MITIGATING ATTACKS ON KERNEL ADDRESS SPACE LAYOUT RANDOMIZATION

Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecti...

Full description

Saved in:
Bibliographic Details
Main Authors Benedek, Gyora, Elbaum, Reuven, Peer, Elad, Chaikin, Baruch, Shen-orr, Chaim, Shlomovich, Yonatan, Kloper, Dimitry, Bear, Uri, Doweck, Jacob Jack
Format Patent
LanguageEnglish
Published 03.01.2019
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:Various systems and methods for detecting and preventing side-channel attacks, including attacks aimed at discovering the location of KASLR-randomized privileged code sections in virtual memory address space, are described. In an example, a computing system includes electronic operations for detecting unauthorized attempts to access kernel virtual memory pages via trap entry detection, with operations including: generating a trap page with a physical memory address; assigning a phantom page at an open location in the privileged portion of the virtual memory address space; generating a plurality of phantom page table entries corresponding to an otherwise-unmapped privileged virtual memory region; placing the trap page in physical memory and placing the phantom page table entry in a page table map; and detecting an access to the trap page via the phantom page table entry, to trigger a response to a potential attack.
Bibliography:Application Number: US201715637524