Q
Problem solve Get help with specific problems with your technologies, process and projects.

ASLR side-channel attack: How is JavaScript used to bypass protection?

Researchers have developed an ASLR Cache side-channel attack that enables them to eliminate ASLR protections. Expert Nick Lewis explains how JavaScript code is used in the attack.

Researchers have developed JavaScript code that combines with browser vulnerability attack code to bypass address...

space layout randomization (ASLR). The technique, known as ASLR Cache, is a side-channel attack that can eliminate all ASLR protections. How does JavaScript work against ASLR?

Trusted computing systems rely on multiple layers of security throughout the entire stack, which are described in the Orange Book, a common nickname for the "Trusted Computer System Evaluation Criteria" published by the U.S. Department of Defense. These systems have historically been expensive, not necessarily cutting-edge and are used only in government or high-security environments. Significant formal testing is required to ensure these systems' security.

Modern systems were built based on the experiences of developing these trusted computer systems, but outside of the trusted platform module, they do not share many of the same principles. Trusted systems were designed to disallow one process on a system from accessing the memory or hardware resources used by other processes as a method of resisting a side-channel attack.

Researchers at Vrije Universiteit Amsterdam in the Netherlands were able to devise an exploit using JavaScript that can bypass ASLR with a side-channel attack. ASLR is a core modern security control that makes it more difficult for an exploit to get a system to run arbitrary code.

This JavaScript attack targets the CPU memory management unit to gain control over the cache, identifying the memory addresses where system and application components are entered. When this attack is combined with a browser exploit, the JavaScript can then bypass ASLR and all its protections.

This side-channel attack on the CPU cache and memory management unit can also be used against virtual machines and cloud providers.

ASLR has been the focus of many attacks, and new protections have been implemented to address this. The Vrije Universiteit Amsterdam researchers have been working with CPU manufacturers to come up with CPU updates that would make them more resistant to these types of attacks.

Unfortunately, the researchers also stated that ASLR is fundamentally insecure, and that any fixes to this side-channel attack cost too much in terms of performance and are, therefore, impractical. 

Next Steps

Find out how the Stagefright exploit Metaphor can bypass ASLR on Android devices

Learn how a Linux vulnerability enables attacks on TCP communications

Discover how SSL session identities can be protected from the Ticketbleed flaw

This was last published in July 2017

Dig Deeper on Data security breaches

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Should ASLR be replaced with other security measures to prevent memory error attacks?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close