I-Kasper, iskena sesixhobo sekhowudi yokuqikelela kwi-Linux kernel

Darkcrizt

Imizuzu ye4

Iqela le abaphandi abavela kwiYunivesithi yasimahla yaseAmsterdam batyhilile ngesithuba blog isixhobo ebizwa "casper" ebonisa ukuba yiyo yenzelwe ukuchonga iziqwengana zekhowudi kwi Linux kernel enokusetyenziselwa ukuxhaphaza Ubuthathaka beklasi yeSpecter ibangelwa kukwenziwa kwekhowudi eqikelelwayo ngumqhubekekisi.

Kwabo bangaluqondi olu hlobo lohlaselo, bafanele bayazi loo nto Ubuthathaka beklasi obufana neSpecter v1 vumela ukumisela imixholo yenkumbulo, umbhalo othile (iigajethi) uyafuneka kwikhowudi eyodwa, ekhokelela ekuphunyezweni okuqikelelweyo kwemiyalelo.

Ukwandisa, iprosesa iqala ukusebenzisa izixhobo ezinjalo kwimo yokuqikelelaokanye, emva koko igqibe ekubeni uqikelelo lwesebe alulunganga kwaye libuyisela umva imisebenzi kwimeko yalo yokuqala, kodwa idatha eqhutywe ngexesha lokuqikelela ihleli kwi-cache kunye ne-microarchitecture buffers kwaye iyafumaneka ukuze itsalwe kusetyenziswa iindlela ezahlukeneyo zokumisela idatha ngentsalela- itshaneli zepati.

Izixhobo zokuskena iGajethi ngokusekelwe kwiipateni ekhoyo ngaphambili ngenxa yokuba sesichengeni kweSpectrubonise izinga eliphezulu kakhulu leempembelelo zobuxoki, ngelixa izixhobo zokwenyani ezininzi zalahleka (uvavanyo lubonise ukuba i-99% yezixhobo ezichongiweyo zezo zixhobo azinakusetyenziselwa uhlaselo, kwaye i-33% yezo zisebenzayo azikhange zibonwe izixhobo ezinokukhokelela kuhlaselo).

Ukwazisa iKasper, eyethutyana (okanye iyaqikelelwa) isixhobo sokuskena isixhobo. Isebenzisa imigaqo-nkqubo yokuhlalutya urhwaphilizo ukwenza imodeli yomhlaseli okwaziyo ukuxhaphaza ubuthathaka besoftware/i-hardware ngendlela edlulayo. 

Malunga noCasper

Ukuphucula umgangatho yokuchongwa kwezixhobo eziyingxaki, I-Kasper imodeli yobuthathaka enokusebenzisa umhlaseli kwinqanaba ngalinye lohlaselo lwe-Specter-class: iingxaki ziqulunqwe ukuvumela ulawulo lwedatha (umzekelo, ukutshintshwa kwedatha yomhlaseli kwizakhiwo ezincinci ze-microarchitectural ukuphembelela ukubulawa okuqikelelwayo okulandelayo) usebenzisa uhlaselo lweklasi ye-LVI, ukufikelela kulwazi olubuthathaka (umzekelo, xa isithinteli siphumile kwimida okanye inkumbulo isetyenziswa emva kokuba ikhululwe), kwaye ivuza ulwazi olubuthathaka (umzekelo, ngokwahlulahlula ubume becache yeprosesa okanye ukusebenzisa indlela yeMDS).

Umzekelo womhlaseli okwaziyo ukulawula idatha (umzekelo, ngokusebenzisa i-memory massage okanye isitofu sexabiso le-LVI), ukufikelela kwiimfihlo (umzekelo, ngokufikelela ngaphandle kwemida okanye ukusetyenziswa emva kokukhululeka) kwaye uvuze ezi mfihlo (umzekelo, ngokusebenzisa i-cache-based, i-MDS- esekwe, okanye amajelo afihlakeleyo asekwe kwimbambano). 

Xa usenza uvavanyo, Iilayibrari zexesha lokusebenzela zekernel nguKasper kwaye baqinisekise ukuba basebenza kwinqanaba le-LLVM. Ngexesha lokuqinisekisa, ukuphunyezwa kwekhowudi eqikelelwayo kulandelwa yindlela yokubuyisela indawo yokukhangela, eyenza ngokukodwa ifolokhwe yekhowudi eqikelelweyo, emva koko ibuyela kwimeko yayo yangaphambili ngaphambi kokuba ifolokhwe iqale.

UKasper ukwazama ukwenza imodeli eyahlukeneyo yesoftware kunye nobuthathaka behardware, ihlalutya impembelelo yoyilo kunye ne-microarchitectural effect kwaye yenza iimvavanyo eziphazamisayo zezenzo zomhlaseli ezinokwenzeka. Uhlalutyo lokuhamba kokubulawa, i-port ye-DataFlowSanitizer ye-Linux kernel isetyenzisiweyo, kunye novavanyo lwe-fuzzing, uguqulelo olulungisiweyo lwephakheji ye-syzkaller.

Ngenxa yoko, uKasper ufumene izixhobo ezili-1.379 ebezingaziwa ngaphambili kwi-Linux kernel enzima kakhulu. Siye saqinisekisa iziphumo zethu ngokubonisa isiphelo-so-ekupheleni ubungqina be-concept exploit kwesinye sezixhobo ezifunyenweyo.

Ngelixa uskena i-Linux kernel ngeKasper, i-1379 yezixhobo ezazingaziwa ngaphambili ziye zachongwa, ezinokukhokelela ekuvuzeni kwedatha ngexesha lokuphunyezwa kwemiyalelo.

Kuqatshelwe ukuba mhlawumbi kuphela ezinye zazo ezinokubonisa iingxaki zokwenyani, kodwa ukubonisa ukuba kukho ingozi yokwenyani, kwaye ingeyiyo nje ithiyori, iprototype esebenzayo ye-exploit yaphuhliswa enye yeekhowudi eziziqwengana eziyingxaki, ezikhokelele ekubeni ukuvuza kolwazi lwenkumbulo ye-kernel.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo malunga neKasper, kufuneka uyazi loo nto ikhowudi yemvelaphi Isasazwa phantsi kwelayisensi ye-Apache 2.0.

Umthombo: https://www.vusec.net


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.