Скачать или смотреть SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR

SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR

Скачать SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR

SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon

Apple recently transitioned from Intel processors to its own custom-designed ARM-based chips, known as Apple silicon. This shift presents unique challenges in addressing security issues, requiring huge research efforts into the security of Apple silicon-based systems. Despite the importance of these challenges, its security has not been explored as extensively as those of other processors like Intel and AMD.

To address this gap, we conduct an in-depth security analysis of the latest Apple silicon-based macOS systems. Our focus is primarily on the security of KASLR implementation and the potential for microarchitectural side-channel vulnerabilities. This is not straightforward, as macOS for Apple silicon includes advanced mitigations such as KPTI against side-channel attacks, making it challenging to break KASLR through traditional attack vectors.

In this talk, we introduce SysBumps, the first KASLR break attack on macOS for Apple silicon. SysBumps employs a novel approach that combines Spectre-type vulnerability in specific system calls and side effects of address translation on the TLB. This allows an attacker to effectively circumvent the robust security measures of the latest macOS. Our analysis has revealed that these vulnerabilities are present in 25 out of the 80 examined system calls.

We'll provide a detailed analysis of these vulnerabilities and demonstrate how SysBumps leverages these vulnerabilities to break KASLR. Additionally, we'll share our findings from testing SysBumps on various macOS versions and M-series processors. Our experiments reveal that SysBumps can successfully defeat KASLR in under 3 seconds across all tested configurations. Finally, we'll discuss potential countermeasures to protect against such attacks.

By:
Hyerean Jang | Ph.D. Student, Korea University
Youngjoo Shin | Professor, Korea University
Taehun Kim | Ph.D. Student, Korea University

Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-24/briefi...

Комментарии

Информация по комментариям в разработке