Breaking Kernel ASLR with Intel TSX: A New Method Explored

Table of Contents

1. Introduction
2. What is Kernel ASLR?
3. Exploiting Kernel ASLR in Linux
4. Exploiting Kernel ASLR in Mac OS
5. Effectiveness of Kernel ASLR
6. Limitations of Kernel ASLR
7. Introducing Intel TSX
8. Understanding TLB Cache
9. The Role of TSX in Timing Side Channel Attacks
10. Introducing DRK: Breaking Kernel ASLR with Intel TSX

Breaking Kernel Address Space Layout Randomization with Intel TSX

Good afternoon everybody! In this presentation, we will discuss the topic of breaking kernel address space layout randomization (ASLR) with Intel TSX. This joint work by Jung Jin Jong, Dr. Sangolli, and Professor Tetsu Kim aims to explore a new method of bypassing kernel ASLR, which has become a popular security measure in modern operating systems. We will delve into the details of kernel ASLR, its vulnerabilities, and the role of Intel TSX in timing side channel attacks. Our goal is to demonstrate how this attack, termed DRK (D-Randomizing Kernel ASLR), can effectively break kernel ASLR with high accuracy and speed. Let's dive in!

Introduction

Kernel ASLR, also known as Kernel Address Space Layout Randomization, is a security mechanism widely adopted by modern operating systems to protect against memory corruption vulnerabilities such as buffer overflow or use-after-free exploits. It works by randomizing the location of code and data within the kernel's memory space, making it difficult for attackers to predict the exact addresses they need to target. This mitigation technique has been successfully implemented in major operating systems like Windows, Linux, and OS X. However, recent research has shown that kernel ASLR is not as secure as previously thought. In this presentation, we will explore an innovative approach to breaking kernel ASLR using Intel TSX.

What is Kernel ASLR?

Kernel ASLR is a statistical mitigation technique that shuffles the address of code and data within the kernel's memory space for each boot or load of modules or drivers. By randomizing the location of critical kernel components, kernel ASLR aims to make it harder for attackers to exploit memory corruption vulnerabilities. In traditional attacks, an attacker needs to first find a memory corruption vulnerability and then exploit it. However, with kernel ASLR enabled, attackers face the additional challenge of determining the correct addresses of code and data within the kernel. This adds an extra layer of complexity to the exploitation process and reduces the success rate of attacks.

Pros of Kernel ASLR:

• Mitigates memory corruption vulnerabilities
• Randomizes the location of code and data within the kernel
• Increases the complexity of kernel exploits

Cons of Kernel ASLR:

• Requires attackers to find information leak vulnerabilities
• Does not protect against side channel attacks

Exploiting Kernel ASLR in Linux

In Linux, kernel ASLR has been implemented with varying levels of effectiveness. In earlier versions of the Linux kernel, attackers could easily retrieve the exact addresses of kernel functions by accessing the /proc filesystem. However, recent distributions like Ubuntu have restricted non-root users from accessing this information, making it more difficult to determine the address values. Additionally, kernel ASLR further complicates the exploitation process by changing the address of functions with each boot. This means that attackers need to find a way to obtain the address values before launching an attack. One example of a successful kernel ASLR exploit in Linux was the privilege escalation attack called T-Pound, which targeted Mac OS 10. The attacker exploited three different vulnerabilities, including an information leak vulnerability, to bypass kernel ASLR and gain elevated privileges.

Exploiting Kernel ASLR in Mac OS

In Mac OS 10, kernel ASLR also introduced additional challenges for attackers. To successfully exploit kernel vulnerabilities, attackers needed to find information leak vulnerabilities to obtain the correct address values. One notable example of an information leak vulnerability is the TLB cache side channel attack, which was presented by Funda Edel in 2013. This attack leveraged the Translation Lookaside Buffer (TLB) cache in the processor as a side channel for timing measurements. By carefully measuring the timing differences on TLB hits and misses, attackers can determine whether an address is executable or non-executable. However, this attack is a hardware-level attack and does not require any information leak vulnerabilities in the software, making it difficult to detect and mitigate.

Effectiveness of Kernel ASLR

While kernel ASLR has proven to be an effective mitigation technique, recent research has revealed its limitations. For example, the randomization of the kernel's memory space significantly increases the number of possible locations for the kernel code and data. In Windows, there are over 8,000 possible locations for the kernel, making it extremely challenging for attackers to successfully exploit memory corruption vulnerabilities. However, as shown in previous examples, side channel attacks like the TLB cache side channel can still bypass kernel ASLR and extract valuable information about the kernel layout. This indicates that relying solely on kernel ASLR may not provide sufficient protection against sophisticated attacks.

Limitations of Kernel ASLR

Kernel ASLR has several limitations that make it vulnerable to attacks. First, it depends on the assumption that an attacker cannot obtain information about the layout of the kernel's memory space. However, side channel attacks like the TLB cache side channel have proven that this assumption is not always valid. Second, kernel ASLR does not protect against timing side channel attacks, which can reveal information about the kernel's layout and undermine the effectiveness of ASLR. Lastly, kernel ASLR relies on randomization techniques that are subject to deterministic analysis and may not provide truly unpredictable address space layouts.

Pros of Kernel ASLR:

• Provides protection against memory corruption vulnerabilities
• Randomizes the location of kernel code and data

Cons of Kernel ASLR:

• Can be bypassed by information leak vulnerabilities
• Vulnerable to timing side channel attacks
• Randomization techniques may be predictable

Introducing Intel TSX

Intel TSX (Transactional Synchronization Extensions) is a new instruction set that allows for atomic access to data without traditional locks. It provides a way to execute atomic regions of code without the need for explicit locking mechanisms. This enables faster and more efficient synchronization between Threads, improving performance in multi-threaded applications. TSX operates by starting a transaction with the XBEGIN instruction, executing the atomic region of code, and then committing the transaction with the XEND instruction. If conflicts or exceptions occur during the transaction, the state is rolled back to before the transaction began.

Understanding TLB Cache

The TLB (Translation Lookaside Buffer) cache is a hardware component in modern processors that assists with virtual address to physical address translation. It stores recently used address translations to improve memory access performance. The TLB cache works by caching page table entries, which contain the virtual to physical address mappings. When a virtual address needs to be translated, the processor first checks the TLB cache. If a matching translation is found, it is used to determine the physical address. If the translation is not found in the TLB cache, a page table walk is performed to retrieve the necessary translation. This process introduces additional latency, as accessing the page table requires memory access.

The Role of TSX in Timing Side Channel Attacks

In the context of timing side channel attacks, TSX plays a crucial role in reducing the noise caused by operating system interruptions and improving the accuracy and speed of the attacks. By using TSX, attackers can bypass the traditional exception handling routines of the operating system and directly measure the timing of memory accesses. This significantly reduces the noise introduced by operating system interruptions and improves the precision of the side channel attack. TSX also allows attackers to measure the timing differences between TLB hits and misses, enabling them to distinguish between mapped and unmapped addresses with high accuracy.

Introducing DRK: Breaking Kernel ASLR with Intel TSX

DRK (D-Randomizing Kernel ASLR) is an innovative method developed by Jung Jin Jong, Dr. Sangolli, and Professor Tetsu Kim to break kernel ASLR using Intel TSX. This attack takes advantage of the timing side channel created by TLB hits and misses in combination with TSX instructions. By carefully measuring the timing differences between TLB hits and misses, attackers can determine whether a memory address is mapped or unmapped, executable or non-executable. With the help of TSX, this attack achieves high accuracy and speed, breaking kernel ASLR in major operating systems like Linux, Windows, and OS X.

In conclusion, breaking kernel ASLR with Intel TSX is a groundbreaking approach to exploit the vulnerabilities of kernel memory randomization. This attack leverages the timing side channel created by TLB hits and misses to accurately determine the layout of the kernel's memory space. While kernel ASLR has been widely implemented as a mitigation technique, it is not foolproof and can be bypassed by determined attackers. The research presented here highlights the importance of exploring new methods and countermeasures to enhance the security of modern operating systems.

Thank you for joining this presentation. If you have any questions, please feel free to ask.