pre meeting notes
This commit is contained in:
twoneis
parent
3503de83da
commit
31a8ed52cc
3 changed files with 21 additions and 0 deletions
1
code/Makefile
Normal file
1
code/Makefile
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
|
||||||
8
code/README.md
Normal file
8
code/README.md
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
## Target
|
||||||
|
CPU: i7-8650U (will get access on Friday)
|
||||||
|
Kernel: 6.8 (latest that was tested in the paper)
|
||||||
|
Defense: CONFIG_STRICT_MODULE_RWX (D1)
|
||||||
|
|
||||||
|
## Steps
|
||||||
|
1. Load kernel module -> forces 4kB instead of 2MB pages
|
||||||
|
2. Allocate target object with allocation primitive -> introduces requirement -> target needs allocation primitive
|
||||||
12
meetings.md
12
meetings.md
|
|
@ -1,3 +1,15 @@
|
||||||
|
# 02-28
|
||||||
|
Daily supervisor: Dyon
|
||||||
|
Goal: Breaking KASLR through TLB-based side channel attack
|
||||||
|
Status:
|
||||||
|
Progress:
|
||||||
|
- Target platform: i7-8650U Kernel 6.8
|
||||||
|
- First idea: Try using CONFIG_STRICT_MODULE_RWX (D1)
|
||||||
|
- but: maybe further input needed here which one is desireable target
|
||||||
|
- strict module rwx => can leak heap (excluding cred and less reliable pipe-buffer) and page tables
|
||||||
|
- virtual heap => can leak heap (including cred) reliably
|
||||||
|
- virtual stack => can leak kernel stack
|
||||||
|
|
||||||
# 02-21
|
# 02-21
|
||||||
Daily supervisor: Dyon
|
Daily supervisor: Dyon
|
||||||
Goal: Breaking KASLR through TLB-based side channel attack
|
Goal: Breaking KASLR through TLB-based side channel attack
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue