Abstract
Recent operating systems (OSs) have adopted a defense mechanism called kernel page table isolation (KPTI) for protecting the kernel from all attacks that break the kernel address space layout randomization (KASLR) using various side-channel analysis techniques. In this paper, we demonstrate that KASLR can still be broken, even with the latest OSs where KPTI is applied. In particular, we present a novel memory-sharing-based side-channel attack that breaks the KASLR on KPTI-enabled Linux virtual machines. The proposed attack leverages the memory deduplication feature on a hypervisor, which provides a timing channel for inferring secret information regarding the victim. By conducting experiments on KVM and VMware ESXi, we show that the proposed attack can obtain the kernel address within a short amount of time. We also present several countermeasures that can prevent such an attack.
| Original language | English |
|---|---|
| Article number | 2174 |
| Journal | Electronics (Switzerland) |
| Volume | 10 |
| Issue number | 17 |
| DOIs | |
| Publication status | Published - 2021 Sept |
Bibliographical note
Publisher Copyright:© 2021 by the authors. Licensee MDPI, Basel, Switzerland.
Keywords
- KASLR
- Memory deduplication
- Side-channel attack
ASJC Scopus subject areas
- Control and Systems Engineering
- Signal Processing
- Hardware and Architecture
- Computer Networks and Communications
- Electrical and Electronic Engineering