Side-Channel: Page Cache Attacks

Side-Channel: Page Cache Attacks

Jonathan Dunlap – Associate, Information Security Intrinium LinkedIn

What is a side-channel attack?

A side-channel attack is an attack vector through which a threat could glean information from your computer or information system. This could be as simple as reading emissions (see Emissions Security or EMSEC) from your computer to using sophisticated methods of monitoring data being written onto your hard disk and making determinations that way.

What does the new side-channel attack do?

The research team of five that conducted this series of tests determined that utilizing two specialized developer commands (or calls) in Linux and Windows gave them the ability to request the operating system to evict or empty those pages. By doing so, the team could then either read or glean what data is being written, either by the process they evicted or by other processes. The two commands in question are “mincore” for Linux and “QueryWorkingSetEx” for Windows. These two processes do not currently require privileged access for a process to use, and as such is a great target for this kind of attack.

With this method, it is possible to time keystroke monitoring at 6 keystrokes per second. Accurate, and very unfortunate for users.

Are there other attack types?

The aforementioned attacks are used in local exploit scenarios, where the rogue or malicious process is running on the host machine, and the commands are executed thus. There is also the possibility of remote attacks, but these come with drawbacks that require tuning to the hardware (and become no longer hardware agnostic) and cannot bypass sandboxes.

Are there any mitigation or countermeasure actions?

Right now, Microsoft and the Linux community are both working on patches that will set their respective processes to require specific permissions or privileges before being executed. This will prevent a rogue process that has not gained anything greater that user level permissions from executing this side-channel attack

Pin It on Pinterest

Share This