University of California, Riverside

Department of Electrical and Computer Engineering



Hardware Vulnerability used to Bypass Operating System Defense


Hardware Vulnerability used to Bypass Operating System Defense
 
ee

Hardware Vulnerability used to Bypass Operating System Defense

October 20, 2016

UCR's Nael Abu-Ghazaleh with collaborators Dmitry Ponomarev and Dmitry Evtyushkin from Binghamton University developed a new attack that enables hackers to bypass an important Operating System defense called ASLR (Address Space Layout Randomization).  The attack targets a unit in modern processors called the branch predictor to expose the location of branches in the kernel, allowing the attackers to derive their ASLR offset.  The attack, presented in a paper in the IEEE/ACM International Symposium on Microarchitecture, http://www.cs.ucr.edu/~nael/pubs/micro16.pdf, was reported on in by a number of technical news outlets including, Ars Technica, http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/,  Computer World, http://www.computerworld.com/article/3131975/security/flaw-in-intel-cpus-could-help-attackers-defeat-aslr-exploit-defense.html and PC World,  http://www.pcworld.com/article/3132969/security/flaw-in-intel-cpus-could-help-attackers-defeat-aslr-exploit-defense.html.

More in News

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Electrical and Computer Engineering
Suite 343 Winston Chung Hall
University of California, Riverside
Riverside, CA 92521-0429

Tel: (951) 827-2484
Fax: (951) 827-2425
E-mail: E-mail/Questions

Footer