Jump over ASLR: Attacking branch predictors to bypass ASLR

@article{Evtyushkin2016JumpOA,
  title={Jump over ASLR: Attacking branch predictors to bypass ASLR},
  author={Dmitry Evtyushkin and Dmitry V. Ponomarev and Nael B. Abu-Ghazaleh},
  journal={2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)},
  year={2016},
  pages={1-13}
}
Address Space Layout Randomization (ASLR) is a widely-used technique that protects systems against a range of attacks. ASLR works by randomizing the offset of key program segments in virtual memory, making it difficult for an attacker to derive the addresses of specific code objects and consequently redirect the control flow to this code. In this paper, we develop an attack to derive kernel and user-level ASLR offset using a side-channel attack on the branch target buffer (BTB). Our attack… CONTINUE READING
Highly Cited
This paper has 57 citations. REVIEW CITATIONS