[Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"

Jerry Leichter leichter at lrw.com
Thu Sep 1 11:33:16 EDT 2016


"We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on hardware bugs to induce bit flips over memory and on the ability to surgically control the physical memory layout to corrupt attacker-targeted data anywhere in the software stack.... Memory deduplication allows an attacker to reverse-map any physical page into a virtual page she owns as long as the page’s contents are known. Rowhammer, in turn, allows an attacker to flip bits in controlled (initially unknown) locations in the target page.

We show FFS is extremely powerful: a malicious VM in a practical cloud setting can gain unauthorized access to a co-hosted victim VM running OpenSSH. Using FFS, we exemplify end-to-end attacks breaking OpenSSH public-key authentication, and forging GPG signatures from trusted keys, thereby compromising the Ubuntu/Debian update mechanism."

https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf

                                                        -- Jerry



More information about the cryptography mailing list