mira/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
thesis/meetings.md
twoneis b59f84ee36 meeting notes
2025-03-14 17:00:11 +01:00

2.2 KiB
Raw Blame History

03-14

Goal: Breaking KASLR through TLB-based side channel attack Status: Inserting Kernel Module Progress: - Wrote a basic kernel module - Worked on proposal with feedback (improved version on Tuesday) Stuck on: How to check if loading the module forces 4kB mapping as expected - Herbert: 1a5c316ba6/hyperdbg/hyperhv/code/memory/MemoryMapper.c (L525)

03-07

Goal: Breaking KASLR through TLB-based side channel attack Status: Proposal draft and setting up machine Progress: - Messed up the machine configuration a bit and wasted time there (thanks Aleksandar for helping me out) - glanced over need for google kernelCTF kernel TODO: check if module rwx can be used because that would be much easier and commonly enabled - messed up some things in grub -> using VM now because that caused long recovery times (had to sync up with aleksandar) - Wrote proposal draft Stuck on: Not really stuck but getting the kernel and options right is taking more time than expected.

02-28

Daily supervisor: Dyon Goal: Breaking KASLR through TLB-based side channel attack Status: Deciding on which part exactly to choose, hardware access today Progress: - Target: i7-8650U Kernel 6.8 - First idea: Try using CONFIG_STRICT_MODULE_RWX (D1) - but: maybe further input needed here which one is desireable target - strict module rwx => can leak heap (excluding cred and less reliable pipe-buffer) and page tables - virtual heap => can leak heap (including cred) reliably TODO: Go with heap => cred one of the most interesting - virtual stack => can leak kernel stack - Forgot about research proposal, message herbert

02-21

Daily supervisor: Dyon Goal: Breaking KASLR through TLB-based side channel attack Status: Progress: - Contacted Aleksandar for VM access - Learned more about prefetch sidechannel TODO: Only read TLB part not cache

02-14

Daily supervisor: idk yet? Dyon Goal: Breaking KASLR through TLB-based side channel attack Status: Just started middle of this week Progress: - Skimmed paper and read some important parts more in depth - Intel CPU required (?) TODO: contact for hardware: Marković, A. (Aleksandar) a.markovic@vu.nl TODO: probably VM enough? check that