[Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"
Florian Weimer
fw at deneb.enyo.de
Sat Sep 3 05:25:55 EDT 2016
* Jerry Leichter:
>> Why bother with patching public keys, making them amenable to
>> factorization, if you can patch executable code instead?
>>
>> If you can target executable code (and I see why not, it's all the
>> same to KSM), it is very clear that there cannot be a software-only
>> defense....
> The technique cannot be aimed exactly: You can flip some
> unpredictable, uncontrollable subset of the bits in a word.
That's not what the paper claims:
| The end-to-end attack allows the attacker to flip a bit of choice in
| data of choice anywhere in the software stack in a controlled
| fashion.
(Section 2.)
| At this stage, FFS already provides the attacker with templated bit
| flips over the victim’s physical memory pages with known (or
| predictable) contents.
(Section 2.3.)
Even if the choice of offsets is somewhat limited based on the
underlying hardware defect, there is so much machine code involved in
typical security and policy checks that I expect you'd find
*something* which is usable. It could be a the condition code in a
branch, the offset of a branch or call, a comparison with a magic
constant, or testing a different register for a zero value.
More information about the cryptography
mailing list