Jump over ASLR: Attacking branch predictors to bypass ASLR
@article{Evtyushkin2016JumpOA, title={Jump over ASLR: Attacking branch predictors to bypass ASLR}, author={Dmitry Evtyushkin and D. Ponomarev and N. Abu-Ghazaleh}, journal={2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)}, year={2016}, pages={1-13} }
Address Space Layout Randomization (ASLR) is a widely-used technique that protects systems against a range of attacks. ASLR works by randomizing the offset of key program segments in virtual memory, making it difficult for an attacker to derive the addresses of specific code objects and consequently redirect the control flow to this code. In this paper, we develop an attack to derive kernel and user-level ASLR offset using a side-channel attack on the branch target buffer (BTB). Our attack… Expand
Figures, Tables, and Topics from this paper
Paper Mentions
News Article
159 Citations
Smokestack: Thwarting DOP Attacks with Runtime Stack Layout Randomization
- Computer Science
- 2019 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)
- 2019
- 5
Spectre Attacks: Exploiting Speculative Execution
- Computer Science
- 2019 IEEE Symposium on Security and Privacy (SP)
- 2019
- 911
- Highly Influenced
- PDF
PageDumper: a mechanism to collect page table manipulation information at run-time
- Computer Science
- 2020
Thwarting Control Plane Attacks with Displaced and Dilated Address Spaces
- Computer Science
- 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)
- 2020
RASSLE: Return Address Stack based Side-channel LEakage
- Computer Science
- IACR Trans. Cryptogr. Hardw. Embed. Syst.
- 2021
- PDF
References
SHOWING 1-10 OF 73 REFERENCES
Practical Timing Side Channel Attacks against Kernel Space ASLR
- Computer Science
- 2013 IEEE Symposium on Security and Privacy
- 2013
- 271
- Highly Influential
- PDF
Surgically Returning to Randomized lib(c)
- Computer Science
- 2009 Annual Computer Security Applications Conference
- 2009
- 119
- PDF
Improving address space randomization with a dynamic offset randomization technique
- Computer Science
- SAC
- 2006
- 18
- PDF
SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks
- Computer Science
- NDSS
- 2014
- 127
- PDF
TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks
- Computer Science
- 2012 39th Annual International Symposium on Computer Architecture (ISCA)
- 2012
- 145
- PDF
Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads
- Computer Science
- CCS
- 2015
- 78
- PDF