Researchers from UCR and the State University of New York (SUNY) at Binghamton have discovered a core weakness in the design of a computer’s central processing unit (CPU) that can give full access to hackers trying to break into a computer.
This weakness, found in the Address Space Layout Randomization (ASLR) defense mechanism, was exposed at the IEEE/ACM International Symposium on Microarchitecture — one of the largest computer architecture conferences in the world. ASLR is a technique in computer security that protects it from attacks on a computer’s software.
The project entitled, “Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR,” which is funded by the National Science Foundation, was led by Professor of Computer Science and Engineering and Electrical and Computer Engineering at the Bourns College of Engineering, Nael Abu-Ghazaleh, and Dmitry Ponomarev, a professor of computer science at SUNY Binghamton.
Computer operating systems, which manage hardware and provide common services on the computer, use ASLR to guard a computer’s memory and protect from serious vulnerabilities within it. Through randomizing where data is stored in a computer’s memory, ASLR serves to protect systems from common cyber attacks like “buffer overflow,” where a program writing data to a “buffer,” or temporary storage, overruns the boundary and overwrites memory locations.
The report outlines how a hacker could disable and bypass ASLR, gaining access to the computer, allowing them full access to hijack or steal any information they desire.
Abu-Ghazaleh and his team demonstrated this flaw in the Linux systems on Intel processors which is the largest installed base of general purpose operating systems widely used in smartphones.
Julian Bell, a first-year electrical engineering student, said in an interview that since the flaw is a “fundamental exploit in the hardware itself, you can’t really patch that up with any software since it’s built into the hardware.”
Abu-Ghazaleh also explained that though this attack is caused by bypassing the ASLR protection, it is facilitated by taking advantage of a hardware gap in a subsystem of the CPU called the branch predictor, which improves high performance programs running on computers.
When asked how this could affect UCR’s network of computers, Abu-Ghazaleh said, “Once an attacker hijacks a few devices (they) can use them to gain access to information over the network, or launch further attacks.” He did, however, emphasize that malware would first have to be installed from a malicious app or javascript from a website and that the attacker must know “the memory layout where different parts of the programs are.”
Also working with Abu-Ghazaleh and Ponomarev is Dmitry Evtyushkin, a doctoral student in computer science at the SUNY Binghamton. Abu-Ghazaleh holds a doctorate in computer science from University of Cincinnati and formerly worked at the SUNY Binghamton.
