Iqela labaphandi iYunivesithi yaseAmsterdam kunye neSwitzerland Higher Technical School eZurich iphuhlise ubuchule bokuhlasela benethiwekhi be "NetCAT" (Inethiwekhi ye-Cache ATtack) leyo ivumela ukusebenzisa iindlela zokuhlalutya idatha Ukusuka kumajelo eqela lesithathu ukumisela kude amaqhosha acinezelwa ngumsebenzisi Ngelixa usebenza kwiseshoni ye-SSH. Ingxaki ibonakalisa kuphela kwiiseva ezisebenzisa i-RDMA (Ukufikelela kwiMemori eKhanya ngokuthe ngqo) kunye ne-DDIO (ngqo i-O / O kwiDatha) itekhnoloji.
I-Intel ikholelwa ukuba uhlaselo kunzima ukuluqhuba xa usenza.a, njengoko ifuna ukufikelela komhlaseli kwinethiwekhi yendawo, Ukongeza iimeko kunye nentlangano Unxibelelwano lomgcini usebenzisa iitekhnoloji ze-RDMA kunye ne-DDIO, ezisetyenziswa kakhulu kwinethiwekhi ezizimeleyo, umzekelo, apho amaqela asebenza khona.
Indlela esetyenzisiweyo kuhlaselo ifana nokuba semngciphekweni kweTrowhammer, evumela umxholo wamabhithi athile kwi-RAM ukuba utshintshwe ngokusebenzisa ipakethe yenethiwekhi kwiinkqubo ze-RDMA.
Abaphandi bathi:
Ingxaki entsha sisiphumo sokunciphisa ukulibaziseka usebenzisa indlela ye-DDIO, ebonelela ngonxibelelwano oluthe ngqo phakathi kwekhadi lenethiwekhi kunye nezinye izixhobo zepheripher kunye necache yeprosesa (ngexesha lokuqhubekeka kweepakethi zamakhadi enethiwekhi, idatha iyagcinwa kwaye ibuyiswe kwi-cache, ngaphandle ukufikelela kwimemori).
Enkosi kwi-DDIO, i-cache yeprosesa ikwabandakanya idatha eveliswe ngexesha lomsebenzi wobubi wenethiwekhi.
Uhlaselo lweNetCAT luxhomekeke kwinto yokuba amakhadi enethiwekhi ayigcina idatha Ngokusebenzayo, kwaye isantya sokulungiswa kwepakethi kuthungelwano lwala maxesha lwanele ukuba nefuthe ekugcwaliseni i-cache kwaye ichonge ubukho okanye ukungabikho kwedatha kwi-cache ngokuhlalutya ukulibaziseka kokuhambisa idatha.
Xa usebenzisa iiseshoni zokudibana, umzekelo ngeSSH, ipakethe yenethiwekhi ithunyelwa kwangoko emva kokucinezela isitshixoOko kukuthi, ukulibaziseka phakathi kweepakethi kunxulunyaniswa nokulibaziseka phakathi kwamaqhosha.
Sebenzisa iindlela zohlalutyo lwamanani kunye nokuthathela ingqalelo ukuba ulibaziseko phakathi kwamaqhosha ngokubanzi kuxhomekeke kwindawo yesitshixo kwikhibhodi, kunokwenzeka ngamathuba athile okufumana kwakhona ulwazi lwegalelo. Umzekelo, uninzi lwabantu luthanda ukuthayipha "s" emva kwe "a" ngokukhawuleza okukhulu kune "g" emva kwe "s."
Ulwazi olugciniweyo ngumqhubekekisi lukwavumela ukuba ugwebe elona xesha lipheleleyo leepakethi ezithunyelwe yikhadi lenethiwekhi xa kusenziwa unxibelelwano njengeSSH.
Ngokuvelisa ukuhamba okuthile, umhlaseli unokumisela ukuba idatha entsha ivela kwi-cache inxulunyaniswa nomsebenzi othile kwinkqubo.
Ukuhlalutya imixholo ye-cache, kusetyenziswa indlela ye-Prime + Probe, equka ukugcwalisa i-cache ngeseti yamaxabiso esalathiso kunye nokulinganisa ixesha lokufikelela kubo xa kuzaliswa ukumisela utshintsho.
Kungenzeka ukuba ubuchule isiluleko inokusetyenziselwa ukumisela ayisiyiqhosha kuphela, kodwa nayo ezinye iintlobo zedatha ebuthathaka egcinwe yi-CPU.
Kuhlaselo lwethu, sisebenzisa ithuba lokuba i-DDIO enikwe amandla iserver yesicelo inezixhobo ekwabelwana ngazo (i-cache yenqanaba lokugqibela) phakathi kwee-CPU kunye nekhadi lenethiwekhi. Sibuyisa injineli izinto ezibalulekileyo ze-DDIO ukuqonda ukuba i-cache yabiwa njani ne-DDIO.
Ngokufanelekileyo, uhlaselo lunokwenziwa xa i-RDMA ikhubazekile, kodwa ngaphandle kwe-RDMA ukusebenza kwayo kuncitshisiwe kwaye ukwenziwa kuyinkimbinkimbi kakhulu.
Kuyenzeka ukuba usebenzise i-DDIO ukuhlela ishaneli yokunxibelelana efihlakeleyo esetyenziselwa ukuhambisa idatha emva kokuba iserver yonakalisiwe, idlula kwiinkqubo zokhuseleko.
Umthombo: https://www.vusec.net