Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security最新文献

筛选

英文中文

Breaking KASLR on Mobile Devices without Any Use of Cache Memory 在不使用任何缓存的情况下打破移动设备上的KASLR

Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2022-11-07 DOI: 10.1145/3560834.3563823

Milad Seddigh, M. Esfahani, Sarani Bhattacharya, Mohammadreza Aref, H. Soleimany

{"title":"Breaking KASLR on Mobile Devices without Any Use of Cache Memory","authors":"Milad Seddigh, M. Esfahani, Sarani Bhattacharya, Mohammadreza Aref, H. Soleimany","doi":"10.1145/3560834.3563823","DOIUrl":"https://doi.org/10.1145/3560834.3563823","url":null,"abstract":"Microarchitectural attacks utilize the performance optimization constructs that have been studied over decades in computer architecture research and show the vulnerability of such optimizations in a realistic framework. One such highly performance driven vulnerable construct is speculative execution. In this paper, we focus on the problem of breaking the kernel address-space layout randomization (KASLR) on modern mobile devices without using cache memory as a medium of observation. However, there are some challenges to breaking KASLR on ARM CPUs. The first challenge is that eviction strategies on ARM CPUs are slow, and the microarchitectural attacks exploiting the cache as a covert channel cannot be implemented on modern ARM CPUs. The second challenge is that non-canonical addresses are stored in the store buffer, although they are invalid. As a result, previous microarchitectural attacks distinguish such addresses as valid kernel addresses erroneously. In this paper, we focus on these challenges to close current gaps in the implementation of recent attacks against modern CPUs. We show how a Translation Look-aside Buffer (TLB) can be used to circumvent the cache memory as a covert channel in order to attack ASLR on both ARM and Intel CPUs. To the best of our knowledge, we are the first to break KASLR on ARM-based Android and iOS mobile devices. Furthermore, our attacks can be performed in JavaScript to break KASLR of the browser without the need for an Evict+Reload operation, which consumes a lot of time. The results of our attacks show that the attacker can distinguish whether or not the virtual address is valid in less than 0.0417 seconds and 0.0488 seconds on Android and iOS mobile devices, respectively.","PeriodicalId":263570,"journal":{"name":"Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123788431","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

Leveraging Layout-based Effects for Locking Analog ICs 利用基于布局的效果锁定模拟ic

Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security Pub Date : 2022-09-05 DOI: 10.1145/3560834.3563826

Muayad J. Aljafar, F. Azaïs, M. Flottes, S. Pagliarini

{"title":"Leveraging Layout-based Effects for Locking Analog ICs","authors":"Muayad J. Aljafar, F. Azaïs, M. Flottes, S. Pagliarini","doi":"10.1145/3560834.3563826","DOIUrl":"https://doi.org/10.1145/3560834.3563826","url":null,"abstract":"While various obfuscation methods exist in the digital domain, techniques for protecting Intellectual Property (IP) in the analog domain are mostly overlooked. Understandably, analog components have a small footprint as most of the surface of an Integrated Circuit (IC) is digital. Yet, since they are challenging to design and tune, they constitute a valuable IP that ought to be protected. This paper is the first to show a method to secure analog IP by exploiting layout-based effects that are typically seen as undesirable detractors in IC design. Specifically, we make use of the effects of Length of Oxide Diffusion and Well Proximity Effect on transistors for tuning the devices' critical parameters (e.g., gm and Vth). Such parameters are hidden behind key inputs, akin to the logic locking approach for digital ICs. The proposed technique is applied for locking an Operational Transconductance Amplifier. In order to showcase the robustness of the achieved obfuscation, the case studied circuit is simulated for a large number of key sets, i.e., >50K and >300K, and the results show a wide range of degradation in open-loop gain (up to 130dB), phase margin (up to 50 deg), 3dB bandwidth (≈2.5MHz), and power (≈1mW) of the locked circuit when incorrect keys are applied. Our results show the benefit of the technique and the incurred overheads. We also justify the non-effectiveness of reverse engineering efforts for attacking the proposed approach. More importantly, our technique employs only regular transistors and requires neither changes to the IC fabrication process nor any foundry-level coordination or trust.","PeriodicalId":263570,"journal":{"name":"Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129684284","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security 2022年硬件安全攻击与解决方案研讨会论文集

Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware Security Pub Date : 1900-01-01 DOI: 10.1145/3560834

引用次数: 0

首页上一页