerTM, with its dedicated focus is on security.”
Interested in learning more about CryptoManager? You can check out our product page here.