0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/743 Thanks! 1 00:00:14,950 --> 00:00:17,889 Memory deduplication is widely 2 00:00:17,890 --> 00:00:20,649 applied to reduce memory consumption. 3 00:00:21,700 --> 00:00:24,129 Today, we are going to see three 4 00:00:24,130 --> 00:00:26,559 attack techniques that exploit 5 00:00:26,560 --> 00:00:27,800 memory duplication. 6 00:00:28,930 --> 00:00:31,149 We have two incredible 7 00:00:31,150 --> 00:00:34,029 security researchers here with us today 8 00:00:34,030 --> 00:00:37,209 that will show us how this attack works. 9 00:00:37,210 --> 00:00:39,759 And to the left, I have 10 00:00:39,760 --> 00:00:41,499 Antônio about. I see. 11 00:00:41,500 --> 00:00:43,539 And to my right is Eric. 12 00:00:43,540 --> 00:00:46,209 Busman, busman, sorry. 13 00:00:46,210 --> 00:00:48,549 And they will then use the chance 14 00:00:48,550 --> 00:00:50,949 to also introduce themselves. 15 00:00:50,950 --> 00:00:53,679 Please help me welcome Antonio 16 00:00:53,680 --> 00:00:54,680 and Eric. 17 00:01:03,660 --> 00:01:05,730 So good morning, everyone. 18 00:01:06,780 --> 00:01:08,849 This is Meredith application, a curse 19 00:01:08,850 --> 00:01:11,369 that keeps on giving, so unfortunately, 20 00:01:11,370 --> 00:01:13,349 it's just Eric and me. 21 00:01:13,350 --> 00:01:16,349 So Ben and Kavi couldn't make it, 22 00:01:16,350 --> 00:01:18,539 but they say hi. And I just want to say 23 00:01:18,540 --> 00:01:20,609 that the credit goes also to them. 24 00:01:20,610 --> 00:01:22,889 So be prepared to talk together 25 00:01:22,890 --> 00:01:24,569 and a big part of the comfort comes from 26 00:01:24,570 --> 00:01:25,570 them. 27 00:01:26,820 --> 00:01:28,889 So, Eric, as 28 00:01:28,890 --> 00:01:30,359 he was introduced, he is a Ph.D. 29 00:01:30,360 --> 00:01:32,939 student at the Food SEC 30 00:01:32,940 --> 00:01:34,379 Networks and Systems Security Research 31 00:01:34,380 --> 00:01:36,569 Group in Amsterdam. 32 00:01:36,570 --> 00:01:38,249 So if you want to see what they do, go to 33 00:01:38,250 --> 00:01:40,529 the website USEC Dot Net. 34 00:01:40,530 --> 00:01:41,579 And I'm Antonio. 35 00:01:41,580 --> 00:01:43,799 I'm co-founder of Xolair 36 00:01:43,800 --> 00:01:45,209 Swiss I.T. Security Company 37 00:01:46,440 --> 00:01:47,440 in Zurich. 38 00:01:48,360 --> 00:01:50,159 So the work that we are going to present, 39 00:01:50,160 --> 00:01:51,929 actually, there were a lot of other 40 00:01:51,930 --> 00:01:52,979 people working on that. 41 00:01:52,980 --> 00:01:54,569 And here are some acknowledgments. 42 00:01:55,830 --> 00:01:58,479 And yeah, so let's start. 43 00:01:58,480 --> 00:02:00,479 So the message today is actually quite 44 00:02:00,480 --> 00:02:02,010 simple and straightforward 45 00:02:03,480 --> 00:02:05,519 memory. The application is much more 46 00:02:05,520 --> 00:02:07,979 dangerous that you might possibly think 47 00:02:07,980 --> 00:02:09,209 in the beginning. 48 00:02:09,210 --> 00:02:11,459 So it comes along like a nice little 49 00:02:11,460 --> 00:02:14,339 feature that helps you save memory. 50 00:02:14,340 --> 00:02:16,469 But we're going to show you that it's 51 00:02:16,470 --> 00:02:19,529 actually dangerous and much more severe. 52 00:02:19,530 --> 00:02:21,989 And we're going to do that by showing you 53 00:02:21,990 --> 00:02:24,399 three attack techniques that all exploit 54 00:02:24,400 --> 00:02:26,609 memory lead application, one or another 55 00:02:26,610 --> 00:02:27,610 way. 56 00:02:28,740 --> 00:02:30,419 Before we do that, we'll look at memory 57 00:02:30,420 --> 00:02:31,919 applications so everyone knows what it 58 00:02:31,920 --> 00:02:33,089 is. 59 00:02:33,090 --> 00:02:34,859 We're going to show you the side channel 60 00:02:34,860 --> 00:02:36,330 that gets introduced by it. 61 00:02:37,940 --> 00:02:39,709 And then we start with the three attacks, 62 00:02:41,330 --> 00:02:42,560 so first we have Cain. 63 00:02:43,640 --> 00:02:45,889 Cain is across the leak attack, 64 00:02:45,890 --> 00:02:48,019 which basically allows you to leak based 65 00:02:48,020 --> 00:02:50,119 addresses or other secrets 66 00:02:50,120 --> 00:02:52,489 with higher entropy from other 67 00:02:52,490 --> 00:02:54,649 VMS. And we applied it to ASALA because 68 00:02:54,650 --> 00:02:56,869 we thought it's an interesting case 69 00:02:56,870 --> 00:02:58,279 and it only relies on memory. 70 00:02:58,280 --> 00:03:00,529 The application will 71 00:03:00,530 --> 00:03:03,379 then show you up as maquina. 72 00:03:03,380 --> 00:03:06,889 This is an attack against the process 73 00:03:06,890 --> 00:03:09,259 and actually got the Tony Award at 74 00:03:09,260 --> 00:03:11,059 this year's Blacket for Most Innovative 75 00:03:11,060 --> 00:03:13,399 Research, and it relies on memory, 76 00:03:13,400 --> 00:03:14,539 the application and Rosamma. 77 00:03:14,540 --> 00:03:16,609 And basically it allows you to read and 78 00:03:16,610 --> 00:03:18,859 write through JavaScript in 79 00:03:18,860 --> 00:03:19,860 EDG. 80 00:03:21,430 --> 00:03:23,439 Without any sort of vulnerability. 81 00:03:24,860 --> 00:03:26,089 And then we're going to present Philip 82 00:03:26,090 --> 00:03:28,279 Feng Shui, Philip Feng Shui 83 00:03:28,280 --> 00:03:30,589 is crossbeam a 84 00:03:30,590 --> 00:03:31,819 bit flip atec. 85 00:03:31,820 --> 00:03:34,189 So basically imagine you could 86 00:03:34,190 --> 00:03:36,709 flip a bit in another VM 87 00:03:36,710 --> 00:03:38,899 and the only requirement is 88 00:03:38,900 --> 00:03:41,599 you have to know the content of the page 89 00:03:41,600 --> 00:03:43,189 of any page. 90 00:03:43,190 --> 00:03:44,929 So how will you actually compromise that 91 00:03:44,930 --> 00:03:46,909 system? So we're going to show you. 92 00:03:46,910 --> 00:03:48,829 So first of all, how you can flip 93 00:03:48,830 --> 00:03:50,089 precisely. 94 00:03:50,090 --> 00:03:51,409 And then we are going to show you two 95 00:03:51,410 --> 00:03:53,149 techniques to actually compromise the 96 00:03:53,150 --> 00:03:54,150 system with that. 97 00:03:56,900 --> 00:03:58,219 After that, we will conclude. 98 00:03:59,390 --> 00:04:00,739 So let's start with marmorated 99 00:04:00,740 --> 00:04:03,079 application so that when this application 100 00:04:03,080 --> 00:04:05,429 is a method to reduce memory consumption, 101 00:04:05,430 --> 00:04:07,519 then it's usually used in ritualize 102 00:04:07,520 --> 00:04:09,589 environment, but not exclusively. 103 00:04:09,590 --> 00:04:11,809 And it was also enabled and the emphasis 104 00:04:11,810 --> 00:04:13,909 is on was in Windows 105 00:04:13,910 --> 00:04:15,349 eight point one and 10. 106 00:04:16,970 --> 00:04:18,919 So the idea is that in relativize 107 00:04:18,920 --> 00:04:20,089 environments, for example, 108 00:04:21,320 --> 00:04:23,359 the virtual machine module will try to be 109 00:04:23,360 --> 00:04:25,969 quite a resource 110 00:04:25,970 --> 00:04:28,339 and or try to save 111 00:04:28,340 --> 00:04:30,409 memory. So basically overcommit 112 00:04:30,410 --> 00:04:32,359 certain resources like memory and very 113 00:04:32,360 --> 00:04:33,769 little application is a technique to 114 00:04:33,770 --> 00:04:35,869 reclaim certain pages in a 115 00:04:35,870 --> 00:04:38,629 clever way or 116 00:04:38,630 --> 00:04:40,889 the easily speaking run 117 00:04:40,890 --> 00:04:41,890 more VMS. 118 00:04:42,830 --> 00:04:45,349 So basically, it's a nice feature, right? 119 00:04:45,350 --> 00:04:47,479 The idea is you can you 120 00:04:47,480 --> 00:04:49,669 can just have more VMS on the same 121 00:04:49,670 --> 00:04:51,259 hardware, but you'll see that it has 122 00:04:51,260 --> 00:04:52,260 certain implications. 123 00:04:53,870 --> 00:04:55,859 So let's look at how it looks. 124 00:04:55,860 --> 00:04:57,379 It works. So basically, there's an 125 00:04:57,380 --> 00:04:59,329 example. You see memory pages of two 126 00:04:59,330 --> 00:05:01,369 virtual machines and the physical memory 127 00:05:01,370 --> 00:05:02,989 of the hardware. 128 00:05:02,990 --> 00:05:05,509 So let's say you have like 129 00:05:05,510 --> 00:05:07,669 the picture of the Mona Lisa or a same 130 00:05:07,670 --> 00:05:09,469 process running through the same court 131 00:05:09,470 --> 00:05:11,539 pages or something else, 132 00:05:11,540 --> 00:05:12,559 some data. 133 00:05:12,560 --> 00:05:14,749 So basically, in a normal scenario, 134 00:05:14,750 --> 00:05:17,749 you'll have both addressed spaces 135 00:05:17,750 --> 00:05:19,519 filled up with these pages and all 136 00:05:19,520 --> 00:05:21,649 consume one physical page. 137 00:05:21,650 --> 00:05:22,849 So when memory the application is 138 00:05:22,850 --> 00:05:25,039 enabled, the memory 139 00:05:25,040 --> 00:05:26,479 application implementation will try to 140 00:05:26,480 --> 00:05:29,029 identify these duplicates 141 00:05:29,030 --> 00:05:30,679 and then it will merge them so that the 142 00:05:30,680 --> 00:05:32,639 global space gets free again. 143 00:05:33,740 --> 00:05:35,929 And it will mark these pages with 144 00:05:35,930 --> 00:05:37,339 a copy on the right semantics, which 145 00:05:37,340 --> 00:05:39,469 basically means if someone writes to it, 146 00:05:39,470 --> 00:05:42,399 it has to do something else. 147 00:05:42,400 --> 00:05:43,400 It's not going to work. 148 00:05:44,840 --> 00:05:46,999 Now, one implementation is Colonel 149 00:05:47,000 --> 00:05:50,149 same page merging with Kadian. 150 00:05:50,150 --> 00:05:51,829 I'm sure most of you know that. 151 00:05:51,830 --> 00:05:54,169 So if you have a one to several 152 00:05:54,170 --> 00:05:56,089 want a system, usually that's I think 153 00:05:56,090 --> 00:05:58,369 even now enabled by default 154 00:05:58,370 --> 00:06:00,529 and you can check it. So there is like 155 00:06:00,530 --> 00:06:02,119 the wrong file under the cease fire 156 00:06:02,120 --> 00:06:03,679 system where you see if there is a one 157 00:06:03,680 --> 00:06:05,029 there, it's enabled and then there are 158 00:06:05,030 --> 00:06:07,549 certain parameters that allow you to 159 00:06:07,550 --> 00:06:09,559 define how fast a memory application 160 00:06:09,560 --> 00:06:10,560 should work. 161 00:06:12,230 --> 00:06:13,639 And there are other implementation as 162 00:06:13,640 --> 00:06:14,640 well. 163 00:06:15,500 --> 00:06:17,569 So the problem with the application 164 00:06:17,570 --> 00:06:19,759 of most implementations is that it 165 00:06:19,760 --> 00:06:21,469 doesn't respect the security domain. 166 00:06:21,470 --> 00:06:23,569 And so basically, even 167 00:06:23,570 --> 00:06:25,699 between two different VMS or if it's 168 00:06:25,700 --> 00:06:26,929 done for processes, if you have two 169 00:06:26,930 --> 00:06:28,489 different clauses, you can not trust each 170 00:06:28,490 --> 00:06:30,619 other. But it still works 171 00:06:30,620 --> 00:06:32,299 across these boundaries. 172 00:06:32,300 --> 00:06:34,459 And actually, that's the dilemma 173 00:06:34,460 --> 00:06:36,979 of this application, because 174 00:06:36,980 --> 00:06:38,359 in the end, you want to save memory. 175 00:06:38,360 --> 00:06:39,589 And it makes a lot of sense, right? 176 00:06:39,590 --> 00:06:41,089 If you have a lot of VMS running the same 177 00:06:41,090 --> 00:06:42,349 operating system. 178 00:06:42,350 --> 00:06:44,509 So it makes sense to cross these 179 00:06:44,510 --> 00:06:46,669 boundaries. But the problem is it 180 00:06:46,670 --> 00:06:48,079 introduces a side channel. 181 00:06:49,160 --> 00:06:51,199 So let's look at the side channel. 182 00:06:51,200 --> 00:06:53,539 So if you have a page that belongs 183 00:06:53,540 --> 00:06:55,519 to you, you'll just write it and that's 184 00:06:55,520 --> 00:06:56,520 it. OK, 185 00:06:58,080 --> 00:06:59,959 so the problem is if you have memory 186 00:06:59,960 --> 00:07:01,909 application, you have copy, right? 187 00:07:01,910 --> 00:07:04,069 So now if you're right to it, 188 00:07:04,070 --> 00:07:05,779 you need to go to the kernel. 189 00:07:05,780 --> 00:07:08,059 The page has to be duplicated again, 190 00:07:09,200 --> 00:07:11,539 TESTOPEL page tables and then resume 191 00:07:11,540 --> 00:07:13,519 the process again. And then you basically 192 00:07:13,520 --> 00:07:15,409 can write to that page. 193 00:07:15,410 --> 00:07:16,849 So you see that there are a lot of more 194 00:07:16,850 --> 00:07:18,919 steps involved here. 195 00:07:18,920 --> 00:07:20,969 And this introduces a one bit side 196 00:07:20,970 --> 00:07:23,089 channel that allows you to see 197 00:07:23,090 --> 00:07:25,159 basically if such a page exists in 198 00:07:25,160 --> 00:07:26,359 another process or in another. 199 00:07:26,360 --> 00:07:27,360 VM 200 00:07:28,520 --> 00:07:30,209 works across VM if it's implemented in 201 00:07:30,210 --> 00:07:31,609 the virtual machine monitor, across 202 00:07:31,610 --> 00:07:33,859 process, or as we will see, 203 00:07:33,860 --> 00:07:35,389 we will see one instance of that attack. 204 00:07:35,390 --> 00:07:36,689 Even within the process, we have 205 00:07:36,690 --> 00:07:38,239 different security boundaries. 206 00:07:38,240 --> 00:07:40,599 Think about your JavaScript code, right? 207 00:07:40,600 --> 00:07:42,319 So it might be interesting for you, 208 00:07:42,320 --> 00:07:44,449 JavaScript code in a browser to find 209 00:07:44,450 --> 00:07:45,450 out certain things. 210 00:07:47,150 --> 00:07:49,009 So let's look at the Techwood perspective 211 00:07:49,010 --> 00:07:51,229 now. So what does an attacker have to do 212 00:07:51,230 --> 00:07:52,230 to exploit that? 213 00:07:53,750 --> 00:07:55,219 So basically here the attacker has his 214 00:07:55,220 --> 00:07:56,689 memory. This might be a verb or a 215 00:07:56,690 --> 00:07:58,519 process, and then there is the victim. 216 00:07:59,870 --> 00:08:02,089 So there is a secret page that 217 00:08:02,090 --> 00:08:04,399 basically knowing that that page exists 218 00:08:04,400 --> 00:08:06,589 might help the attacker in one or another 219 00:08:06,590 --> 00:08:07,590 way. 220 00:08:08,090 --> 00:08:09,769 So what the attacker has to do is the 221 00:08:09,770 --> 00:08:11,449 text has to get a page. 222 00:08:11,450 --> 00:08:13,549 So in that case, he really has to guess 223 00:08:13,550 --> 00:08:15,649 the content of that page 224 00:08:15,650 --> 00:08:17,719 attacker has to wait a certain amount 225 00:08:17,720 --> 00:08:19,999 of time, write tweets 226 00:08:20,000 --> 00:08:22,399 or modify his copy of the page. 227 00:08:22,400 --> 00:08:23,719 So this is totally legitimate. 228 00:08:23,720 --> 00:08:26,149 You don't need more privileges, right? 229 00:08:26,150 --> 00:08:28,159 Measure at a time and then see if the 230 00:08:28,160 --> 00:08:30,919 right time is above a certain threshold. 231 00:08:30,920 --> 00:08:33,619 The attacker can deduce that 232 00:08:33,620 --> 00:08:35,689 that page existed in the 233 00:08:35,690 --> 00:08:37,639 other VM, for example. 234 00:08:37,640 --> 00:08:39,949 And if the right time is below a certain 235 00:08:39,950 --> 00:08:42,048 threshold, the attacker can then 236 00:08:42,049 --> 00:08:43,729 use that didn't exist there. 237 00:08:45,350 --> 00:08:47,569 OK, so let's look 238 00:08:47,570 --> 00:08:51,169 at the first attack. 239 00:08:51,170 --> 00:08:53,329 So Cain is crossbeam address, basically 240 00:08:53,330 --> 00:08:54,409 introspection. 241 00:08:54,410 --> 00:08:57,049 I actually regret already the long name 242 00:08:57,050 --> 00:08:59,539 and we don't have to see and basically 243 00:08:59,540 --> 00:09:00,540 only relies on 244 00:09:02,220 --> 00:09:04,279 the idea is to use that to 245 00:09:04,280 --> 00:09:05,989 break Áslaug. 246 00:09:05,990 --> 00:09:08,089 So basically you have a VM that runs 247 00:09:08,090 --> 00:09:09,159 next to you memory. 248 00:09:09,160 --> 00:09:11,209 The application is enabled and you will 249 00:09:11,210 --> 00:09:12,859 be able to find out what the base 250 00:09:12,860 --> 00:09:14,989 address, for example, of NTD is in 251 00:09:14,990 --> 00:09:15,990 the other VM. 252 00:09:17,750 --> 00:09:19,639 So let's recap what you have to do as an 253 00:09:19,640 --> 00:09:21,559 attacker. So first, you need a secret 254 00:09:21,560 --> 00:09:23,089 page that allows you to deduce 255 00:09:23,090 --> 00:09:25,399 interesting information and in our case 256 00:09:25,400 --> 00:09:28,069 is to SSL, our base address of a certain 257 00:09:28,070 --> 00:09:29,839 Dellal, for example. 258 00:09:29,840 --> 00:09:31,969 So the question here is what 259 00:09:31,970 --> 00:09:32,979 page will we use 260 00:09:34,130 --> 00:09:35,569 then? Of course, there are certain 261 00:09:35,570 --> 00:09:36,919 practical challenges. 262 00:09:36,920 --> 00:09:39,709 So how long should you actually wait 263 00:09:39,710 --> 00:09:41,689 for? Because you have no idea how fast a 264 00:09:41,690 --> 00:09:44,149 memory application scheme is. 265 00:09:44,150 --> 00:09:45,979 And then in the end, you have to 266 00:09:45,980 --> 00:09:47,839 practically detect that it was merged. 267 00:09:47,840 --> 00:09:49,429 So you can measure right time. 268 00:09:49,430 --> 00:09:51,529 But you'll see that in practice there is 269 00:09:51,530 --> 00:09:52,999 also noise involved. 270 00:09:53,000 --> 00:09:54,949 So sometimes the right time is higher and 271 00:09:54,950 --> 00:09:56,059 it's not because of memory need 272 00:09:56,060 --> 00:09:57,060 application. 273 00:09:58,640 --> 00:10:00,919 So we looked at sortable 274 00:10:00,920 --> 00:10:03,169 pages to break ASALA and 275 00:10:03,170 --> 00:10:05,599 I mean certain straightforward, 276 00:10:05,600 --> 00:10:07,599 critical areas are, you have to know, 277 00:10:07,600 --> 00:10:09,379 always an attacker that the page exists 278 00:10:09,380 --> 00:10:11,089 in a lot of VM. 279 00:10:11,090 --> 00:10:12,919 It has to be read only ideally in the VM 280 00:10:12,920 --> 00:10:15,019 because if it changes too often, then it 281 00:10:15,020 --> 00:10:17,779 will not be obligated and 282 00:10:17,780 --> 00:10:18,919 it has to be page aligned. 283 00:10:18,920 --> 00:10:20,659 So you really need to know the content 284 00:10:20,660 --> 00:10:21,799 mostly of that page. 285 00:10:23,390 --> 00:10:25,129 And then if you want to break ASALA, you 286 00:10:25,130 --> 00:10:27,289 need ideally a page that has a 287 00:10:27,290 --> 00:10:28,879 base address in there. 288 00:10:28,880 --> 00:10:31,519 So basically the green part is totally 289 00:10:31,520 --> 00:10:33,499 predictable for an attacker. 290 00:10:33,500 --> 00:10:34,909 And the only thing that the attacker 291 00:10:34,910 --> 00:10:36,950 doesn't know is the base address 292 00:10:38,060 --> 00:10:40,129 or another possible 293 00:10:40,130 --> 00:10:42,289 page will be a page that actually has 294 00:10:42,290 --> 00:10:44,419 different values that were derived 295 00:10:44,420 --> 00:10:46,249 from a base of those from the secret that 296 00:10:46,250 --> 00:10:47,250 you're interested in. 297 00:10:48,530 --> 00:10:49,789 And the other thing you have to know is 298 00:10:49,790 --> 00:10:52,069 also the offsets of 299 00:10:52,070 --> 00:10:53,759 these secrets within the page. 300 00:10:55,100 --> 00:10:57,139 So we were looking for certain pages and 301 00:10:57,140 --> 00:10:58,819 we are sure there are much more. 302 00:10:58,820 --> 00:11:00,799 But luckily, when we were looking at the 303 00:11:00,800 --> 00:11:03,209 first page of every executable 304 00:11:03,210 --> 00:11:05,269 P image in memory, 305 00:11:05,270 --> 00:11:07,429 you'll already have a hit. 306 00:11:07,430 --> 00:11:09,739 So if you look at the file format, 307 00:11:09,740 --> 00:11:11,749 it looks like on the left for. 308 00:11:12,830 --> 00:11:15,049 An image on this, so there is an image 309 00:11:15,050 --> 00:11:17,269 based field there which basically 310 00:11:17,270 --> 00:11:19,369 gets updated with the runtime based 311 00:11:19,370 --> 00:11:21,469 address in memory, 312 00:11:21,470 --> 00:11:22,759 and this is exactly what we need. 313 00:11:22,760 --> 00:11:25,099 We can predict in all other bytes 314 00:11:25,100 --> 00:11:27,349 except for the base address, which has 315 00:11:27,350 --> 00:11:28,609 19 bits of entropy. 316 00:11:29,870 --> 00:11:31,309 And there are, of course, other pages 317 00:11:31,310 --> 00:11:32,449 that fulfill that criteria. 318 00:11:32,450 --> 00:11:34,709 But we thought, I mean, why 319 00:11:34,710 --> 00:11:37,339 should we look for if you already have 320 00:11:37,340 --> 00:11:38,269 have one? 321 00:11:38,270 --> 00:11:39,679 So we use that page in the pocket. 322 00:11:41,120 --> 00:11:43,759 So another problem is you have this page. 323 00:11:43,760 --> 00:11:45,589 You can basically ask that memory did 324 00:11:45,590 --> 00:11:47,659 application such if if that 325 00:11:47,660 --> 00:11:48,559 exists or not. 326 00:11:48,560 --> 00:11:49,819 But the problem is you still have to 327 00:11:49,820 --> 00:11:50,899 guess the base address. 328 00:11:50,900 --> 00:11:52,519 So you have 19 bits of entropy. 329 00:11:54,740 --> 00:11:57,109 So 90 bits of entropy 330 00:11:57,110 --> 00:11:59,479 in its 64 331 00:11:59,480 --> 00:12:01,699 windows is used for the base 332 00:12:01,700 --> 00:12:04,249 address of the yellow, for example. 333 00:12:04,250 --> 00:12:06,619 So as you need one page 334 00:12:06,620 --> 00:12:08,479 per guess, it's more than five hundred 335 00:12:08,480 --> 00:12:10,459 thousand pages that you will need. 336 00:12:10,460 --> 00:12:12,169 Right. So if you will do that after each 337 00:12:12,170 --> 00:12:14,360 other, basically will take a lot of time. 338 00:12:15,670 --> 00:12:17,899 Of course, we can just brute force 339 00:12:17,900 --> 00:12:20,089 it right so we can use much 340 00:12:20,090 --> 00:12:21,739 more memory, all the memory that the 341 00:12:21,740 --> 00:12:22,729 attacker actually has. 342 00:12:22,730 --> 00:12:23,730 Right. 343 00:12:24,710 --> 00:12:26,239 So the target is much more memory. 344 00:12:26,240 --> 00:12:28,699 Can assume that usually you have maybe if 345 00:12:28,700 --> 00:12:30,829 you have a different VM two, four or even 346 00:12:30,830 --> 00:12:33,109 more gigabytes, so 347 00:12:33,110 --> 00:12:34,789 we can just fill up the entire memory 348 00:12:34,790 --> 00:12:36,889 that is at our disposal with all 349 00:12:36,890 --> 00:12:38,089 the guesses. 350 00:12:38,090 --> 00:12:40,369 And in case of 19 bits of entropy 351 00:12:40,370 --> 00:12:42,259 and one page per guess, it's two 352 00:12:42,260 --> 00:12:44,689 gigabytes, which actually is 353 00:12:44,690 --> 00:12:45,690 OK. 354 00:12:47,990 --> 00:12:50,389 So what you do is you have these pages 355 00:12:50,390 --> 00:12:52,489 and then you allocate them 356 00:12:52,490 --> 00:12:53,899 and then you try to detect it. 357 00:12:53,900 --> 00:12:56,089 And it's a classical brute 358 00:12:56,090 --> 00:12:58,279 force attack on this that memory need 359 00:12:58,280 --> 00:12:59,280 application like. 360 00:13:01,930 --> 00:13:03,189 So the other challenge that we had, the 361 00:13:03,190 --> 00:13:05,109 practical one is how long should we wait? 362 00:13:05,110 --> 00:13:06,789 Of course, we could just wait like hours, 363 00:13:06,790 --> 00:13:09,029 right? And at some point it would work, 364 00:13:10,120 --> 00:13:11,709 but it depends. So we wanted to be a bit 365 00:13:11,710 --> 00:13:13,539 better. So in the end, it depends on the 366 00:13:13,540 --> 00:13:14,649 application implementation. 367 00:13:14,650 --> 00:13:15,939 So how fast is it? 368 00:13:15,940 --> 00:13:18,069 So you've seen the parameters 369 00:13:18,070 --> 00:13:20,559 for KSM, so depending on the parameters, 370 00:13:20,560 --> 00:13:22,959 it might be faster or 371 00:13:22,960 --> 00:13:25,239 slower, but it also depends on the 372 00:13:25,240 --> 00:13:26,529 memory usage. 373 00:13:26,530 --> 00:13:28,599 So if you have a lot of VMS running 374 00:13:28,600 --> 00:13:30,669 in the end, you have to compare all the 375 00:13:30,670 --> 00:13:31,869 pages to each other. 376 00:13:31,870 --> 00:13:33,519 So you have to go through all the pages. 377 00:13:33,520 --> 00:13:35,799 And if you assume the worst case, then 378 00:13:35,800 --> 00:13:37,869 your guess page will be compared with the 379 00:13:37,870 --> 00:13:40,089 secret page at the latest point 380 00:13:40,090 --> 00:13:41,090 in time. 381 00:13:41,680 --> 00:13:43,779 So there is a trade off for the attacker. 382 00:13:43,780 --> 00:13:45,909 So if the attacker waits too little, then 383 00:13:45,910 --> 00:13:47,169 the attack will just not work. 384 00:13:47,170 --> 00:13:49,209 But if the attacker waits too long, then 385 00:13:49,210 --> 00:13:50,619 the attack increases. 386 00:13:50,620 --> 00:13:52,509 And that's also not favorable for the 387 00:13:52,510 --> 00:13:53,859 attacker. 388 00:13:53,860 --> 00:13:56,199 So what we came up with is a detection 389 00:13:56,200 --> 00:13:58,089 mechanism to detect these marmorated 390 00:13:58,090 --> 00:13:59,109 application. 391 00:13:59,110 --> 00:14:01,389 Basically the time you'll have to wait 392 00:14:01,390 --> 00:14:03,159 till you have certain guarantees that 393 00:14:03,160 --> 00:14:05,409 your page was compared with another one. 394 00:14:05,410 --> 00:14:07,059 We call it sleep time detection. 395 00:14:07,060 --> 00:14:08,170 And the idea is 396 00:14:09,340 --> 00:14:11,199 as an attacker, you can just allocate a 397 00:14:11,200 --> 00:14:13,719 lot of random bites and a lot of pages 398 00:14:13,720 --> 00:14:15,969 and then you copy every second page 399 00:14:15,970 --> 00:14:18,309 of the half of your buffer to 400 00:14:18,310 --> 00:14:19,659 the other half of the buffer. 401 00:14:19,660 --> 00:14:21,159 So what you create is basically the 402 00:14:21,160 --> 00:14:23,229 situation like on the slide where 403 00:14:23,230 --> 00:14:26,079 you have a lot of emerging opportunities. 404 00:14:26,080 --> 00:14:27,699 So you basically give the memory, the 405 00:14:27,700 --> 00:14:30,639 application scheme a lot of work. 406 00:14:30,640 --> 00:14:32,519 You create a lot of pages that can be 407 00:14:32,520 --> 00:14:34,809 appreciated, and then you wait a certain 408 00:14:34,810 --> 00:14:37,319 amount of time, like 10 minutes, 409 00:14:37,320 --> 00:14:39,039 to try to detect how many of these pages 410 00:14:39,040 --> 00:14:40,809 were merged by doing your detection 411 00:14:40,810 --> 00:14:42,219 magic. 412 00:14:42,220 --> 00:14:44,389 And then if the threshold is a detection 413 00:14:44,390 --> 00:14:46,149 of a certain threshold, you say that's 414 00:14:46,150 --> 00:14:46,849 the right time. 415 00:14:46,850 --> 00:14:49,329 So you use it when you were attacks 416 00:14:49,330 --> 00:14:51,129 and if not, you just increased and then 417 00:14:51,130 --> 00:14:52,130 you try again. 418 00:14:54,150 --> 00:14:56,279 So last practical challenge is 419 00:14:56,280 --> 00:14:57,779 how do you actually detect that the page 420 00:14:57,780 --> 00:14:59,849 was merged and what you have to do is I 421 00:14:59,850 --> 00:15:01,319 mean, you have to write to it and you 422 00:15:01,320 --> 00:15:04,049 have to measure the right hand, right. 423 00:15:04,050 --> 00:15:05,909 So what we did is we every time you have 424 00:15:05,910 --> 00:15:07,769 a guest page, so that's the orange one, 425 00:15:07,770 --> 00:15:09,929 the merged one, we have 426 00:15:09,930 --> 00:15:12,059 pages, adjacent pages that are 427 00:15:12,060 --> 00:15:13,679 for sure not merge. 428 00:15:13,680 --> 00:15:15,179 And we know that because we can just fill 429 00:15:15,180 --> 00:15:16,949 it up with random bytes. 430 00:15:16,950 --> 00:15:19,289 OK, so you create 431 00:15:19,290 --> 00:15:21,569 the buffer in such a way and 432 00:15:21,570 --> 00:15:23,289 then you just write to it and you measure 433 00:15:23,290 --> 00:15:25,409 the cycles and then you basically 434 00:15:25,410 --> 00:15:28,199 see this signal. 435 00:15:28,200 --> 00:15:29,699 Now, of course, there might be noise. 436 00:15:29,700 --> 00:15:31,679 So we developed certain juristic. 437 00:15:31,680 --> 00:15:33,149 We didn't invest that much time to do 438 00:15:33,150 --> 00:15:35,189 that. But the ones you see there worked 439 00:15:35,190 --> 00:15:36,239 pretty well. 440 00:15:36,240 --> 00:15:38,399 And that was fine for us. 441 00:15:38,400 --> 00:15:39,400 Works for me. 442 00:15:41,550 --> 00:15:44,759 So now the last 443 00:15:44,760 --> 00:15:46,729 question is how to handle noise, right? 444 00:15:47,820 --> 00:15:49,889 So we just implemented it in a 445 00:15:49,890 --> 00:15:51,329 quite conservative way because there is 446 00:15:51,330 --> 00:15:53,639 actually no harm if you 447 00:15:53,640 --> 00:15:55,709 have certain pages 448 00:15:55,710 --> 00:15:58,289 that certain false positives. 449 00:15:58,290 --> 00:15:59,909 So what we did is we implemented rules 450 00:15:59,910 --> 00:16:02,309 based system where you try to detect 451 00:16:02,310 --> 00:16:04,649 it. Then you do it again with the guesses 452 00:16:04,650 --> 00:16:07,919 that might be potentially correct 453 00:16:07,920 --> 00:16:10,319 and you do it over and over again. 454 00:16:10,320 --> 00:16:12,839 And in the end, as the noise 455 00:16:12,840 --> 00:16:15,569 will not affect the same guess 456 00:16:15,570 --> 00:16:17,969 all the time, it will work, 457 00:16:17,970 --> 00:16:19,740 but it might take certain rewards. 458 00:16:21,420 --> 00:16:23,460 So I'll show you some results for 459 00:16:24,480 --> 00:16:26,519 Windows attacks or we implemented it to 460 00:16:26,520 --> 00:16:28,769 attack, to basically leak 461 00:16:28,770 --> 00:16:31,229 the anti the address of a neighboring 462 00:16:31,230 --> 00:16:33,599 Windows 64 bit system. 463 00:16:33,600 --> 00:16:34,889 So if you look at the entropy, you see 464 00:16:34,890 --> 00:16:36,509 basically for data, it's quite high. 465 00:16:36,510 --> 00:16:38,669 So that approach wouldn't work that 466 00:16:38,670 --> 00:16:39,670 easily, 467 00:16:41,040 --> 00:16:43,139 at least not if you have no control 468 00:16:43,140 --> 00:16:45,329 over how this the secret is is 469 00:16:45,330 --> 00:16:46,229 aligned. 470 00:16:46,230 --> 00:16:48,419 So basically for us, we have 19 bits of 471 00:16:48,420 --> 00:16:50,189 entropy. And if you have the basic rights 472 00:16:50,190 --> 00:16:52,289 of one entity, you basically can 473 00:16:52,290 --> 00:16:54,089 use it in your exploits for all the other 474 00:16:54,090 --> 00:16:55,620 processes because it's usually not 475 00:16:56,690 --> 00:16:57,990 re randomized. 476 00:16:59,550 --> 00:17:02,639 So we did it with a standard KVM, 477 00:17:02,640 --> 00:17:04,679 some configuration with sleeplessly sex 478 00:17:04,680 --> 00:17:06,299 to that's default. 479 00:17:06,300 --> 00:17:08,098 And basically, you see when we attack one 480 00:17:08,099 --> 00:17:10,229 single B.M., it took us a bit less than 481 00:17:10,230 --> 00:17:12,479 five hours to basically 482 00:17:12,480 --> 00:17:14,769 do that. And we had like some rounds 483 00:17:14,770 --> 00:17:17,098 until we reduced entropy from 19 484 00:17:17,099 --> 00:17:19,169 bits to to the actual base 485 00:17:19,170 --> 00:17:20,170 address. 486 00:17:20,849 --> 00:17:22,409 And we also wanted to show that it works 487 00:17:22,410 --> 00:17:24,568 with multiple V, so we speeded up 488 00:17:24,569 --> 00:17:26,338 the memory application by having sleep 489 00:17:26,339 --> 00:17:27,749 merely six 20. 490 00:17:27,750 --> 00:17:29,819 And there you see, even if you have more 491 00:17:29,820 --> 00:17:31,079 victim VMS, it works. 492 00:17:31,080 --> 00:17:33,329 It just takes more time because the sleep 493 00:17:33,330 --> 00:17:36,179 time detection will tell you to wait more 494 00:17:36,180 --> 00:17:38,279 because you have more memory that is 495 00:17:38,280 --> 00:17:39,280 used. 496 00:17:40,920 --> 00:17:43,379 So in the end, it looks like we have a 497 00:17:43,380 --> 00:17:44,669 woman, but we don't have that much time, 498 00:17:44,670 --> 00:17:45,839 so just show you the screenshot. 499 00:17:45,840 --> 00:17:47,609 We have a demo for for another attack 500 00:17:47,610 --> 00:17:48,610 later. 501 00:17:49,260 --> 00:17:51,819 Basically, here you have the attacker, 502 00:17:51,820 --> 00:17:54,239 B.M. and on the right, you have the 503 00:17:54,240 --> 00:17:56,399 victim and you do 504 00:17:56,400 --> 00:17:58,529 your magic. Do you allocate 505 00:17:58,530 --> 00:18:00,719 these pages right times and so 506 00:18:00,720 --> 00:18:02,939 on. And in the end, you just have 507 00:18:02,940 --> 00:18:05,339 the base address of of the entity 508 00:18:05,340 --> 00:18:06,449 in the other VM. 509 00:18:06,450 --> 00:18:07,450 That's it. 510 00:18:09,030 --> 00:18:11,189 So the attack is rather 511 00:18:11,190 --> 00:18:12,869 slow, I will say, but there were a lot of 512 00:18:12,870 --> 00:18:14,489 speed improvements that we didn't 513 00:18:14,490 --> 00:18:16,559 actually follow up with, but 514 00:18:16,560 --> 00:18:18,119 one way would be to have more random 515 00:18:18,120 --> 00:18:20,379 pages in between so that 516 00:18:20,380 --> 00:18:22,589 the noise will not affect your guess 517 00:18:22,590 --> 00:18:24,209 or the probability is lower. 518 00:18:24,210 --> 00:18:25,210 That happens. 519 00:18:26,010 --> 00:18:27,539 And the other thing is you can also use 520 00:18:27,540 --> 00:18:28,859 more than one gasp. 521 00:18:28,860 --> 00:18:31,769 Try to have redundancy already 522 00:18:31,770 --> 00:18:33,299 because you might have for example, we 523 00:18:33,300 --> 00:18:35,069 located code pages that all have that 524 00:18:35,070 --> 00:18:37,019 secret. So we can just use many of them. 525 00:18:37,020 --> 00:18:39,209 Right. The only thing is you cannot use 526 00:18:39,210 --> 00:18:41,369 the same page because if you have it two 527 00:18:41,370 --> 00:18:44,099 times with the same gas, then you create 528 00:18:44,100 --> 00:18:45,629 this emerging opportunity and you have a 529 00:18:45,630 --> 00:18:47,219 false positive. So we need different 530 00:18:47,220 --> 00:18:50,009 pages that all have the same 531 00:18:50,010 --> 00:18:51,809 uncertainty or the same secret. 532 00:18:53,940 --> 00:18:56,069 Now, I will say cool 533 00:18:56,070 --> 00:18:58,289 tech, but the problem is it's still quite 534 00:18:58,290 --> 00:18:59,159 limited. 535 00:18:59,160 --> 00:19:01,199 So one problem is we don't have any 536 00:19:01,200 --> 00:19:02,699 control over the victim memory. 537 00:19:02,700 --> 00:19:05,189 Right. So we really have to rely on 538 00:19:05,190 --> 00:19:07,289 how these pages are, what 539 00:19:07,290 --> 00:19:09,569 the layout of these pages are, and 540 00:19:09,570 --> 00:19:12,449 also where the secret actually is. 541 00:19:12,450 --> 00:19:14,009 And we need to find these pages so there 542 00:19:14,010 --> 00:19:15,989 is no control, but some control would 543 00:19:15,990 --> 00:19:17,479 actually help a lot. 544 00:19:17,480 --> 00:19:18,869 So we didn't really investigate that. 545 00:19:18,870 --> 00:19:20,109 How we can do that, Crosslin. 546 00:19:21,480 --> 00:19:22,889 And then, of course, it's a league, 547 00:19:22,890 --> 00:19:25,379 right? So you still need a vulnerability 548 00:19:25,380 --> 00:19:27,419 to exploit the base of risk. 549 00:19:27,420 --> 00:19:28,409 For example, a secret. 550 00:19:28,410 --> 00:19:31,019 I forgot if that's not enough. 551 00:19:31,020 --> 00:19:33,389 But last year, I mean, there was 552 00:19:33,390 --> 00:19:35,549 a lot of a lot of talks 553 00:19:35,550 --> 00:19:37,059 and a lot of publications about 554 00:19:37,060 --> 00:19:38,069 Warhammer. 555 00:19:38,070 --> 00:19:40,199 Even here at the Congress, 556 00:19:40,200 --> 00:19:42,659 Clementine and Daniel presented 557 00:19:42,660 --> 00:19:44,459 all. So basically to show that it's 558 00:19:44,460 --> 00:19:46,199 possible in JavaScript. 559 00:19:46,200 --> 00:19:47,670 So let's say 560 00:19:48,840 --> 00:19:51,209 we are we were optimistic that 561 00:19:51,210 --> 00:19:52,889 we could do more. 562 00:19:52,890 --> 00:19:55,079 And then Microsoft basically enabled 563 00:19:55,080 --> 00:19:57,509 marmorated application, what we noticed 564 00:19:57,510 --> 00:19:59,589 for Windows eight point one and 10 565 00:19:59,590 --> 00:20:01,829 across process, 566 00:20:01,830 --> 00:20:03,449 but disabled again. 567 00:20:03,450 --> 00:20:05,579 So it's not enabled anymore, 568 00:20:05,580 --> 00:20:07,589 but let's say would have been cool, but 569 00:20:07,590 --> 00:20:08,729 it didn't go that well. 570 00:20:23,190 --> 00:20:25,709 So for the next attack, we call that 571 00:20:25,710 --> 00:20:27,989 Makina, we tried to take it a step 572 00:20:27,990 --> 00:20:28,990 further. 573 00:20:29,560 --> 00:20:31,779 Um, so in this attack, 574 00:20:31,780 --> 00:20:32,780 we're going to 575 00:20:33,940 --> 00:20:36,249 combine the occasion as 576 00:20:36,250 --> 00:20:38,799 such an attack with a hammer 577 00:20:38,800 --> 00:20:41,379 in order to exploit a 578 00:20:41,380 --> 00:20:43,569 Microsoft Edge new 579 00:20:43,570 --> 00:20:46,179 browser from JavaScript 580 00:20:46,180 --> 00:20:48,369 without making use of any software books. 581 00:20:50,360 --> 00:20:52,879 Or, well, if you consider 582 00:20:52,880 --> 00:20:54,419 if you don't consider deduplication a 583 00:20:54,420 --> 00:20:55,849 software book. 584 00:20:55,850 --> 00:20:56,850 And 585 00:20:58,670 --> 00:21:00,650 so we're going to link to secrets 586 00:21:02,150 --> 00:21:04,339 and we're going to use the occasion to do 587 00:21:04,340 --> 00:21:05,629 this. 588 00:21:05,630 --> 00:21:06,650 The first secret is 589 00:21:07,730 --> 00:21:10,219 a hip, a hip pointer. 590 00:21:10,220 --> 00:21:12,319 It's a location to data we control. 591 00:21:13,340 --> 00:21:16,429 And the second secret is a code pointer, 592 00:21:16,430 --> 00:21:18,679 and that's needed. 593 00:21:18,680 --> 00:21:20,599 And those two secrets are needed. 594 00:21:20,600 --> 00:21:23,149 The two together 595 00:21:23,150 --> 00:21:25,039 create a fake object 596 00:21:26,150 --> 00:21:28,249 in our memory. 597 00:21:28,250 --> 00:21:30,429 But then we have a problem because 598 00:21:30,430 --> 00:21:32,089 this fake object will allow us to do 599 00:21:32,090 --> 00:21:33,989 arbitrary rietz and arbitrary rights in 600 00:21:33,990 --> 00:21:34,909 memory. 601 00:21:34,910 --> 00:21:35,839 But we have a problem. 602 00:21:35,840 --> 00:21:37,579 JavaScript, of course, doesn't allow us 603 00:21:37,580 --> 00:21:39,829 to create references to this 604 00:21:39,830 --> 00:21:41,989 fake object. It's just in data. 605 00:21:41,990 --> 00:21:44,059 So we will use Rosmer to flip a 606 00:21:44,060 --> 00:21:47,329 bit in a pointer and point 607 00:21:47,330 --> 00:21:48,330 this pointer to 608 00:21:49,490 --> 00:21:50,689 our fake object. And then we are 609 00:21:50,690 --> 00:21:52,970 basically we can take over the process. 610 00:21:54,680 --> 00:21:56,749 So in this in contrast to 611 00:21:56,750 --> 00:21:58,969 can in this attack, we 612 00:21:58,970 --> 00:22:01,069 won't only be using be 613 00:22:01,070 --> 00:22:03,769 probing for existing pages of memory. 614 00:22:03,770 --> 00:22:05,779 We will assume that we can 615 00:22:07,100 --> 00:22:09,169 manipulate the data of 616 00:22:09,170 --> 00:22:11,480 the the victim 617 00:22:13,130 --> 00:22:14,929 in some way. 618 00:22:14,930 --> 00:22:17,119 And this is not really unlikely. 619 00:22:17,120 --> 00:22:18,759 If you think about it every time you do 620 00:22:18,760 --> 00:22:21,439 IO to something you 621 00:22:21,440 --> 00:22:24,049 want to attack, then your 622 00:22:24,050 --> 00:22:26,209 manipulating memory in 623 00:22:26,210 --> 00:22:28,399 this process and in this case is 624 00:22:28,400 --> 00:22:29,400 from JavaScript. So 625 00:22:30,800 --> 00:22:31,990 it's even more easier. 626 00:22:33,500 --> 00:22:35,599 And this allows us to not only probe 627 00:22:35,600 --> 00:22:37,459 from for secrets that just happened to be 628 00:22:37,460 --> 00:22:39,589 in pages that we can leak, 629 00:22:39,590 --> 00:22:41,959 but we can craft 630 00:22:41,960 --> 00:22:43,909 memory pages that just contain the 631 00:22:43,910 --> 00:22:46,039 sequence that we want to like. 632 00:22:46,040 --> 00:22:47,900 So there's quite a bit more powerful. 633 00:22:49,640 --> 00:22:51,409 But still there are some problems with 634 00:22:51,410 --> 00:22:52,389 this. 635 00:22:52,390 --> 00:22:54,559 Uh, the secret that we want to link 636 00:22:54,560 --> 00:22:55,759 might not be 637 00:22:57,470 --> 00:22:58,339 somewhere. 638 00:22:58,340 --> 00:23:00,859 Uh, the secret we want to 639 00:23:00,860 --> 00:23:03,409 is probably somewhere in the page, 640 00:23:03,410 --> 00:23:05,299 which contains other information that we 641 00:23:05,300 --> 00:23:07,399 don't know. And then we cannot craft 642 00:23:07,400 --> 00:23:08,779 a page to leak the secret. 643 00:23:08,780 --> 00:23:11,719 So we need to find a way to 644 00:23:11,720 --> 00:23:13,879 kind of encode the secrets into 645 00:23:13,880 --> 00:23:14,880 a memory page 646 00:23:16,470 --> 00:23:19,309 so that we can 647 00:23:19,310 --> 00:23:20,699 retrieve the secrets again. 648 00:23:20,700 --> 00:23:22,759 So, uh, so so the 649 00:23:22,760 --> 00:23:24,919 secrets, the memory patients we want 650 00:23:24,920 --> 00:23:27,289 to leak should contain only 651 00:23:27,290 --> 00:23:30,239 the secret and data known to us. 652 00:23:30,240 --> 00:23:32,419 Um, so this 653 00:23:32,420 --> 00:23:34,579 could be that, uh, because 654 00:23:34,580 --> 00:23:36,769 this data was written 655 00:23:36,770 --> 00:23:39,769 by us into the space of the victim 656 00:23:39,770 --> 00:23:41,809 or it's just data that we know. 657 00:23:41,810 --> 00:23:42,810 Uh. 658 00:23:44,580 --> 00:23:46,979 Yeah, but that we know 659 00:23:46,980 --> 00:23:48,809 the contents of in some way 660 00:23:50,430 --> 00:23:52,529 and there's a second problem, we 661 00:23:52,530 --> 00:23:54,599 might want to leak a secret which has 662 00:23:54,600 --> 00:23:57,059 too much entropy, so much entropy 663 00:23:57,060 --> 00:23:59,279 that we cannot possibly 664 00:23:59,280 --> 00:24:01,349 brute force the whole 665 00:24:01,350 --> 00:24:03,829 all the possible secrets. 666 00:24:03,830 --> 00:24:06,179 Uh, and for this, we have found 667 00:24:06,180 --> 00:24:09,299 some ways to get around this and 668 00:24:09,300 --> 00:24:11,339 leak secrets iteratively. 669 00:24:11,340 --> 00:24:13,739 Um, the first 670 00:24:13,740 --> 00:24:14,940 method we, uh, 671 00:24:16,440 --> 00:24:18,629 we tried was we call 672 00:24:18,630 --> 00:24:21,569 alignment probing in this, uh, 673 00:24:21,570 --> 00:24:23,759 this case, we 674 00:24:23,760 --> 00:24:26,039 manipulate the victim 675 00:24:26,040 --> 00:24:28,469 into creating a memory patch 676 00:24:28,470 --> 00:24:30,539 or putting the secret somewhere 677 00:24:30,540 --> 00:24:33,689 across memory page boundaries. 678 00:24:33,690 --> 00:24:34,829 In this way, we can. 679 00:24:36,270 --> 00:24:38,489 Uh, in this way, we can 680 00:24:38,490 --> 00:24:40,709 only we can partially 681 00:24:40,710 --> 00:24:41,910 leaked the secrets in one. 682 00:24:43,860 --> 00:24:46,259 In one round 683 00:24:46,260 --> 00:24:48,839 and then when we 684 00:24:48,840 --> 00:24:50,909 done that, 685 00:24:50,910 --> 00:24:53,219 we have to get the victim to 686 00:24:53,220 --> 00:24:55,499 create a memory page with the sequence, 687 00:24:55,500 --> 00:24:57,659 slightly, slightly more of the secret in 688 00:24:57,660 --> 00:24:59,819 one page and so 689 00:24:59,820 --> 00:25:01,979 on and so on until we link 690 00:25:01,980 --> 00:25:03,599 the whole sequence. 691 00:25:03,600 --> 00:25:05,069 The second primitive, we 692 00:25:07,020 --> 00:25:09,299 tried what we call partial 693 00:25:09,300 --> 00:25:11,909 reuse, where we assume that 694 00:25:11,910 --> 00:25:14,159 the the victim 695 00:25:14,160 --> 00:25:15,629 has a secret somewhere. 696 00:25:15,630 --> 00:25:17,569 And then we write data, 697 00:25:18,810 --> 00:25:21,389 for example, in a buffer that 698 00:25:21,390 --> 00:25:23,489 was previously used to store the secret. 699 00:25:23,490 --> 00:25:25,500 And then we write in this buffer 700 00:25:27,780 --> 00:25:29,579 and overwrite only part of the sequence. 701 00:25:29,580 --> 00:25:32,969 And then again, the entropy, 702 00:25:32,970 --> 00:25:35,729 again, such as entropy, is low enough to, 703 00:25:35,730 --> 00:25:37,530 uh, to leak it. 704 00:25:39,600 --> 00:25:41,699 Uh, and the first 705 00:25:41,700 --> 00:25:42,700 of these to 706 00:25:43,800 --> 00:25:46,229 allow probing is 707 00:25:46,230 --> 00:25:48,239 what we are going to use to leak the code 708 00:25:48,240 --> 00:25:49,739 address in this case. 709 00:25:51,010 --> 00:25:53,159 Um, and we're going to make 710 00:25:53,160 --> 00:25:55,299 use of, uh, uh, 711 00:25:55,300 --> 00:25:57,989 just git's, uh, 712 00:25:57,990 --> 00:26:00,189 compiler. So every modern browser has a 713 00:26:00,190 --> 00:26:02,519 compiler compiling 714 00:26:02,520 --> 00:26:04,589 JavaScript to native 715 00:26:04,590 --> 00:26:06,809 code. And, uh, for 716 00:26:06,810 --> 00:26:09,359 every chunk that's translated in 717 00:26:09,360 --> 00:26:11,669 edge, um, the 718 00:26:11,670 --> 00:26:13,739 the function epilogs at the last 719 00:26:13,740 --> 00:26:15,929 part of the transitive code is oh it 720 00:26:15,930 --> 00:26:18,089 looks the same except for one 721 00:26:18,090 --> 00:26:20,159 thing, namely a code address. 722 00:26:20,160 --> 00:26:22,889 So uh and 723 00:26:22,890 --> 00:26:25,019 what we did was create lots of 724 00:26:25,020 --> 00:26:27,149 uh JavaScript functions which are 725 00:26:27,150 --> 00:26:29,879 just uh 726 00:26:29,880 --> 00:26:32,009 uh just too big to fit 727 00:26:32,010 --> 00:26:34,109 into one memory page such 728 00:26:34,110 --> 00:26:36,299 that the code address 729 00:26:36,300 --> 00:26:38,669 spans multiple pages. 730 00:26:38,670 --> 00:26:41,159 And then, uh, 731 00:26:41,160 --> 00:26:43,469 well normally the code is 19 732 00:26:43,470 --> 00:26:45,749 bits. So it wouldn't we would need two 733 00:26:45,750 --> 00:26:47,549 gigabytes of memory in this case. 734 00:26:47,550 --> 00:26:49,829 We need on the 16, 735 00:26:49,830 --> 00:26:50,830 I believe. 736 00:26:52,040 --> 00:26:53,040 Um, 737 00:26:55,530 --> 00:26:58,129 and so, um, 738 00:26:58,130 --> 00:27:00,209 so so we in this way we can in one 739 00:27:00,210 --> 00:27:02,789 sweep we can lick 740 00:27:02,790 --> 00:27:04,409 like part of the address and then the 741 00:27:04,410 --> 00:27:06,180 second so we can look at the complete 742 00:27:07,440 --> 00:27:08,440 value. 743 00:27:10,350 --> 00:27:12,660 So now we have a code pointer. 744 00:27:13,950 --> 00:27:16,349 Um, but we still need to 745 00:27:16,350 --> 00:27:17,879 point out and there's a problem with 746 00:27:17,880 --> 00:27:20,429 this, uh, we didn't find 747 00:27:20,430 --> 00:27:22,079 a situation where we could link the 748 00:27:22,080 --> 00:27:24,149 pointer directly using the two 749 00:27:24,150 --> 00:27:26,189 primitives before. 750 00:27:26,190 --> 00:27:28,499 And the point out has 751 00:27:28,500 --> 00:27:29,639 quite a lot of entropy. 752 00:27:29,640 --> 00:27:31,889 So this is an example 753 00:27:31,890 --> 00:27:34,089 of a hip pointer in, uh, my 754 00:27:34,090 --> 00:27:35,090 edge. 755 00:27:35,820 --> 00:27:38,219 There are some advertize randomness on 756 00:27:38,220 --> 00:27:40,529 Windows ten, twenty four bits 757 00:27:40,530 --> 00:27:41,729 of randomness. 758 00:27:41,730 --> 00:27:44,549 And if we only look at that part, uh, 759 00:27:44,550 --> 00:27:46,769 we need sixty four gigabytes 760 00:27:46,770 --> 00:27:48,569 of memory just to try it. 761 00:27:48,570 --> 00:27:51,599 Every one, every every possibility. 762 00:27:51,600 --> 00:27:54,329 And then we need to multiply this by 763 00:27:54,330 --> 00:27:56,609 a bit to get redundancy 764 00:27:56,610 --> 00:27:57,630 because there is noise. 765 00:27:58,690 --> 00:28:00,749 Um, but if 766 00:28:00,750 --> 00:28:03,059 we look at uh uh our 767 00:28:03,060 --> 00:28:04,559 point, actually it looks like there's 768 00:28:04,560 --> 00:28:06,689 also some kind of lots of non 769 00:28:06,690 --> 00:28:09,449 determinism which actually 770 00:28:09,450 --> 00:28:12,059 increases the the entropy 771 00:28:12,060 --> 00:28:13,709 of the point by quite a bit. 772 00:28:13,710 --> 00:28:15,809 And yeah, we don't have hundreds of 773 00:28:15,810 --> 00:28:17,400 terabytes of memory to probe, 774 00:28:18,450 --> 00:28:20,519 so we needed to find 775 00:28:20,520 --> 00:28:21,520 something else. 776 00:28:22,500 --> 00:28:24,439 We could improve this a bit. 777 00:28:24,440 --> 00:28:26,519 Um, we found another side 778 00:28:26,520 --> 00:28:28,709 channel. So if you allocate lots of 779 00:28:28,710 --> 00:28:31,079 arrays, then every 780 00:28:31,080 --> 00:28:32,080 one megabyte, 781 00:28:33,450 --> 00:28:35,219 the browser will ask the operating system 782 00:28:35,220 --> 00:28:37,859 for an extra megabyte of memory. 783 00:28:37,860 --> 00:28:40,139 And then the first 784 00:28:40,140 --> 00:28:42,569 object that fits in to the new, 785 00:28:42,570 --> 00:28:44,759 uh, uh, one 786 00:28:44,760 --> 00:28:46,949 megabyte, it 787 00:28:46,950 --> 00:28:48,809 will take longer to allocate. 788 00:28:48,810 --> 00:28:50,650 And that's something you can detect. 789 00:28:52,230 --> 00:28:54,539 So then, um, we have a timing 790 00:28:54,540 --> 00:28:56,919 channel and then we can reduce 791 00:28:56,920 --> 00:28:59,429 entropy to 20 bits, 792 00:28:59,430 --> 00:29:02,099 but we don't already 793 00:29:02,100 --> 00:29:04,259 need at least four gigabytes of memory. 794 00:29:04,260 --> 00:29:06,029 So that's also not 795 00:29:07,110 --> 00:29:08,979 nearly good enough. 796 00:29:08,980 --> 00:29:11,159 Um, so we 797 00:29:11,160 --> 00:29:12,359 have to find something else. 798 00:29:12,360 --> 00:29:14,489 Well, but we found something else, 799 00:29:15,630 --> 00:29:17,699 something, uh, very much 800 00:29:17,700 --> 00:29:20,189 like, uh, 801 00:29:20,190 --> 00:29:22,409 uh, intuition is very much 802 00:29:22,410 --> 00:29:24,479 like that of the birthday problem, 803 00:29:24,480 --> 00:29:27,689 which, uh, uh, 804 00:29:27,690 --> 00:29:30,389 in which you in a very, 805 00:29:30,390 --> 00:29:32,969 um, in a surprisingly 806 00:29:32,970 --> 00:29:35,429 small group of people, the chances 807 00:29:35,430 --> 00:29:36,430 of. 808 00:29:37,150 --> 00:29:39,759 Two people sharing the same birthday 809 00:29:39,760 --> 00:29:41,829 is actually becomes pretty 810 00:29:41,830 --> 00:29:42,830 high, 811 00:29:43,930 --> 00:29:45,999 more than more than you would not usually 812 00:29:46,000 --> 00:29:48,429 think faster than you would 813 00:29:48,430 --> 00:29:50,589 think that Iffley 814 00:29:50,590 --> 00:29:52,479 and the intuition behind this is that 815 00:29:52,480 --> 00:29:54,519 you're not comparing one person's 816 00:29:54,520 --> 00:29:57,009 birthday with a group of other people, 817 00:29:57,010 --> 00:29:57,999 with other people. 818 00:29:58,000 --> 00:29:59,859 You're actually comparing everybody's 819 00:29:59,860 --> 00:30:02,949 birthday with everybody else's birthday. 820 00:30:02,950 --> 00:30:05,079 And when you think about it, 821 00:30:05,080 --> 00:30:07,209 this is exactly what memory, the 822 00:30:07,210 --> 00:30:09,309 memory, the routine 823 00:30:09,310 --> 00:30:10,209 does as well. 824 00:30:10,210 --> 00:30:11,949 It compares every page with every other 825 00:30:11,950 --> 00:30:13,119 page. 826 00:30:13,120 --> 00:30:15,459 So how can we exploit 827 00:30:15,460 --> 00:30:16,239 this in practice? 828 00:30:16,240 --> 00:30:18,279 Well, we're going to assume that we don't 829 00:30:18,280 --> 00:30:19,440 have one secret civic, 830 00:30:20,500 --> 00:30:22,899 but lots of secrets 831 00:30:22,900 --> 00:30:24,849 and then we have lots of guesses. 832 00:30:24,850 --> 00:30:26,319 And then there's a 833 00:30:27,430 --> 00:30:29,649 comparatively guess with every secret. 834 00:30:29,650 --> 00:30:31,959 And then you get, yeah, 835 00:30:31,960 --> 00:30:33,489 we need way less memory. 836 00:30:35,190 --> 00:30:36,190 So 837 00:30:37,490 --> 00:30:39,659 so in practice, this becomes 838 00:30:39,660 --> 00:30:42,209 secrets and then 839 00:30:42,210 --> 00:30:44,369 you kind of need this, you don't 840 00:30:44,370 --> 00:30:47,069 need as many different 841 00:30:47,070 --> 00:30:48,829 guests to actually get the match. 842 00:30:51,130 --> 00:30:53,229 So how do we exploit this in 843 00:30:53,230 --> 00:30:56,049 practice? Well, we have this 844 00:30:56,050 --> 00:30:57,759 we allocate lots of objects and then we 845 00:30:57,760 --> 00:30:59,619 get the due to the other side channel, we 846 00:30:59,620 --> 00:31:00,620 get to 847 00:31:02,720 --> 00:31:04,809 a list of objects which have are 848 00:31:04,810 --> 00:31:07,089 probably on one on the megabyte 849 00:31:07,090 --> 00:31:08,090 boundary. 850 00:31:08,580 --> 00:31:10,839 And then we look 851 00:31:10,840 --> 00:31:13,259 at the large array, which, of course, 852 00:31:13,260 --> 00:31:15,989 is in practice just memory pages, 853 00:31:15,990 --> 00:31:18,329 and then we put a reference to 854 00:31:18,330 --> 00:31:20,549 or a pointer to each object in 855 00:31:20,550 --> 00:31:23,579 this array. So and then 856 00:31:23,580 --> 00:31:25,739 there's one pointer 857 00:31:25,740 --> 00:31:26,939 from memory page. 858 00:31:26,940 --> 00:31:29,069 So these very pages kind of 859 00:31:29,070 --> 00:31:31,319 encode the addresses of 860 00:31:31,320 --> 00:31:33,839 the of the objects 861 00:31:33,840 --> 00:31:36,329 and those pages we're going to 862 00:31:36,330 --> 00:31:37,769 probe for. 863 00:31:37,770 --> 00:31:38,849 And then on the other end. 864 00:31:39,920 --> 00:31:41,809 We're using a type array which allows us 865 00:31:41,810 --> 00:31:44,029 to completely control the binary 866 00:31:44,030 --> 00:31:46,099 contents of memory, 867 00:31:47,120 --> 00:31:49,759 and then we're going to 868 00:31:49,760 --> 00:31:51,710 create references to 869 00:31:53,300 --> 00:31:55,309 objects which are one hundred and twenty 870 00:31:55,310 --> 00:31:56,359 eight megabytes apart. 871 00:31:57,610 --> 00:31:59,589 And then recreate the contents 872 00:32:00,670 --> 00:32:01,670 of the 873 00:32:02,950 --> 00:32:05,229 of the the pages that 874 00:32:05,230 --> 00:32:07,449 the, um, 875 00:32:07,450 --> 00:32:09,129 the contents of the letter. 876 00:32:09,130 --> 00:32:11,079 How that would look like if they were in 877 00:32:11,080 --> 00:32:12,080 the array. 878 00:32:13,030 --> 00:32:15,309 So so 879 00:32:15,310 --> 00:32:17,499 you can see the the secret pages are 880 00:32:17,500 --> 00:32:19,719 close together and one 881 00:32:19,720 --> 00:32:21,629 megabyte the parts and then the 882 00:32:21,630 --> 00:32:23,979 properties range 883 00:32:23,980 --> 00:32:26,199 across the entire address, the possible 884 00:32:26,200 --> 00:32:28,509 other space that 885 00:32:28,510 --> 00:32:30,909 that's that you might possibly use. 886 00:32:30,910 --> 00:32:32,679 And then in the middle there's a hit and 887 00:32:32,680 --> 00:32:34,749 then we get our address 888 00:32:36,060 --> 00:32:37,060 going to a. 889 00:32:39,200 --> 00:32:41,479 Belonging to an object 890 00:32:41,480 --> 00:32:42,800 where we control the data. 891 00:32:44,110 --> 00:32:47,049 So now we have 892 00:32:47,050 --> 00:32:48,729 the all the information to create a fake 893 00:32:48,730 --> 00:32:49,879 object. 894 00:32:49,880 --> 00:32:52,809 Now we're going to use Rosemere to create 895 00:32:52,810 --> 00:32:54,309 a reference to this object to 896 00:32:55,510 --> 00:32:57,729 allow us to use it. 897 00:32:57,730 --> 00:33:00,819 So the object is a type of array, 898 00:33:00,820 --> 00:33:02,679 the fake object that we make, which 899 00:33:02,680 --> 00:33:04,449 allows us to basically control, 900 00:33:05,860 --> 00:33:07,960 read and write the entire airspace. 901 00:33:09,660 --> 00:33:12,899 Um, so this doctora 902 00:33:12,900 --> 00:33:15,059 this this type of object, this 903 00:33:15,060 --> 00:33:18,359 fake object we recreate in. 904 00:33:18,360 --> 00:33:20,579 A JavaScript, right, that we 905 00:33:20,580 --> 00:33:22,949 know the address of 906 00:33:22,950 --> 00:33:23,950 and then. 907 00:33:26,410 --> 00:33:28,779 The next JavaScript array as a pointer 908 00:33:28,780 --> 00:33:31,179 to it, and then we 909 00:33:31,180 --> 00:33:33,189 recreate in such a way that if we flip a 910 00:33:33,190 --> 00:33:35,979 bit, the pointer will 911 00:33:35,980 --> 00:33:38,049 point to our object instead of the 912 00:33:38,050 --> 00:33:39,050 array. 913 00:33:40,170 --> 00:33:42,449 And that's what we're going 914 00:33:42,450 --> 00:33:43,950 to use, the real hammer attack. 915 00:33:46,170 --> 00:33:48,629 Yes, like Antonio 916 00:33:48,630 --> 00:33:50,039 said last year, 917 00:33:51,270 --> 00:33:53,159 some of you might have seen the volume of 918 00:33:53,160 --> 00:33:54,729 just talk. 919 00:33:54,730 --> 00:33:57,059 Um, we were 920 00:33:57,060 --> 00:33:59,489 able to reproduce, uh, 921 00:33:59,490 --> 00:34:01,859 their findings and, uh, 922 00:34:01,860 --> 00:34:04,409 on Windows ten, uh, 923 00:34:04,410 --> 00:34:06,919 and use it to 924 00:34:06,920 --> 00:34:08,039 for it attack. 925 00:34:09,750 --> 00:34:12,149 In the Rome attack, the problem 926 00:34:12,150 --> 00:34:13,980 is that our memory. 927 00:34:15,870 --> 00:34:18,509 Use this capacity, the capacity 928 00:34:18,510 --> 00:34:20,849 to store, uh, memory, uh, store 929 00:34:20,850 --> 00:34:23,069 data, and when you have to when 930 00:34:23,070 --> 00:34:25,559 you read it, the capacitors are drained. 931 00:34:25,560 --> 00:34:27,629 So, um, these 932 00:34:27,630 --> 00:34:29,879 capacitors are stored in rows. 933 00:34:29,880 --> 00:34:32,069 And then because they are drained, there 934 00:34:32,070 --> 00:34:34,319 has to be some kind of cache which 935 00:34:34,320 --> 00:34:36,509 doesn't lose its use, which 936 00:34:36,510 --> 00:34:38,579 is just, uh, static from 937 00:34:38,580 --> 00:34:39,580 a buffer. 938 00:34:41,110 --> 00:34:43,269 But it's only a limited amount of memory, 939 00:34:43,270 --> 00:34:46,029 so when the memory controller 940 00:34:46,030 --> 00:34:48,129 needs to read a different role, the 941 00:34:48,130 --> 00:34:49,988 data has to be written back to these 942 00:34:49,989 --> 00:34:53,079 capacitors and a different role 943 00:34:53,080 --> 00:34:54,849 is read to the 944 00:34:55,960 --> 00:34:56,960 the buffer. 945 00:34:58,300 --> 00:34:59,739 The problem is that this 946 00:35:00,820 --> 00:35:02,889 interference and if you do this in 947 00:35:02,890 --> 00:35:04,600 quick succession 948 00:35:05,740 --> 00:35:08,170 at a specific locations, then, 949 00:35:09,180 --> 00:35:10,180 um, 950 00:35:11,440 --> 00:35:13,779 and, uh, 951 00:35:13,780 --> 00:35:16,029 then after a while, some bits 952 00:35:16,030 --> 00:35:18,339 may flip in neighboring rows. 953 00:35:18,340 --> 00:35:20,739 And that's what 954 00:35:20,740 --> 00:35:22,989 we used to flip a bit in 955 00:35:22,990 --> 00:35:25,239 the pointer, allowing 956 00:35:25,240 --> 00:35:27,399 us to get a reference to 957 00:35:27,400 --> 00:35:29,949 this object and basically 958 00:35:29,950 --> 00:35:31,739 taking control over the process. 959 00:35:34,070 --> 00:35:36,320 So that's the second attack 960 00:35:37,730 --> 00:35:40,339 in the third attack where 961 00:35:40,340 --> 00:35:43,039 we call what you call flip flops, where 962 00:35:43,040 --> 00:35:45,169 we actually are also 963 00:35:45,170 --> 00:35:47,029 using raw hammer in combination with this 964 00:35:47,030 --> 00:35:49,309 operation, but in a different 965 00:35:49,310 --> 00:35:51,829 way. We won't be using deduplication 966 00:35:51,830 --> 00:35:54,020 as a software side channel anymore, 967 00:35:55,160 --> 00:35:57,349 but we will be using it 968 00:35:57,350 --> 00:35:59,059 to make Rahim more 969 00:36:00,110 --> 00:36:01,250 a more useful 970 00:36:02,330 --> 00:36:03,550 exploitation, primitive. 971 00:36:04,790 --> 00:36:06,289 And our target will be, 972 00:36:07,300 --> 00:36:08,300 uh. 973 00:36:09,890 --> 00:36:12,049 One, on our in 974 00:36:12,050 --> 00:36:14,329 our attack, an attacker 975 00:36:14,330 --> 00:36:16,519 will be in control 976 00:36:16,520 --> 00:36:18,290 of one virtual machine and will 977 00:36:20,030 --> 00:36:21,889 take over another, Froch a machine on the 978 00:36:21,890 --> 00:36:22,890 same system. 979 00:36:24,980 --> 00:36:26,300 So like I said, the 980 00:36:28,640 --> 00:36:30,829 hammer is a rohmer's 981 00:36:30,830 --> 00:36:31,850 a very powerful 982 00:36:32,960 --> 00:36:35,299 attack, but it's it's also 983 00:36:35,300 --> 00:36:37,909 quite difficult to exploit because 984 00:36:37,910 --> 00:36:38,959 you can corrupt bits. 985 00:36:38,960 --> 00:36:41,089 But it's not really you don't 986 00:36:41,090 --> 00:36:43,369 really control which physical bits 987 00:36:43,370 --> 00:36:46,099 in memory are vulnerable to it. 988 00:36:46,100 --> 00:36:48,329 And if you can flip 989 00:36:48,330 --> 00:36:51,019 bits you have to 990 00:36:51,020 --> 00:36:53,420 it did the data, that's 991 00:36:54,560 --> 00:36:57,559 the data that's being corrupted 992 00:36:57,560 --> 00:36:58,879 as to be useful to you. 993 00:36:58,880 --> 00:37:01,309 So you have to you 994 00:37:01,310 --> 00:37:03,379 kind of have a problem of getting 995 00:37:03,380 --> 00:37:05,359 the right data into the right location 996 00:37:05,360 --> 00:37:07,789 for you to exploit. 997 00:37:07,790 --> 00:37:09,889 So it's 998 00:37:09,890 --> 00:37:12,229 unpredictable in 999 00:37:12,230 --> 00:37:14,359 which physical page the 1000 00:37:14,360 --> 00:37:16,039 flip will happen and it's unpredictable 1001 00:37:17,060 --> 00:37:18,199 in which location. 1002 00:37:19,340 --> 00:37:21,559 In this page, it 1003 00:37:21,560 --> 00:37:24,239 might happen if 1004 00:37:24,240 --> 00:37:26,299 we can solve the 1005 00:37:26,300 --> 00:37:27,779 first part for you. 1006 00:37:27,780 --> 00:37:30,049 So given 1007 00:37:30,050 --> 00:37:32,389 that you can flip a bit in some page 1008 00:37:32,390 --> 00:37:34,489 on the same, in some location, in the 1009 00:37:34,490 --> 00:37:36,659 page function, 1010 00:37:36,660 --> 00:37:38,719 I will give you the 1011 00:37:38,720 --> 00:37:41,359 ability to get 1012 00:37:41,360 --> 00:37:43,489 every page, you know, 1013 00:37:43,490 --> 00:37:45,649 the victim has and put it 1014 00:37:45,650 --> 00:37:47,580 in the location where you can flip it. 1015 00:37:48,890 --> 00:37:50,629 Another thing to mention is that with a 1016 00:37:50,630 --> 00:37:53,089 hammer, if you discover 1017 00:37:53,090 --> 00:37:55,279 you can flip a bit somewhere, it's 1018 00:37:55,280 --> 00:37:57,139 very likely you can flip it again and 1019 00:37:57,140 --> 00:37:58,369 again and again and again. 1020 00:37:58,370 --> 00:37:59,370 So. 1021 00:38:02,510 --> 00:38:03,679 So we're going to. 1022 00:38:05,970 --> 00:38:08,099 Look for pages that we 1023 00:38:08,100 --> 00:38:10,139 want to in the victim, that we want to 1024 00:38:10,140 --> 00:38:11,140 flip and then 1025 00:38:12,240 --> 00:38:14,819 make sure that these pages are 1026 00:38:14,820 --> 00:38:16,949 put into a location where 1027 00:38:16,950 --> 00:38:18,050 we can flip this bits. 1028 00:38:19,200 --> 00:38:21,319 So we thought maybe 1029 00:38:21,320 --> 00:38:22,709 the depression is a kind of 1030 00:38:24,660 --> 00:38:26,849 an attractive way of 1031 00:38:26,850 --> 00:38:28,019 doing this. 1032 00:38:28,020 --> 00:38:29,020 We thought 1033 00:38:30,180 --> 00:38:32,309 and we we're working on the Windows 1034 00:38:32,310 --> 00:38:34,439 10 attack and we 1035 00:38:34,440 --> 00:38:36,539 thought, well, what if we 1036 00:38:36,540 --> 00:38:38,639 if we do Rosmer find a bit 1037 00:38:38,640 --> 00:38:39,929 flip? 1038 00:38:39,930 --> 00:38:42,329 What if, uh, if we find 1039 00:38:42,330 --> 00:38:44,399 a page, that's where we want 1040 00:38:44,400 --> 00:38:45,419 to flip a bit. 1041 00:38:45,420 --> 00:38:47,579 We just replicate the same contents 1042 00:38:47,580 --> 00:38:49,469 of this page and then wait for Windows 1043 00:38:51,600 --> 00:38:53,879 to merge them and then hope our our 1044 00:38:53,880 --> 00:38:56,729 look at our page would be the 1045 00:38:56,730 --> 00:38:59,039 the location it would merge 1046 00:38:59,040 --> 00:38:59,369 to. 1047 00:38:59,370 --> 00:39:01,889 But sadly enough, on Windows, 1048 00:39:01,890 --> 00:39:03,959 Windows allocates a new page and and 1049 00:39:03,960 --> 00:39:06,649 points the the the 1050 00:39:06,650 --> 00:39:09,629 old location to the new location. 1051 00:39:09,630 --> 00:39:12,209 However, we found that on 1052 00:39:12,210 --> 00:39:14,369 Linux with a kernel 1053 00:39:14,370 --> 00:39:16,319 patch merging, it didn't. 1054 00:39:16,320 --> 00:39:18,389 So and it had some 1055 00:39:18,390 --> 00:39:19,390 other 1056 00:39:21,180 --> 00:39:23,399 it had some other 1057 00:39:23,400 --> 00:39:25,799 things that are contagious to us. 1058 00:39:25,800 --> 00:39:28,019 For example, Linux 1059 00:39:28,020 --> 00:39:29,020 tries to give 1060 00:39:32,630 --> 00:39:35,849 a physical memory to, uh, 1061 00:39:35,850 --> 00:39:38,369 to a virtual machine host for efficiency 1062 00:39:38,370 --> 00:39:39,719 sake. 1063 00:39:39,720 --> 00:39:42,149 So which makes it 1064 00:39:42,150 --> 00:39:44,309 easier for us to do Rosmer and find bit 1065 00:39:44,310 --> 00:39:46,679 flips and also makes it easier 1066 00:39:46,680 --> 00:39:47,680 for us to 1067 00:39:50,610 --> 00:39:52,859 make sure that this bit flips occur 1068 00:39:52,860 --> 00:39:54,929 in our own memory and not in 1069 00:39:54,930 --> 00:39:57,509 someone else's memory, which 1070 00:39:57,510 --> 00:39:59,879 we wouldn't want to corrupt 1071 00:39:59,880 --> 00:40:01,859 a system before we can exploit it. 1072 00:40:01,860 --> 00:40:04,109 Of course, uh, crash the system before 1073 00:40:04,110 --> 00:40:05,110 we can exploit it. 1074 00:40:06,480 --> 00:40:07,679 So. 1075 00:40:07,680 --> 00:40:09,809 So once we know we can flip a bit, 1076 00:40:09,810 --> 00:40:11,489 that's useful to us. 1077 00:40:11,490 --> 00:40:13,799 We replicate the the 1078 00:40:13,800 --> 00:40:16,109 contents and then wait for 1079 00:40:16,110 --> 00:40:18,239 them to merge 1080 00:40:18,240 --> 00:40:20,489 memory. And we can know 1081 00:40:20,490 --> 00:40:22,889 in a, uh, in a deterministic way 1082 00:40:22,890 --> 00:40:25,169 whether will merge it to 1083 00:40:25,170 --> 00:40:27,329 our page and then 1084 00:40:27,330 --> 00:40:29,639 we do roll them again and then 1085 00:40:29,640 --> 00:40:31,799 we can exploit the 1086 00:40:31,800 --> 00:40:32,800 target victim. 1087 00:40:34,770 --> 00:40:36,959 So one example how we did this 1088 00:40:36,960 --> 00:40:38,759 was by attacking the authorized Keys 1089 00:40:38,760 --> 00:40:39,809 file. 1090 00:40:39,810 --> 00:40:42,059 Authorized Keys files usually contain 1091 00:40:42,060 --> 00:40:43,590 the public keys 1092 00:40:44,790 --> 00:40:46,889 and these public keys are 1093 00:40:46,890 --> 00:40:49,379 not supposed to, uh, 1094 00:40:49,380 --> 00:40:52,649 yeah. They don't have to be kept secret. 1095 00:40:52,650 --> 00:40:55,109 I bet lots of you have probably uploaded 1096 00:40:55,110 --> 00:40:57,299 there are public key to get up 1097 00:40:57,300 --> 00:40:58,379 and they're public. 1098 00:40:58,380 --> 00:40:59,380 So. 1099 00:41:00,480 --> 00:41:01,279 Yeah. 1100 00:41:01,280 --> 00:41:03,419 Um, and what we 1101 00:41:03,420 --> 00:41:05,789 see here is in yellow, 1102 00:41:05,790 --> 00:41:06,779 we see the. 1103 00:41:06,780 --> 00:41:08,969 So this is an RSA public key and 1104 00:41:08,970 --> 00:41:11,339 in yellow we see 1105 00:41:11,340 --> 00:41:13,409 the RSA modulus, uh, 1106 00:41:13,410 --> 00:41:14,730 base64 encoded. 1107 00:41:17,340 --> 00:41:18,389 Um, of course 1108 00:41:19,410 --> 00:41:21,269 we're not supposed to characterize this 1109 00:41:21,270 --> 00:41:22,859 modulus because then we can get the 1110 00:41:22,860 --> 00:41:24,389 private key. 1111 00:41:24,390 --> 00:41:26,909 But in red here 1112 00:41:26,910 --> 00:41:28,769 we have uh uh 1113 00:41:30,590 --> 00:41:33,089 uh uh, characters 1114 00:41:33,090 --> 00:41:35,549 which contain at least one bit 1115 00:41:35,550 --> 00:41:37,679 that one flipped will remain 1116 00:41:37,680 --> 00:41:39,839 base64 encoded, but 1117 00:41:39,840 --> 00:41:42,299 we're able to factories, uh, 1118 00:41:42,300 --> 00:41:44,669 the modulus, um, uh, 1119 00:41:44,670 --> 00:41:45,670 within one minute. 1120 00:41:46,890 --> 00:41:50,039 So that's 1121 00:41:50,040 --> 00:41:52,289 what we did, um, flip 1122 00:41:52,290 --> 00:41:53,789 a bit in the, uh, 1123 00:41:54,960 --> 00:41:57,569 in the modulus factories 1124 00:41:57,570 --> 00:41:59,789 and then reconstruct the private key and 1125 00:41:59,790 --> 00:42:02,010 log in and. 1126 00:42:14,230 --> 00:42:15,940 We have a second example where 1127 00:42:18,000 --> 00:42:20,079 where we target GPG 1128 00:42:20,080 --> 00:42:22,609 and get to exploit 1129 00:42:22,610 --> 00:42:24,939 the mechanism in Debian 1130 00:42:24,940 --> 00:42:25,940 or Ubuntu. 1131 00:42:27,980 --> 00:42:30,099 So this is a two 1132 00:42:30,100 --> 00:42:33,309 stage attack where we first create 1133 00:42:33,310 --> 00:42:35,679 sources that list file to 1134 00:42:35,680 --> 00:42:37,809 redirect the updates 1135 00:42:37,810 --> 00:42:40,209 repository to a domain 1136 00:42:40,210 --> 00:42:42,199 name we control. 1137 00:42:42,200 --> 00:42:43,200 Um, 1138 00:42:46,000 --> 00:42:48,219 and we 1139 00:42:48,220 --> 00:42:50,439 also corrupt a bit in the 1140 00:42:50,440 --> 00:42:52,809 keyring to come up with the signing key 1141 00:42:52,810 --> 00:42:54,760 to a key that we can reconstruct 1142 00:42:56,320 --> 00:42:58,090 and then we can backdoor it, 1143 00:42:59,110 --> 00:43:01,269 uh, and 1144 00:43:01,270 --> 00:43:02,270 then we can backdoor 1145 00:43:04,360 --> 00:43:06,309 packages, uh, being installed. 1146 00:43:06,310 --> 00:43:08,589 So we have a demo for this as well 1147 00:43:12,870 --> 00:43:13,749 first. 1148 00:43:13,750 --> 00:43:16,839 So this attack, uh uh, 1149 00:43:16,840 --> 00:43:18,420 so what you see here is, uh, 1150 00:43:19,570 --> 00:43:22,179 is a machine running both an our 1151 00:43:22,180 --> 00:43:23,799 virtual machine and a victim virtual 1152 00:43:23,800 --> 00:43:24,909 machine. 1153 00:43:24,910 --> 00:43:26,709 Um, in the 1154 00:43:28,090 --> 00:43:30,219 top right corner, there's the 1155 00:43:30,220 --> 00:43:31,989 the victim. Well, in a minute, 1156 00:43:33,140 --> 00:43:35,389 uh, so top 1157 00:43:35,390 --> 00:43:37,150 left, there are some debug information. 1158 00:43:39,460 --> 00:43:41,949 Uh, uh, 1159 00:43:41,950 --> 00:43:44,229 the bottom part is the the 1160 00:43:44,230 --> 00:43:46,489 access log of of a 1161 00:43:46,490 --> 00:43:49,149 piece of data repository server 1162 00:43:49,150 --> 00:43:50,679 that we control. 1163 00:43:50,680 --> 00:43:53,319 And the middle part, uh, 1164 00:43:53,320 --> 00:43:55,539 is used to create the 1165 00:43:55,540 --> 00:43:57,339 fake, uh, 1166 00:43:58,360 --> 00:43:59,829 create the fake package. 1167 00:43:59,830 --> 00:44:02,049 So now nothing happened 1168 00:44:02,050 --> 00:44:04,189 yet and let's get a 1169 00:44:04,190 --> 00:44:05,190 better run. 1170 00:44:06,010 --> 00:44:07,329 So this is all fine. 1171 00:44:07,330 --> 00:44:09,609 But now we're going to flip 1172 00:44:09,610 --> 00:44:11,290 a bit in the source of the list file. 1173 00:44:12,610 --> 00:44:14,829 And then when we do 1174 00:44:14,830 --> 00:44:15,909 get the update again, 1175 00:44:18,220 --> 00:44:21,189 um, there will be an error 1176 00:44:21,190 --> 00:44:23,379 because now it will connect 1177 00:44:23,380 --> 00:44:25,509 to, uh, 1178 00:44:25,510 --> 00:44:27,699 our repository, of 1179 00:44:27,700 --> 00:44:30,099 course, uh, at this 1180 00:44:30,100 --> 00:44:32,679 step doesn't have to be, uh, 1181 00:44:32,680 --> 00:44:33,759 uh, done. 1182 00:44:33,760 --> 00:44:35,019 But this just to show that 1183 00:44:36,040 --> 00:44:38,139 the that it now connects 1184 00:44:38,140 --> 00:44:40,389 to the first to 1185 00:44:40,390 --> 00:44:41,390 our repository. 1186 00:44:42,340 --> 00:44:44,979 Well, then we have to wait for a while to 1187 00:44:44,980 --> 00:44:45,980 find a bit. 1188 00:44:47,930 --> 00:44:49,880 That we can exploit to corrupt. 1189 00:44:55,860 --> 00:44:58,080 And when we have done this, 1190 00:44:59,640 --> 00:45:02,519 we can reconstruct a 1191 00:45:02,520 --> 00:45:05,099 private key and 1192 00:45:05,100 --> 00:45:06,339 create a new package with the new 1193 00:45:06,340 --> 00:45:07,340 assigning, he. 1194 00:45:23,180 --> 00:45:24,180 A new package. 1195 00:45:29,440 --> 00:45:30,440 And then when the. 1196 00:45:34,670 --> 00:45:36,289 When I upgrade this one. 1197 00:45:38,440 --> 00:45:40,899 First, we do a less still, 1198 00:45:40,900 --> 00:45:43,209 OK, but then after 1199 00:45:43,210 --> 00:45:44,210 the update. 1200 00:45:46,310 --> 00:45:48,469 Our colleges run, so. 1201 00:45:59,030 --> 00:46:01,369 So in conclusion, 1202 00:46:01,370 --> 00:46:02,370 I think, 1203 00:46:03,560 --> 00:46:06,199 um, yeah, 1204 00:46:06,200 --> 00:46:08,329 I hope so, we hope to have convinced 1205 00:46:08,330 --> 00:46:10,039 you that memory deterioration can be 1206 00:46:10,040 --> 00:46:12,259 dangerous if you're thinking 1207 00:46:12,260 --> 00:46:14,539 about, uh, employee, uh, 1208 00:46:14,540 --> 00:46:16,609 deploying it, think we'd like 1209 00:46:16,610 --> 00:46:19,219 you to think again and think again. 1210 00:46:19,220 --> 00:46:20,929 I think again and then maybe conclude, 1211 00:46:20,930 --> 00:46:23,029 well, maybe let's 1212 00:46:23,030 --> 00:46:24,030 just disable it. 1213 00:46:25,400 --> 00:46:26,400 Thank you very much. 1214 00:46:36,020 --> 00:46:38,119 So we have time for questions, 1215 00:46:38,120 --> 00:46:40,189 if you do have questions, please come 1216 00:46:40,190 --> 00:46:42,349 forward to one of those four 1217 00:46:42,350 --> 00:46:43,350 microphones. 1218 00:46:45,260 --> 00:46:47,110 Does the Internet have a question for. 1219 00:46:53,230 --> 00:46:55,709 No, no question right now, 1220 00:46:55,710 --> 00:46:58,489 OK, we have a question on the microphone 1221 00:46:58,490 --> 00:47:00,809 on my left side and the front, 1222 00:47:00,810 --> 00:47:03,049 please, please speak loudly into 1223 00:47:03,050 --> 00:47:04,279 the microphone so we can hear you while 1224 00:47:04,280 --> 00:47:05,449 people are leaving. 1225 00:47:05,450 --> 00:47:07,819 I would like to ask, how does this apply 1226 00:47:07,820 --> 00:47:08,929 for large pages? 1227 00:47:08,930 --> 00:47:10,939 So I think in all your examples had small 1228 00:47:10,940 --> 00:47:12,469 pages, FOID Kilobyte. 1229 00:47:12,470 --> 00:47:14,449 So how does this apply to to make op ed 1230 00:47:14,450 --> 00:47:15,739 pages, for example? 1231 00:47:15,740 --> 00:47:17,899 So Kernell same page 1232 00:47:17,900 --> 00:47:20,179 merging employs large 1233 00:47:20,180 --> 00:47:22,759 pages, but actually subtly 1234 00:47:22,760 --> 00:47:23,749 was good for us. 1235 00:47:23,750 --> 00:47:24,750 But certainly 1236 00:47:26,480 --> 00:47:28,579 the same page 1237 00:47:28,580 --> 00:47:31,099 birching prioritizes 1238 00:47:31,100 --> 00:47:34,189 merging over Euge pages. 1239 00:47:34,190 --> 00:47:36,919 So actually we create huge pages 1240 00:47:36,920 --> 00:47:39,049 at the start and to do the Rosemere 1241 00:47:39,050 --> 00:47:41,239 part, that's the creative 1242 00:47:41,240 --> 00:47:42,240 memory 1243 00:47:43,400 --> 00:47:45,349 thing. But when Colonel S. 1244 00:47:45,350 --> 00:47:46,350 Page merging 1245 00:47:48,050 --> 00:47:50,209 finds a page 1246 00:47:50,210 --> 00:47:52,759 which is identical inside this page, 1247 00:47:52,760 --> 00:47:55,069 it will break up the page and merge 1248 00:47:55,070 --> 00:47:55,999 anyway. 1249 00:47:56,000 --> 00:47:58,069 So that's actually the worst 1250 00:47:58,070 --> 00:48:00,199 worst case scenario. 1251 00:48:00,200 --> 00:48:01,280 OK. Thank you. 1252 00:48:02,450 --> 00:48:03,499 Great. Thank you. 1253 00:48:03,500 --> 00:48:05,569 Then the next question would be 1254 00:48:05,570 --> 00:48:06,829 right behind you. Yeah. 1255 00:48:06,830 --> 00:48:07,549 Thank you. 1256 00:48:07,550 --> 00:48:09,649 Yes. About the process of deprecation 1257 00:48:09,650 --> 00:48:11,149 itself. Does it use hashish or other 1258 00:48:11,150 --> 00:48:12,859 things to actually speed up the comparing 1259 00:48:12,860 --> 00:48:14,389 or some sort of exploration, maybe even 1260 00:48:14,390 --> 00:48:16,730 or what to stick and the timing 1261 00:48:18,560 --> 00:48:20,749 before impact of that 1262 00:48:20,750 --> 00:48:22,369 process running on the background. 1263 00:48:22,370 --> 00:48:24,439 So we didn't do, uh, 1264 00:48:24,440 --> 00:48:26,869 research on on the latency, 1265 00:48:26,870 --> 00:48:28,909 but I think it does use some form of 1266 00:48:28,910 --> 00:48:31,129 hashing both on the next and when 1267 00:48:31,130 --> 00:48:32,130 those. 1268 00:48:34,470 --> 00:48:36,629 Yes, and the next question, please, 1269 00:48:36,630 --> 00:48:38,579 and well, before you ask a question, 1270 00:48:38,580 --> 00:48:40,469 could I please ask the audience to remain 1271 00:48:40,470 --> 00:48:42,149 quiet at this point? 1272 00:48:42,150 --> 00:48:43,150 Thank you. 1273 00:48:44,060 --> 00:48:45,800 So these attacks, 1274 00:48:47,060 --> 00:48:49,439 they require that I 1275 00:48:49,440 --> 00:48:51,859 am the attacker own 1276 00:48:51,860 --> 00:48:53,929 or at least have interactive access 1277 00:48:53,930 --> 00:48:56,329 to a virtual machine hosted on 1278 00:48:56,330 --> 00:48:57,330 the same 1279 00:48:58,490 --> 00:49:00,649 host as the 1280 00:49:00,650 --> 00:49:02,149 target machines, right? 1281 00:49:02,150 --> 00:49:04,519 Yes. OK, so 1282 00:49:04,520 --> 00:49:06,649 what are the implications for a 1283 00:49:06,650 --> 00:49:08,869 Siwiec VM or whatever 1284 00:49:08,870 --> 00:49:10,969 environment thinking 1285 00:49:10,970 --> 00:49:13,549 of desktop virtualization 1286 00:49:13,550 --> 00:49:16,069 were? Actually, the virtual 1287 00:49:16,070 --> 00:49:18,229 guests are being used 1288 00:49:18,230 --> 00:49:19,669 for interactive access. 1289 00:49:19,670 --> 00:49:21,769 And so you run JavaScript in 1290 00:49:21,770 --> 00:49:24,619 a browser or whatever, because I'm 1291 00:49:24,620 --> 00:49:26,869 like every week being approached 1292 00:49:26,870 --> 00:49:29,359 by companies trying to sell us desktop 1293 00:49:29,360 --> 00:49:30,559 virtualization. 1294 00:49:30,560 --> 00:49:32,659 So the idea of running 1295 00:49:32,660 --> 00:49:35,239 that gives a complete new 1296 00:49:37,160 --> 00:49:39,649 large open door for four 1297 00:49:39,650 --> 00:49:42,189 metaverse spreading across 1298 00:49:42,190 --> 00:49:43,939 a virtual client computers. 1299 00:49:43,940 --> 00:49:45,919 Right, if they have those desktop 1300 00:49:45,920 --> 00:49:47,029 virtualization. 1301 00:49:47,030 --> 00:49:49,159 So. So, um, our second attack 1302 00:49:49,160 --> 00:49:51,439 that as Machina was done 1303 00:49:51,440 --> 00:49:53,509 on Windows 10 so that we could 1304 00:49:53,510 --> 00:49:55,699 leak information, uh, 1305 00:49:55,700 --> 00:49:58,219 because Windows 10 does 1306 00:49:58,220 --> 00:50:00,349 Mary deduplication not 1307 00:50:00,350 --> 00:50:02,599 only for not for virtual machines, but 1308 00:50:02,600 --> 00:50:04,729 also for its own processes. 1309 00:50:04,730 --> 00:50:06,799 So, uh, and Windows has disabled it. 1310 00:50:06,800 --> 00:50:09,019 But if you run windows 1311 00:50:09,020 --> 00:50:11,089 on the hypervisor where the 1312 00:50:11,090 --> 00:50:13,249 application is yet again 1313 00:50:13,250 --> 00:50:15,169 enabled, then you have the same problem 1314 00:50:15,170 --> 00:50:16,170 again. 1315 00:50:17,960 --> 00:50:20,359 Thank you and then I have a question here 1316 00:50:20,360 --> 00:50:22,519 on the right place. 1317 00:50:22,520 --> 00:50:24,589 Do you also have the problem if 1318 00:50:24,590 --> 00:50:25,910 you so 1319 00:50:27,050 --> 00:50:28,249 are you vulnerable? 1320 00:50:28,250 --> 00:50:29,689 If you have both? 1321 00:50:29,690 --> 00:50:32,129 It's a C memory and 1322 00:50:32,130 --> 00:50:34,399 access to any cryptographic 1323 00:50:34,400 --> 00:50:36,859 secrets from 1324 00:50:36,860 --> 00:50:37,869 deduplication. 1325 00:50:38,980 --> 00:50:41,329 Um, so 1326 00:50:41,330 --> 00:50:43,759 I haven't seen a practical attack 1327 00:50:43,760 --> 00:50:45,769 with this memory on Rosmer. 1328 00:50:45,770 --> 00:50:48,779 I don't know. So, uh. 1329 00:50:48,780 --> 00:50:50,939 Um, and 1330 00:50:50,940 --> 00:50:53,159 I guess if you if 1331 00:50:53,160 --> 00:50:55,139 you have cryptographic secrets and you 1332 00:50:55,140 --> 00:50:57,329 don't duplicate it or you put 1333 00:50:57,330 --> 00:50:58,889 some randomness in there, that is 1334 00:50:58,890 --> 00:51:01,139 impossible to guess, then I'd 1335 00:51:01,140 --> 00:51:03,239 say there's not much 1336 00:51:03,240 --> 00:51:05,399 you can leak from that 1337 00:51:05,400 --> 00:51:07,919 point on. But it's something I think 1338 00:51:07,920 --> 00:51:09,569 it's not. 1339 00:51:09,570 --> 00:51:12,149 You shouldn't burden 1340 00:51:12,150 --> 00:51:14,849 an application developer to 1341 00:51:14,850 --> 00:51:16,949 be aware that their memory, 1342 00:51:16,950 --> 00:51:19,139 even to even be aware of the content 1343 00:51:19,140 --> 00:51:21,389 layout of of their program, 1344 00:51:21,390 --> 00:51:23,549 that most of the time very 1345 00:51:23,550 --> 00:51:25,829 much low level stuff that 1346 00:51:25,830 --> 00:51:28,559 your application developers have now 1347 00:51:28,560 --> 00:51:30,719 shouldn't have to have any concept 1348 00:51:30,720 --> 00:51:33,059 about. So I think this is really 1349 00:51:33,060 --> 00:51:35,159 up to the the 1350 00:51:35,160 --> 00:51:37,529 the operating system and hypervisor 1351 00:51:37,530 --> 00:51:39,629 vendors to not 1352 00:51:39,630 --> 00:51:40,710 use Facebook. 1353 00:51:43,950 --> 00:51:44,369 Thank you. 1354 00:51:44,370 --> 00:51:47,189 And in the back, please, 1355 00:51:47,190 --> 00:51:49,349 when you merge the pages, 1356 00:51:49,350 --> 00:51:51,629 you can have more of you can have two 1357 00:51:51,630 --> 00:51:53,159 in those examples. You can have more of 1358 00:51:53,160 --> 00:51:54,989 them code. You know which page will be 1359 00:51:54,990 --> 00:51:57,059 the one that will be 1360 00:51:57,060 --> 00:51:58,060 the last one. 1361 00:51:59,700 --> 00:52:01,859 So I can merge into it because it 1362 00:52:01,860 --> 00:52:03,689 would be good that it's the one you 1363 00:52:03,690 --> 00:52:04,979 control so we can select the bits. 1364 00:52:04,980 --> 00:52:06,539 And how do you know if you have like five 1365 00:52:06,540 --> 00:52:08,669 VMS and every one every has the 1366 00:52:08,670 --> 00:52:09,869 same page? 1367 00:52:09,870 --> 00:52:11,489 So so it's it's kind of 1368 00:52:12,930 --> 00:52:16,019 complicated. So the um. 1369 00:52:16,020 --> 00:52:18,449 So a sense it's the 1370 00:52:18,450 --> 00:52:20,849 oldest VM that gets merged 1371 00:52:20,850 --> 00:52:22,199 to. 1372 00:52:22,200 --> 00:52:25,019 But there is an exemption 1373 00:52:25,020 --> 00:52:27,149 if you first merge two pages 1374 00:52:27,150 --> 00:52:29,279 and they are put in the 1375 00:52:29,280 --> 00:52:31,619 first, so its first merges to already 1376 00:52:31,620 --> 00:52:33,509 merge pages and then it merges to the 1377 00:52:33,510 --> 00:52:34,889 oldest VM. 1378 00:52:34,890 --> 00:52:37,949 Um and so 1379 00:52:37,950 --> 00:52:40,139 the Saudi attack becomes harder if 1380 00:52:40,140 --> 00:52:42,329 you're the second VM and start to 1381 00:52:42,330 --> 00:52:44,369 flip thinks you need to be the first one. 1382 00:52:44,370 --> 00:52:46,359 So then they will merge into you. 1383 00:52:46,360 --> 00:52:48,029 Well, not necessarily, but the attack 1384 00:52:48,030 --> 00:52:50,369 becomes a bit harder because, um. 1385 00:52:50,370 --> 00:52:52,919 So what you could do is 1386 00:52:52,920 --> 00:52:55,319 if uh. So, so the merging 1387 00:52:55,320 --> 00:52:58,589 happens because files are in the cache. 1388 00:52:58,590 --> 00:53:00,610 So if you can, uh. 1389 00:53:01,880 --> 00:53:04,609 If the files are not yet in the cash 1390 00:53:04,610 --> 00:53:06,080 in the victim because 1391 00:53:07,280 --> 00:53:09,409 no one has tried to log in for a user for 1392 00:53:09,410 --> 00:53:10,410 a long time, 1393 00:53:12,980 --> 00:53:15,049 you might be able to first create two 1394 00:53:15,050 --> 00:53:17,149 pages in your own space, wait for 1395 00:53:17,150 --> 00:53:19,729 it to be duplicated, then 1396 00:53:19,730 --> 00:53:21,559 log in to assess each. 1397 00:53:21,560 --> 00:53:23,689 And then, as I said, you will load it in 1398 00:53:23,690 --> 00:53:25,389 the page and then it gets much to Europe 1399 00:53:25,390 --> 00:53:27,739 that you win because you're already and. 1400 00:53:27,740 --> 00:53:29,010 OK, thanks. 1401 00:53:30,650 --> 00:53:32,719 Thank you. And a question here on the 1402 00:53:32,720 --> 00:53:33,499 front page. 1403 00:53:33,500 --> 00:53:36,559 Yeah. So if I understand correctly, 1404 00:53:36,560 --> 00:53:38,899 the attack works only 1405 00:53:38,900 --> 00:53:40,969 if, you know, if you detect the 1406 00:53:40,970 --> 00:53:43,159 time difference between when 1407 00:53:43,160 --> 00:53:45,259 a copy on happens and when it does 1408 00:53:45,260 --> 00:53:46,339 not. 1409 00:53:46,340 --> 00:53:47,569 Wouldn't it be able to have 1410 00:53:47,570 --> 00:53:50,119 implementations of application with 1411 00:53:50,120 --> 00:53:52,179 some artificial timing edits 1412 00:53:52,180 --> 00:53:55,159 so there's no real difference. 1413 00:53:55,160 --> 00:53:57,289 So, um, well, the 1414 00:53:57,290 --> 00:53:58,789 copy on write takes time. 1415 00:53:58,790 --> 00:54:00,349 So there's um. 1416 00:54:00,350 --> 00:54:02,300 Yeah, that's probably not. 1417 00:54:03,440 --> 00:54:05,569 Yeah. So there's always going to be 1418 00:54:05,570 --> 00:54:06,979 a time difference because you don't want 1419 00:54:06,980 --> 00:54:09,349 to have artificial the 1420 00:54:09,350 --> 00:54:11,519 you don't want to artificially 1421 00:54:11,520 --> 00:54:12,949 slow every right operation. 1422 00:54:12,950 --> 00:54:13,789 That's just. 1423 00:54:13,790 --> 00:54:16,399 But would it be theoretically 1424 00:54:16,400 --> 00:54:17,420 possible to do it. 1425 00:54:19,580 --> 00:54:21,679 If timing is not a constraint then you 1426 00:54:21,680 --> 00:54:24,259 have to do all the right operations. 1427 00:54:24,260 --> 00:54:25,759 You have to slow them down as well. 1428 00:54:25,760 --> 00:54:26,839 Right. 1429 00:54:26,840 --> 00:54:29,030 I mean, this is not feasible in the end. 1430 00:54:32,490 --> 00:54:33,799 Thank you. 1431 00:54:33,800 --> 00:54:35,539 There is a question from the Internet. 1432 00:54:37,070 --> 00:54:38,539 Uh, yes. 1433 00:54:38,540 --> 00:54:40,699 The question is, can this be applied, 1434 00:54:40,700 --> 00:54:43,219 uh, for long P2P keys? 1435 00:54:43,220 --> 00:54:44,220 Can we link them? 1436 00:54:46,180 --> 00:54:48,359 Uh, so 1437 00:54:48,360 --> 00:54:50,569 linking the 1438 00:54:50,570 --> 00:54:52,909 complete contents or breaking them 1439 00:54:52,910 --> 00:54:53,910 or. 1440 00:54:54,890 --> 00:54:56,780 Uh, doesn't say so on the question, 1441 00:55:00,200 --> 00:55:01,729 I suppose it's about leaking them from 1442 00:55:01,730 --> 00:55:02,839 memory. 1443 00:55:02,840 --> 00:55:05,029 Um, if you can find a way 1444 00:55:05,030 --> 00:55:06,830 to, for example, first load them 1445 00:55:07,880 --> 00:55:10,129 and it really depends. 1446 00:55:10,130 --> 00:55:12,199 So we, uh, it takes some 1447 00:55:12,200 --> 00:55:14,209 effort to find the situation. 1448 00:55:14,210 --> 00:55:15,650 So if lots of 1449 00:55:16,940 --> 00:55:19,459 lots of, uh, uh, 1450 00:55:19,460 --> 00:55:21,549 opportunity to find 1451 00:55:21,550 --> 00:55:23,809 find situations where you can leak data, 1452 00:55:23,810 --> 00:55:25,639 but it's really difficult. 1453 00:55:25,640 --> 00:55:27,979 Uh, now it just 1454 00:55:27,980 --> 00:55:30,119 takes time to find 1455 00:55:30,120 --> 00:55:32,359 the right find the right 1456 00:55:32,360 --> 00:55:34,429 circumstances because it's just 1457 00:55:34,430 --> 00:55:35,749 so much you can explore. 1458 00:55:35,750 --> 00:55:37,580 So it's so we didn't 1459 00:55:38,720 --> 00:55:40,939 find, uh, so we didn't 1460 00:55:40,940 --> 00:55:43,189 look for, uh, um, 1461 00:55:43,190 --> 00:55:45,319 a situation where we could leak 1462 00:55:45,320 --> 00:55:46,289 keys. 1463 00:55:46,290 --> 00:55:48,659 Uh, so I wouldn't say it's, 1464 00:55:48,660 --> 00:55:50,779 uh, uh, 1465 00:55:50,780 --> 00:55:52,909 impossible. I do think that 1466 00:55:52,910 --> 00:55:55,429 some that some crypto, 1467 00:55:55,430 --> 00:55:57,769 uh, applications really, 1468 00:55:57,770 --> 00:55:59,929 uh, try to, 1469 00:55:59,930 --> 00:56:02,929 uh, not keep, uh, 1470 00:56:02,930 --> 00:56:04,969 private keys in memory longer than 1471 00:56:04,970 --> 00:56:05,839 needed. 1472 00:56:05,840 --> 00:56:08,359 So, uh, 1473 00:56:08,360 --> 00:56:09,469 I wouldn't know. 1474 00:56:09,470 --> 00:56:11,659 Maybe you can try and find 1475 00:56:11,660 --> 00:56:12,829 out. 1476 00:56:12,830 --> 00:56:14,749 I think you could write. 1477 00:56:14,750 --> 00:56:16,399 And then we have a last question over 1478 00:56:16,400 --> 00:56:16,579 here. 1479 00:56:16,580 --> 00:56:18,379 Please, maybe. 1480 00:56:18,380 --> 00:56:20,599 Do you have some advice for the Linux 1481 00:56:20,600 --> 00:56:22,309 kernel programmers? I think in the 1482 00:56:22,310 --> 00:56:24,469 second, um, example, 1483 00:56:24,470 --> 00:56:27,709 you said, for example, the 1484 00:56:27,710 --> 00:56:29,449 application used I think it was Windows 1485 00:56:29,450 --> 00:56:30,679 Ten was better. 1486 00:56:30,680 --> 00:56:33,109 They did first copy 1487 00:56:33,110 --> 00:56:35,869 the page to be depicted in a free speech 1488 00:56:35,870 --> 00:56:37,969 and then pointed the two 1489 00:56:37,970 --> 00:56:40,429 pages to be duplicated there. 1490 00:56:40,430 --> 00:56:42,679 And in Ubuntu, it 1491 00:56:42,680 --> 00:56:44,989 was that they just point one page 1492 00:56:44,990 --> 00:56:47,329 to the other and not drop the page. 1493 00:56:47,330 --> 00:56:49,939 So the Microsoft approach is here 1494 00:56:49,940 --> 00:56:51,129 more safe? 1495 00:56:51,130 --> 00:56:53,149 It says. So I don't know if they were 1496 00:56:53,150 --> 00:56:56,209 aware of this, but in this case, 1497 00:56:56,210 --> 00:56:58,429 maybe they were. I don't know 1498 00:56:58,430 --> 00:56:59,539 in this case. 1499 00:56:59,540 --> 00:57:01,369 And there are certainly some approaches 1500 00:57:01,370 --> 00:57:03,020 are, uh, 1501 00:57:04,100 --> 00:57:06,349 are make it harder and some approaches 1502 00:57:06,350 --> 00:57:07,489 make it easier. 1503 00:57:07,490 --> 00:57:09,979 Uh, of course, the the relocation doesn't 1504 00:57:09,980 --> 00:57:11,929 prevent us from leaking data, but it 1505 00:57:11,930 --> 00:57:12,989 would help. 1506 00:57:12,990 --> 00:57:15,079 Uh uh, 1507 00:57:15,080 --> 00:57:16,219 yeah. 1508 00:57:16,220 --> 00:57:18,409 Would help maybe 1509 00:57:18,410 --> 00:57:20,929 with with, uh, making it 1510 00:57:20,930 --> 00:57:22,519 harder. Although we also have 1511 00:57:23,600 --> 00:57:25,729 our group has a paper 1512 00:57:25,730 --> 00:57:28,789 on, uh, on Rosmer 1513 00:57:28,790 --> 00:57:30,979 on Android where we don't make use 1514 00:57:30,980 --> 00:57:33,769 of the application, but whether 1515 00:57:33,770 --> 00:57:36,949 we make use of a different, 1516 00:57:36,950 --> 00:57:39,320 uh, mechanism in order to control 1517 00:57:40,460 --> 00:57:42,589 where memory pages 1518 00:57:43,610 --> 00:57:46,609 are, uh, get 1519 00:57:46,610 --> 00:57:48,519 relocated. So yeah. 1520 00:57:48,520 --> 00:57:50,869 From Rehema, we can't do anything because 1521 00:57:50,870 --> 00:57:53,029 we have to we would have to change 1522 00:57:53,030 --> 00:57:55,159 the memory architecture, but 1523 00:57:55,160 --> 00:57:57,619 maybe you can publish some 1524 00:57:57,620 --> 00:57:59,689 advices. What what you do better with, 1525 00:57:59,690 --> 00:58:00,860 for example, memory. 1526 00:58:01,880 --> 00:58:04,009 What do you found you for in your 1527 00:58:04,010 --> 00:58:06,059 research is just an idea? 1528 00:58:07,820 --> 00:58:09,889 Yeah, so so there 1529 00:58:09,890 --> 00:58:12,299 are some, uh, mitigations. 1530 00:58:12,300 --> 00:58:15,139 Uh, uh, we don't know. 1531 00:58:15,140 --> 00:58:17,719 So my but they always have 1532 00:58:17,720 --> 00:58:20,329 some performance penalty drawbacks. 1533 00:58:20,330 --> 00:58:22,579 And so I 1534 00:58:22,580 --> 00:58:24,139 don't know whether they will be 1535 00:58:24,140 --> 00:58:25,369 implemented because. 1536 00:58:25,370 --> 00:58:27,529 Or are, uh, 1537 00:58:27,530 --> 00:58:29,779 standards. Uh, yeah. 1538 00:58:29,780 --> 00:58:31,879 And uh, so you 1539 00:58:31,880 --> 00:58:33,079 know. 1540 00:58:33,080 --> 00:58:35,449 OK, sorry, we have to 1541 00:58:35,450 --> 00:58:37,579 cut it. Thank you so much. 1542 00:58:37,580 --> 00:58:40,009 So please help me thank Antonio 1543 00:58:40,010 --> 00:58:41,109 for a wonderful demonstration.