Jump over ASLR: Attacking branch predictors to bypass ASLR

@article{Evtyushkin2016JumpOA,
  title={Jump over ASLR: Attacking branch predictors to bypass ASLR},
  author={Dmitry Evtyushkin and Dmitry V. Ponomarev and Nael B. Abu-Ghazaleh},
  journal={2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)},
  year={2016},
  pages={1-13}
}

Dmitry Evtyushkin, Dmitry V. Ponomarev, Nael B. Abu-Ghazaleh
Published 2016 in
2016 49th Annual IEEE/ACM International Symposium…

Address Space Layout Randomization (ASLR) is a widely-used technique that protects systems against a range of attacks. ASLR works by randomizing the offset of key program segments in virtual memory, making it difficult for an attacker to derive the addresses of specific code objects and consequently redirect the control flow to this code. In this paper, we develop an attack to derive kernel and user-level ASLR offset using a side-channel attack on the branch target buffer (BTB). Our attack… CONTINUE READING

Highly Cited

This paper has 57 citations. REVIEW CITATIONS

12 Figures & Tables

Topics

Statistics

Citations
Citation Velocity
Citation Acceleration

Citations per Year

58 Citations

Semantic Scholar estimates that this publication has 58 citations based on the available data.

See our FAQ for additional information.

Cited By

Sort by:

Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, Marcus Peinado
USENIX Security Symposium
2017

KASLR is Dead: Long Live KASLR

Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard
ESSoS
2017

LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization

David Gens, Orlando Arias, Dean Sullivan, Christopher Liebchen, Yier Jin, Ahmad-Reza Sadeghi
RAID
2017

Spectre Attacks: Exploiting Speculative Execution

Paul Kocher, Daniel Genkin, +7 authors Yuval Yarom
meltdownattack.com
2018

A case for exposing extra-architectural state in the ISA: position paper

Jason Lowe-Power, Venkatesh Akella, Matthew K. Farrens, Samuel T. King, Christopher J. Nitta
HASP@ISCA
2018

Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets

Andrea Biondo, Mauro Conti, Daniele Lain
NDSS
2018

BranchScope: A New Side-Channel Attack on Directional Branch Predictor

Dmitry Evtyushkin, Ryan Riley, Nael B. Abu-Ghazaleh, Dmitry V. Ponomarev
ASPLOS
2018

CheckMate: Automated Exploit Program Generation for Hardware Security Verification

Caroline Trippel
2018

EPA-RIMM: A Framework for Dynamic SMM-based Runtime Integrity Measurement

MicroStache: A Lightweight Execution Context for In-Process Safe Region Isolation

Lucian Mogosanu, Ashay Rane, Nathan Dautenhahn
RAID
2018

‹
1
2
3
4
5
›

References

Sort by:

Showing 1-10 of 62 references

Address-space layout randomization using code islands

Haizhi Xu, Steve J. Chapin
Journal of Computer Security
2009

Practical Timing Side Channel Attacks against Kernel Space ASLR

Ralf Hund, Carsten Willems, Thorsten Holz
2013 IEEE Symposium on Security and Privacy
2013

Flexible Hardware-Managed Isolated Execution: Architecture, Software Support and Applications

Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry Ponomarev, Nael Abu Ghazaleh, Ryan Riley
IEEE Transactions on Dependable and Secure…
2018

A high-resolution side-channel attack on last-level cache

Mehmet Kayaalp, Nael B. Abu-Ghazaleh, Dmitry V. Ponomarev, Aamer Jaleel
2016 53nd ACM/EDAC/IEEE Design Automation…
2016

Derandomizing Kernel Address Space Layout for Memory Introspection and Forensics

Yufei Gu, Zhiqiang Lin
CODASPY
2016

Sanctum: Minimal Hardware Extensions for Strong Software Isolation

Victor Costan, Ilia A. Lebedev, Srinivas Devadas
USENIX Security Symposium
2016

Understanding and Mitigating Covert Channels Through Branch Predictors

Dmitry Evtyushkin, Dmitry V. Ponomarev, Nael B. Abu-Ghazaleh
TACO
2016

ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks

Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, Wenke Lee
ACM Conference on Computer and Communications…
2015

Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems

Yuanzhong Xu, Weidong Cui, Marcus Peinado
2015 IEEE Symposium on Security and Privacy
2015

Covert channels through branch predictors: a feasibility study

Dmitry Evtyushkin, Dmitry V. Ponomarev, Nael B. Abu-Ghazaleh
HASP@ISCA
2015

‹
1
2
3
4
5
›