Hardware Weakness Enables Operating System Attacks

UCR researchers have identified a serious security vulnerability that exposes commonly used operating systems to malicious attacks

An illustration of a cyber attack

Researchers from UC Riverside and the State University of New York at Binghamton have demonstrated a serious security weakness in several operating systems by exploiting a hardware vulnerability in a subsystem of the CPU called the branch predictor.

RIVERSIDE, Calif. (www.ucr.edu) — A team of researchers from the University of California, Riverside and the State University of New York at Binghamton has identified a weakness in the design of a central processing unit (CPU) component that makes operating systems more vulnerable to malicious attacks. The vulnerability could give hackers complete access to computers and stored information, posing serious risks for individuals, companies, and governments.

The weakness, in the Address Space Layout Randomization (ASLR) defense process, is described in research presented Tuesday, Oct. 18 at the IEEE/ACM International Symposium on Microarchitecture (Micro), one of the top conferences in computer architecture.

Titled “Jump over ASLR: Attacking the Branch Predictor to Bypass ASLR,” the project was led by Nael Abu-Ghazaleh, a professor of computer science and engineering and electrical and computer engineering in UCR’s Bourns College of Engineering, and Dmitry Ponomarev, a professor of computer science at the State University of New York at Binghamton.

Operating systems, which manage computer hardware and software resources and provide common services for computer programs, use ASLR to protect themselves from many types of critical vulnerabilities. ASLR is a memory protection process that randomizes where programs and data are stored in a computer’s memory. It is designed to protect computing systems from common cyber-attack techniques including ‘buffer overflow’ attacks and ‘Return-oriented Programming’ attacks.

An photo of Nael Abu-Ghazaleh, Dmitry Evtyushkin and Dmitry Ponomarev.

Left to right: Nael Abu-Ghazaleh, Dmitry Evtyushkin and Dmitry Ponomarev.

The research team identified a way to disable ASLR, bypassing this critical defense. Bypassing ASLR gives hackers the ability to use root exploits to gain complete access to a machine and its stored information, enabling them to steal data or hijack machines.

The researchers demonstrated the weakness in the ubiquitous Linux operating system on Intel processors, and they suspect it also applies to other operating systems such as Windows and Android.  The attack also works on virtualization systems such as KVM, which are used as the basis of many cloud computing systems.

Abu-Ghazaleh said that while the attack bypasses a software security defense—ASLR—it was made possible by exploiting a hardware vulnerability in a subsystem of the CPU called the branch predictor, which accelerates the performance of executing programs.

“While most cybersecurity research considers software vulnerabilities and defenses, our research focuses on the underlying hardware and computer architecture, which also play important roles in computer security, both in terms of introducing new vulnerabilities as well as supporting more secure software,” he said.

In addition to Abu-Ghazaleh and Ponomarev, the work was done by Dmitry Evtyushkin, a doctoral student in computer science at the State University of New York at Binghamton, and the lead author of the paper. The work is funded by the National Science Foundation.

Media Contact


Tel: (951) 827-4580
E-mail: sarah.nightingale@ucr.edu
Twitter: snightingale

Archived under: Science/Technology, , , , , , ,

Top of Page