2 Replies Latest reply on Aug 23, 2017 2:33 PM by rguevara

    Solutions to the AnC exploit, which defeats ASLR

    frankr

      Hi all,

       

      A little while ago some researchers devised an exploit called AnC, which is described here:

      https://www.vusec.net/projects/anc/

       

      The researchers discovered that they can figure out which 4kB pages are

      in use at any time, because unfortunately Intel, AMD and ARM processors allow Page Table Entries

      to be cached, providing a linkage between user processes and the virtual memory system.

      Using a clever technique they can perform a walk of the page tables even using a

      Javascript program.

       

      It's a fascinating attack. Here are my questions about how to defeat AnC:

       

      1. Can Intel microcode be updated in deployed systems to prevent PTEs

      from ever being cached in the data & instruction caches?

       

      2. If the kernel were to create decoy pages e.g. 10 for every 1 "real" page,

      would that not cut down attacks sufficiently in most cases?

       

      3. Is cache partitioning (Cache allocation technology) a solution to AnC,

      as the researchers believe and do common Core CPUs offer it, or is it

      just a Xeon feature?

       

      Thanks.