Exploiting side-channel attacks with ASLR cache vulnerabilities (AnC)

This entry was posted on Monday, March 13th, 2017.

Researchers from Vrije University in the Netherlands have developed a side-channel attack that neatly bypasses address space layout randomization (ASLR). As the researchers explain, ASLR randomizes the location of an application’s code and data in the virtual address space, making it difficult for attackers to leak, manipulate data or reuse the code to compromise the application. Nevertheless, the new attack is fully capable of derandomizing ASLR from JavaScript without relying on any software feature.

“The memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks. This is fundamental to efficient code execution in modern processors. Unfortunately, this cache hierarchy is also shared by untrusted applications, such as JavaScript code running in the browser,” the researchers stated in a recent post.

“We have built a side-channel attack, specifically an EVICT+TIME cache attack, that can detect which locations in the page table pages are accessed during a page table walk performed by the MMU. For example, on the x86_64 architecture, our attack can find the offsets that are accessed by the MMU for each of the four-page table pages. The offset within each page breaks nine bits of entropy so even a perfect ASLR implementation with 36 bits of entropy is not safe.”

So, how does the attack work? Well, ASLR⊕Cache (AnC) flushes part of the last level cache and subsequently times the MMU’s page table walk performed due to a memory access.

“This already finds cache lines of interest in the page table page,” the researchers explained. “To further distinguish which cache lines belong to which page table level and find the page table entry offset (e.g., 8 bytes on x86_64) within the cache line (e.g., 64 bytes on x86_64), AnC accesses various offsets within the target buffer or code.”

It should be noted that AnC – which has been implemented natively and in JavaScript – affects 22 different microarchitectures. According to Rambus Security Fellow Pankaj Rohatgi, AnC highlights how simple defense mechanisms against malware can be subverted in modern CPUs that focus on improving performance at the cost of increased complexity and resource sharing between sensitive and untrusted parts of the system.

“This resource sharing creates side-channels that allow untrusted code to subvert system security,” Rohatgi told Rambus Press. “That is why, for security conscious customers, we recommend that critical system security functionality be implemented in a separate root-of-trust solution such as CryptoManagerTM, with its dedicated focus is on security.”

Interested in learning more about CryptoManager? You can check out our product page here.