Kasper, na'urar daukar hotan takardu don lambar hasashe a cikin Linux kernel

Darkcrizt

4 minti

Kungiyar Masu bincike daga Jami'ar Free na Amsterdam sun bayyana ta hanyar rubutun bulogi kayan aiki da ake kira "casper" wanda ke nuna cewa shi ne tsara don gano snippets code a cikin kernel na Linux wanda za'a iya amfani dashi don amfani Lalacewar ajin Specter lalacewa ta hanyar speculative code kisa ta processor.

Ga wadanda ba su da masaniya game da wannan nau'in harin, ya kamata su sani raunin aji kamar Specter v1 yana ba da damar tantance abubuwan da ke cikin ƙwaƙwalwar ajiya, ana buƙatar takamaiman rubutun (na'urori) a cikin lambar gata, wanda ke haifar da hasashe aiwatar da umarni.

Don ingantawa, mai sarrafa na'ura yana fara gudanar da irin waɗannan na'urori a cikin yanayin hasasheko, sannan ya ƙayyade cewa reshe tsinkaya ba a barata ba kuma ya mayar da ayyukan zuwa matsayinsu na asali, amma bayanan da aka sarrafa yayin aiwatar da kisa yana zaune a cikin cache da microarchitecture buffers kuma yana samuwa don hakar ta amfani da hanyoyi daban-daban na tantance bayanan ta hanyar uku- tashoshin jam'iyya.

Na'urar Scan Tools bisa ga alamu a baya akwai don raunin Spectre ya nuna babban adadin abubuwan da ba su dace ba, yayin da yawancin na'urori na gaske sun yi hasarar (gwaji sun nuna cewa kashi 99% na na'urorin da aka gano ta irin waɗannan kayan aikin ba za a iya amfani da su ba don kai hari, kuma 33% na masu aiki ba a lura da na'urorin da za su iya kai hari ba).

Gabatar da Kasper, na'urar daukar hotan takardu na wucin gadi (ko hasashe). Yana amfani da manufofin bincike na cin hanci da rashawa don yin ƙirar maharin da ke da ikon yin amfani da raunin software/hardware na sabani a cikin tafarki mai wucewa. 

Game da Casper

Don inganta inganci na gano na'urori masu matsala, Kasper yana ƙirƙira raunin da maharin zai iya amfani da shi a kowane mataki na hare-haren Spectre-class: ana tsara matsalolin don ba da damar sarrafa bayanai (misali, maye gurbin bayanan maharan cikin tsarin microarchitectural don yin tasiri na kisa na gaba) ta amfani da hare-haren aji na LVI, samun dama ga mahimman bayanai (misali, lokacin da buffer baya kan iyakoki ko ana amfani da ƙwaƙwalwar ajiya bayan an 'yantar da shi), da ɗora mahimman bayanai (misali, ta hanyar tantance yanayin cache na processor ko ta amfani da hanyar MDS).

Samfuran maharin da ke da ikon sarrafa bayanai (misali, ta hanyar tausa ƙwaƙwalwar ajiya ko allurar ƙimar LVI), samun damar sirri (misali, ta hanyar waje ta hanyar shiga ko amfani bayan kyauta) da ɓoye waɗannan sirrin (misali, ta tushen cache, MDS- tashoshi masu ɓoye, ko tashoshi na tushen rikici). 

Lokacin yin gwajin, kernel lambobin sadarwa na lokaci-lokaci dakunan karatu da Kasper kuma tabbatar da cewa suna aiki a matakin LLVM. A lokacin tabbatarwa, ana yin koyi da aiwatar da lambar ta hanyar hanyar maido da wuraren bincike, wanda ke aiwatar da wani cokali mai yatsa na lambar da ba daidai ba, bayan haka ya dawo zuwa matsayinsa na asali kafin fara cokali mai yatsa.

Kasper kuma yana ƙoƙarin yin ƙira iri-iri na software da raunin hardware, yayi nazarin tasirin tasirin gine-gine da microarchitectural kuma yana yin gwaje-gwaje masu ban mamaki na yiwuwar ayyukan maharan. Don nazarin ayyukan aiwatarwa, ana amfani da tashar DataFlowSanitizer don kwaya ta Linux, kuma don gwaje-gwaje masu ban mamaki, fasalin fakitin syzkaller da aka gyara.

Sakamakon haka, Kasper ya gano na'urori 1.379 da ba a san su a baya ba a cikin kernel Linux mai tsananin ƙarfi. Mun tabbatar da bincikenmu ta hanyar nuna amfani da tabbaci na ƙarshe zuwa ƙarshe don ɗaya daga cikin na'urorin da aka samo.

Yayin binciken kwaya ta Linux tare da Kasper, an gano na'urori 1379 da ba a san su ba a baya, wanda zai iya haifar da zubewar bayanai yayin aiwatar da jita-jita.

An lura cewa watakila wasu daga cikinsu ne kawai za su iya gabatar da matsaloli na gaske, amma don nuna cewa akwai haɗari na gaske, kuma ba kawai na ka'idar ba, an samar da samfurin aiki na cin nasara ga ɗaya daga cikin matsalolin code snippets, wanda ya haifar da shi. zubar da bayanan ƙwaƙwalwar kernel.

Finalmente idan kuna sha'awar ƙarin sani game da shi game da Kasper, ya kamata ku san hakan lambar tushe An rarraba shi ƙarƙashin lasisin Apache 2.0.

Source: https://www.vusec.net


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.