Iqembu labacwaningi kusuka eNyuvesi yase-Amsterdam naseSwitzerland Higher Technical School eZurich ithuthukise inqubo yokuhlaselwa kwenethiwekhi ye- "NetCAT" (Network Cache ATtack) lokho ivumela ukusebenzisa izindlela zokuhlaziya idatha kusuka kuziteshi ezivela eceleni ukunquma ukude okhiye umsebenzisi abacindezela ngenkathi ngisebenza esimisweni se-SSH. Inkinga ibonakala kuphela kumaseva asebenzisa i-RDMA (Remote Direct Memory Access) nobuchwepheshe be-DDIO (Direct I / O to Data).
U-Intel ukholelwa ukuthi lokhu kuhlasela kunzima ukukusebenzisa ngokoqobo.a, njengoba kudinga ukufinyelela komhlaseli kunethiwekhi yendawo, ngaphezu kwezimo nenhlangano ukuxhumana kwezokuxhumana usebenzisa ubuchwepheshe be-RDMA ne-DDIO, obusetshenziswa kakhulu kumanethiwekhi angawodwa, ngokwesibonelo, lapho kusebenza khona amaqoqo.
Indlela esetshenziselwe ukuhlasela kufana nokuba sengozini kweTrowhammer, evumela okuqukethwe kwamabhithi ngamanye ku-RAM ukuthi kuguqulwe ngokusebenzisa ubuqili bephakethe lenethiwekhi ezinhlelweni ze-RDMA.
Abaphenyi bathi:
Inkinga entsha ingumphumela wokunciphisa ukubambezeleka usebenzisa indlela ye-DDIO, enikezela ukuxhumana okuqondile phakathi kwekhadi lenethiwekhi namanye amadivayisi wensimbi enesilondolozi seprosesa (ngesikhathi sokucutshungulwa kwamaphakethe ekhadi lenethiwekhi, idatha iyagcinwa futhi ibuyiswe kunqolobane, ngaphandle ukufinyelela imemori).
Ngenxa ye-DDIO, isilondolozi se-processor sifaka nedatha eyenziwe ngesikhathi senethiwekhi enonya.
Ukuhlaselwa kweNetCAT kuncike ekutheni idatha yamakhadi enethiwekhi ayinqolobane ngenkuthalo, futhi ijubane lokucubungula iphakethe kumanethiwekhi asendaweni anele ukuthonya ukugcwaliswa kwesilondolozi futhi kunqume ubukhona noma ukungabi khona kwedatha kunqolobane ngokuhlaziywa kokubambezeleka kokudluliswa kwedatha.
Lapho usebenzisa izikhathi zokuhlanganyela, ngokwesibonelo nge-SSH, Iphakethe lenethiwekhi lithunyelwa ngokushesha ngemuva kokucindezela inkinobho, okungukuthi, ukubambezeleka phakathi kwamaphakethe kuhambisana nokubambezeleka phakathi kokuchofoza izinkinobho.
Kusetshenziswa izindlela zokuhlaziya zezibalo futhi kucatshangelwa ukuthi ukubambezeleka phakathi kokuchofoza izinkinobho ngokuvamile kuncike esimweni sokhiye kukhibhodi, kungenzeka ngamathuba athile wokuphinda uthole imininingwane yokufaka. Isibonelo, iningi labantu livame ukuthayipha u- "s" ngemuva kokuthi "a" ngokushesha okukhulu kune- "g" ngemuva kwe- "s."
Imininingwane egcinwe yiprosesa futhi ikuvumela ukuthi wahlulele isikhathi ngqo samaphakethe athunyelwe yikhadi lenethiwekhi lapho ucubungula ukuxhumana njenge-SSH.
Ngokwenza ukugeleza okuthile kethrafikhi, umhlaseli anganquma ukuthi idatha entsha ivela nini enqolobaneni kuhlotshaniswa nomsebenzi othile ohlelweni.
Ukuhlaziya okuqukethwe kunqolobane, kusetshenziswa indlela ye-Prime + Probe, equkethe ukugcwalisa inqolobane ngamanani ayizethenjwa nokukala isikhathi sokufinyelela kuzo lapho ugcwalisa ukuthola izinguquko.
Kungenzeka ukuthi inqubo isiphakamiso ingasetshenziselwa ukunquma hhayi nje ukuchofoza izinkinobho kuphela, kodwa futhi ezinye izinhlobo zedatha ebucayi eligcinwe nge-CPU.
Ekuhlaselweni kwethu, sisebenzisa iqiniso lokuthi iseva yohlelo lokusebenza enikwe amandla i-DDIO inensiza eyabiwe (isilondolozi sezinga lokugcina) phakathi kwama-CPU cores nekhadi lenethiwekhi. Sibuyisela emuva unjiniyela izakhiwo ezibalulekile ze-DDIO ukuqonda ukuthi i-cache yabiwa kanjani ne-DDIO.
Ngokunokwenzeka, ukuhlaselwa kungenziwa lapho i-RDMA ikhutshaziwe, kepha ngaphandle kwe-RDMA ukusebenza kwayo kunciphile futhi ukwenziwa kuyinkimbinkimbi enkulu.
Kungenzeka futhi ukuthi usebenzise i-DDIO ukuhlela ishaneli yokuxhumana ngasese esetshenziselwa ukudlulisa idatha ngemuva kokuthi iseva yonakalisiwe, idlula izinhlelo zokuphepha.
Umthombo: https://www.vusec.net