当前位置:首页 > 报告详情

利用侧信道攻击绕过 ARM 的内存标记扩展.pdf

上传人: 竿*** 编号:981603 2025-11-29 68页 4.50MB

1、#BHUSA BlackHatEventsBypassing ARMs Memory Tagging Extension with a Side-Channel AttackSpeaker:Juhee Kim 2Juhee KimPh.D Student at CompSec Lab,Seoul National Universitykimjuhi96snu.ac.krFocuses on-Software and Systems security-Bug finding,Attack mitigation-Linux kernel,Web browser,GPU/ML systemsWhoa

2、miContributorsJinbum ParkSecurity researcher at Samsung ResearchSystem security,Confidential ComputingPublished in USENIX Security and ASPLOSSihyeon RohPh.D Student at CompSec LabHardware side-channelsJaeyoung ChungPh.D Student at CompSec LabSystem SecurityCTF playerYoungjoo LeePh.D Student at CompS

3、ec LabFuzzing,Browser security,Bug gountyCTF player3Taesoo KimVice president of Samsung Research Professor of Georgia TechWon several best paper awards from USENIX Security,EuroSysByoungyoung LeeProfessor of Seoul National UniversityLeads CompSec LabSystem security,Confidential computingPrevious CTF

4、 playerSpoken at Black HatMTE Tag Leakage Side-ChannelMTE4RoadmapCache Side-ChannelCacheSpeculative Executionif(cond)TrueFalseARM Memory Tagging ExtensionReal-world MTE Bypass AttackJSMTEMTE Tag Leakage Side-ChannelMTE5RoadmapCache Side-ChannelCacheSpeculative Executionif(cond)TrueFalseARM Memory Ta

5、gging ExtensionReal-world MTE Bypass AttackJSMTEMemory corruption attacksHeartbleed(2014)OpenSSL information leakBLASTPASS(2023)Bad Binder(2019)6have been the most pervasive and dangerous security threatsreggreSSHion(2024)What is Memory Corruption?7&obj1obj1PointerValid AccessMemory&obj2obj1PointerM

6、emoryInvalid Access(Out-of-bounds)obj2What is Memory Corruption?8&obj1obj1PointerValid AccessMemory&obj1FreedPointerMemoryInvalid Access(Use-after-free)70s-80sStack OverflowStack CanariesStackGuardASLRDEP/NXCFI90s2000s2010s2020sARM PACHeap OverflowROP/JOPDOPSpectreJIT sprayingAttack and Defense Tech

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要内容概括如下: 1. **ARM MTE安全特性**:ARM的内存标记扩展(MTE)旨在通过硬件检测内存损坏攻击,提高软件安全性。 2. **MTE漏洞**:研究发现,MTE存在标签泄露侧信道攻击,允许攻击者绕过MTE保护。 3. **攻击方法**:攻击者利用缓存侧信道和推测执行来泄露内存标签,从而绕过MTE。 4. **实际案例**:在Google Chrome和Linux内核中发现了利用MTE标签泄露的攻击实例。 5. **厂商响应**:ARM和Google等厂商已意识到问题,并建议硬件修复。 6. **未来展望**:MTE是一个有潜力的安全特性,但需要软件和硬件的进一步改进来增强其安全性。
安全漏洞还是未来希望?" 硬件漏洞还是软件挑战?" 如何破解内存安全?
客服
商务合作
小程序
服务号
折叠