By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Trusted computing systems rely on multiple layers of security throughout the entire stack, which are described in the Orange Book, a common nickname for the "Trusted Computer System Evaluation Criteria" published by the U.S. Department of Defense. These systems have historically been expensive, not necessarily cutting-edge and are used only in government or high-security environments. Significant formal testing is required to ensure these systems' security.
Modern systems were built based on the experiences of developing these trusted computer systems, but outside of the trusted platform module, they do not share many of the same principles. Trusted systems were designed to disallow one process on a system from accessing the memory or hardware resources used by other processes as a method of resisting a side-channel attack.
This side-channel attack on the CPU cache and memory management unit can also be used against virtual machines and cloud providers.
ASLR has been the focus of many attacks, and new protections have been implemented to address this. The Vrije Universiteit Amsterdam researchers have been working with CPU manufacturers to come up with CPU updates that would make them more resistant to these types of attacks.
Unfortunately, the researchers also stated that ASLR is fundamentally insecure, and that any fixes to this side-channel attack cost too much in terms of performance and are, therefore, impractical.
Find out how the Stagefright exploit Metaphor can bypass ASLR on Android devices
Learn how a Linux vulnerability enables attacks on TCP communications
Discover how SSL session identities can be protected from the Ticketbleed flaw
Dig Deeper on Data security breaches
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.