Am Thu, 9 Jun 2016 09:18:40 +0100 David Chisnall <theraven_at_FreeBSD.org> schrieb: > If this paper is the one that I think it is, then I was one of the reviewers. Their > attack is neat, but it depends quite a lot on being able to deterministically trigger > deduplication. Their proof-of-concept exploit was on Windows (and JavaScript attack > was really fun) and I’m not convinced that it would work reliably on Linux or VMWare > ESX, which both defer deduplication for as long as possible to avoid NUMA-related > overheads. > > We don’t currently have a FreeBSD implementation, but if someone wanted to provide one > then a defence against this attack would be fairly simple: count the number of CoW > faults that a process is receiving and if it reaches a certain threshold then remove > all of its memory from the set of eligible pages. The attack relies on being able to > repeatedly trigger CoW faults and time whether they occur, with the same set of pages. > At least some existing implementations will make this impossible as these pages will > repeatedly be deduplicated and then duplicated and this is already a pathological case > that most memory deduplication implementations need to handle (as well as being a > security hole, it’s also a big performance killer). > > Kib has been working on ASLR for FreeBSD (I think it’s in 11?), but at this point it’s > more of a checkbox item than a serious mitigation technique. It adds a little bit of > work for attackers, but there are so many attacks that can bypass ASLR even with strong > entropy that it just increases the work factor slightly. If you’re running code > written in C, then you’re better off relying on Capscium compartmentalisation to limit > what the attacker can do once they’ve compromised it. > > David > > > On 8 Jun 2016, at 16:01, O. Hartmann <ohartman_at_zedat.fu-berlin.de> wrote: > > > > A couple of days I got as a responsible personell for a couple of systems a warning > > about the vulnerabilities of the mechanism called "Kernel SamePage Mergin". On this > > year's IEEE symposion there has been submitted a paper by Bosman et al., 2016, > > describing an attack on KSM. This technique, also referred to as memory/page > > deduplication, seems to be vulnerable by design under certain circumstances. I guess > > the experts of the readers here do already know, but I consider myself a non-expert > > and therefore, I'd like to ask about the status of that kind of development in > > FreeBSD. I read about a project of last year's Google Summer of Code 2015 targetting > > KSM on FreeBSD. > > > > In Linux, this deduplication techniques is implemented since kernel 2.6.38 and Windows > > Kernel uses this techniques since Windows 8.1 and sibblings (also Windows Server). We > > were strongly advised to disable those "features" in Windows clients, servers and > > Linux servers, if used. > > > > Other papers describe successful attacks on memory contents and ASLR by misusing KSM. > > On Windows, mmap() entropy is 19bit, on Linux usually 28bit. And FreeBSD (if > > planned/used/already implemented?)? > > > > If you are interested I could provide links or PDFs of the papers I already gathered > > about that subject (it is not much, simply google for "KSM FReeBSD" or KSM > > deduplication ASLR). > > > > Thanks in advance, > > > > oh > Hello David, sorry for the lack of references. Bosman et al., 2016: doi: 10.1109/SP.2016.63 (http://www.ieee-security.org/TC/SP2016/papers/0824a987.pdf), this paper has been subject of a warning given to institutions. An older one, but also interesting, is Xiao et al., 2013: doi: 10.1109/DSN.2013.6575349 (http://www.cs.wm.edu/~hnw/paper/memdedup.pdf) and this one Barresi et al., 2015 (https://www.usenix.org/node/191961). The first paper is of (my) concern, since it triggered some interests and couriosities of mine. Regards, Oliver Hartmann
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:05 UTC