[Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"
Georgi Guninski
guninski at guninski.com
Sat Sep 3 01:49:35 EDT 2016
On Fri, Sep 02, 2016 at 10:56:10AM -0400, Jerry Leichter wrote:
> > Why bother with patching public keys, making them amenable to
> > factorization, if you can patch executable code instead?
> >
> > If you can target executable code (and I see why not, it's all the
> > same to KSM), it is very clear that there cannot be a software-only
> > defense....
> The technique cannot be aimed exactly: You can flip some unpredictable, uncontrollable subset of the bits in a word. (The vulnerability of particular bits is dependent on physical variations in the memory cells.)
>
...
> Attacks against the executable code are certainly the worst case, and you might be able to find security-sensitive but very rarely executed code to attack. But this is likely much harder to pull off than the attack outlined here.
>
Flipping random bits in a word at chosen location is very powerful primitive.
I am taking bets that it is moderately easy to exploit via many vectors.
Flipping random bits of zero word make it nonzero.
In a boolean context, this flips False and True, screwing the logic.
eg in:
if(is_root || is_authorized) give_em_power();
else drop_em();
More information about the cryptography
mailing list