Researchers from Binghamton University - State University of New York and the University of California, Riverside have found a weakness in the Haswell central processing unit (CPU) components that makes common computer operating systems vulnerable to malicious attacks.
Computer hackers could take control of individual, company and government computers if a weak point in address space layout randomization (ASLR) software is exploited by manipulating a CPU's branch predictor, a piece of hardware designed to improve program performance.
Researchers suggested several methods to mitigate the attacks they identified in the paper ‘Jump over ASLR: Attacking the Branch Predictor to Bypass ASLR,’ and companies have already started to work on the issues raised.
Researchers demonstrated the weakness in commonly-used Linux operating systems using Intel processors. However, the team led by Binghamton PhD candidate Dmitry Evtyushkin, Ponomarev and former Binghamton Computer Science Professor Nael Abu-Ghazaleh think the vulnerability could also apply to other operating systems such as Windows and Android. According to the work, the attack may also be practical on virtualization systems such as Kernel-based Virtual Machines (KVM), which are used in cloud computing systems.
The results were presented at the 49th Annual IEEE/ACM International Symposium on Microarchitecture (Micro-49) on October 18th in Taipei, Taiwan.
