Attacks on bypass channels: now not only PCs, but also smartphones are under attack (analytical review)

Although mobile devices are becoming more and more in demand, and attacks on cache memory through bypass channels (hereinafter referred to as cache attacks) are the most powerful way to hack modern microprocessor electronics, until 2016 there were only a few publications about the applicability of these attacks to smartphones . Moreover, these early publications were limited to the consideration of attacks on the AES-table and did not affect the more modern methods of inter-core attacks: Prime + Probe [6], Flush + Reload [6], Evict + Reload [7], Flush + Flush [8], Rowhammer [ 9]. In addition, until 2016, it was believed that the internuclear cache attacks could be carried out only on Intel and AMD platforms, however, they were recently implemented for ARM platforms (on smartphones and other mobile devices). [6]

In recent years, there has been a rapid surge of interest from cybersecurity experts - to cache attacks on smartphones. This article is an analytical review of the main discoveries in this area from 2015 to 2017.

- History of bypass channels
- What is so unique cache attacks on ARM
- Varieties of cash attacks
- - Evict + Time
- - Prime + Probe
- - Flush + Reload
- - Evict + Reload
- - Flush + Flush
- - AnC
- Rowhammer effect
- Deduplication of system memory
- Pseudo-isolation of the operating system kernel
- Inter-core and interprocessor covert channels

As for cache attacks on AES-tables, despite the fact that it has been known for quite some time that these attacks are possible , the vulnerable implementation of AES-tables is still used as a de facto standard; including modern embedded crypto devices such as SIM cards. For example, in 3G / 4G networks, the MILENAGE authentication algorithm based on AES is used. Its compromise allows you to clone USIM cards and eavesdrop on conversations. So cache attacks on bypass channels are relevant for both SIM-cards (used to access the 2G network) and USIM-cards (used to access 3G / 4G networks). In 2015, the “Power Attack Differential Attack” (DPA) was described - an attack that recovers encryption keys (used by the MILENAGE algorithm) and other USIM card secrets in just a few minutes. [3]

Bypass History

As software becomes more complex and as the number of advanced software defenses increases, the system-level hacking of the system — in particular, the use of cache attacks through bypass channels — is becoming an increasingly attractive alternative. These attacks are based on vulnerabilities found in the processor interaction architecture with memory. [four]
In 1985, a technology was introduced to read information from video displays, by measuring the electromagnetic interference induced by them [10]. Based on this technology, in 2014 a keylogger was developed - built on the basis of a smartphone and a radio antenna. [12]
In 1996, it was shown that by carefully measuring the amount of time spent on performing operations with secret keys, various cryptographic systems, such as the DES cipher, can be cracked. In 2016, an attack on bypass channels on an encryption device using advanced elliptic cryptography was first demonstrated; during the attack, a secret descramble key was extracted from the target device in another room. [13]
In 1997, the “Differential Distortion Method” (DFA) was introduced - an attack that uses various models of micro-disruption, as well as various cryptanalysis methods; to recover secret parameters from smart cards and other devices protected from unauthorized access. [11] Having physical access to the device, it is possible to change the supply voltage, clock frequency; or environmental conditions (temperature, etc.) - to make the smart card malfunction. Moreover, malfunctions of equipment can be provoked - even by program intervention only; and therefore it can be done in remote access mode.
In 2014, an attack was demonstrated on the cache bypass channels; this attack uses information leaks caused by the difference in data access time, depending on whether they are in the cache or not; so this attack makes it clear with what data the code under investigation has recently operated. During this attack, the full recovery of AES keys was demonstrated. [9] A little later, in 2015, it was shown that cache bypass channels can be used not only to attack cryptographic systems, but also to collect information about keystrokes. [14]
In 2014, it was demonstrated that accessing the same memory cell, performed at a high frequency, can provoke spontaneous bit switching in DRAM chips (the Rowhammer effect). [9] Since DRAM is scaled to the smallest size, preventing electrical interference between individual cells is not easy. That is why the activation of a certain line from memory leads to the distortion of data in adjacent lines.
In 2015, it was demonstrated that the Rowhammer effect can be used to elevate privileges to the superuser. [15] In the same year, it was demonstrated that spontaneous bit switching can even be triggered by Java code uploaded to a website. [7] Initially, this scenario was implemented only for Intel and AMD systems using DDR3 and DDR4 modules. [16, 17] However, in 2016, this attack was also demonstrated on ARM platforms. [1] In the same year, it was shown that cache attacks can also be used to monitor cache activity in TrustZone. [one]
In 2016, “reverse engineering” was carried out for the DRAM addressing functions commonly used in modern smartphones. As a result, additional ways to switch bits, which are available for implementation on millions of Android devices, were discovered, without the need to work in a privileged mode. [one]
In 2016, an attack on the last level of the ARM processor's cache was first demonstrated. This attack can be implemented for inter-core and inter-processor cache attacks on bypass channels. [one]

What is so unique cache attacks on ARM

Attack methods such as Flush + Reload and Flush + Flush use an unprivileged x86 reset instruction clflush to remove a data line from the cache. However, with the exception of ARMv8-A processors, ARM platforms do not have unprivileged cache flush instructions; therefore, in 2016, an indirect method of cache crowding was proposed using the Rowhammer effect. [one]
For a successful cache attack, you need information such as the exact time of the memory cell access cycle. Early cache attacks used system performance counters for this purpose, but this method is ineffective, since these counters are available on ARM processors only in privileged mode. However, in 2016, three alternative sources of synchronization were proposed, which are also available in the non-privileged mode. [1] One of them is the launch of a parallel synchronization thread that continuously increments a global variable. Reading the value of this variable, an attacker can measure the cycle time for accessing a memory cell.
In addition, the so-called ARM processors operate. pseudo-random replacement policy, as a result of which the expulsion from the cache is less predictable than in Intel and AMD processors. Nevertheless, in 2016, an effective cache attack was demonstrated even in such noisy conditions - for three smartphones: “OnePlus One” (using “Snapdragon 801 SoC” with the “Krait 400” processor of the ARMv7-A architecture), “Alcatel One Touch Pop 2 ”(uses the“ Snapdragon 410 SoC ”with the CortexA53 processor of the ARMv8-A architecture),“ Samsung Galaxy S6 ”(uses the“ Samsung Exynos 7 Octa 7420 SoC ”with the two“ ARMv8-A ”processor clusters). [one]

Varieties of cache attacks

In general, the cache attack on the bypass channels can be divided into three stages: 1) identification of the micro-architectural signal “trickle-through” from the “untight” electronic system; Typical examples of such percolating micro-architectural signals are the power consumption and electromagnetic radiation of integrated circuits. [2, 3]; 2) monitoring and analysis of this signal during system operation; 3) identification of patterned differences microarchitectural signal. [2]
Evict + Time. The basic idea is to determine which sets of caches the victim program accesses. Algorithm: 1) measure the time of the victim program; 2) oust a certain part of the cache; 3) measure the execution time of the victim program again. Using the time difference between the two dimensions, you can determine how long a certain portion of the cache was used by the victim at run time. In 2010, a powerful type of attack based on Evict + Time was demonstrated - against AES on OpenSSL; without the need for open and encrypted texts. [18, 19]
Prime + Probe. This method - just like the previous one - allows an attacker to determine which sets of caches the victim program accesses. Algorithm: 1) fill in a certain part of the cache; 2) transfer control to the victim program; 3) determine which part of the filled cache still belongs to us. This can be done by measuring the access time to the addresses that the attacker used to fill the cache in the first stage. So if the victim program uses addresses mapped to the same cache areas as the attacker, then it will force the attacker to get the data from the cache; and the attacker can track it in the third stage. In [19], an attack using this mechanism was demonstrated — on OpenSSL AES and Linux dm-crypt. In 2015 [20], it was demonstrated how using Prime + Probe you can mount an inter-core and inter-virtual hidden channel, and then attack ElGamal in GnuPG. In the same year, a successful attack on the implementation of OpenSSL AES in a cloud environment was demonstrated. [21]
Flush + Reload. In 2011 [22], it was shown how clflush can be used to attack AES. Clflush is used to force a monitored memory cell out of cache; with a subsequent check whether this cell was re-loaded into the cache after the victim program executed a small number of instructions. Algorithm: 1) Project a binary (for example, a shared object) into its address space (using an appropriate system call, such as mmap); 2) displace the cache line (code or data) from the cache; 3) transfer control to the victim program; 4) check whether this cache line (from item 2) was loaded by the victim program (this check is carried out by measuring the access time to the memory cell). In 2014, the full recovery of the AES secret key in the VMWare virtual machine was demonstrated using a Flush + Reload cache attack. [23] In the same year, the restoration of the secret key of the OpenSSL ECDSA algorithm (an algorithm of digital signatures based on elliptic curves) was demonstrated by the same attack. [24] In 2015, the system mechanism “memory deduplication” was compromised through the Flush + Reload attack; resulting in the possibility of unauthorized communication between virtual machines running on a shared physical machine. [25] In the same year, it was demonstrated how to use Flush + Reload to obtain information about which cryptographic libraries are used by different virtual machines running on a common physical machine. [26] In 2015, it was also shown that in addition to the attack on cryptographic systems, the Flush + Reload method can also be used for keylogger. [14]
Evict + Reload. It was presented in 2015 [14]. Uses Flush + Reload for crowding - instead of pushing instructions. Although this attack for x86 does not have a practical meaning (since no privileges are needed to perform clflush), for ARM processors it is very relevant (since there such instruction is available only in privileged mode). The essence of Evict + Reload lies in the fact that in order to displace the desired cell from the cache, we fill the cache memory with a large number of interconnected addresses, as a result of which the mechanism responsible for displacement itself decides to force out the cache cell we need. In addition, in 2016, it was shown that an efficient and fast preemption strategy can initiate spontaneous bit switching in adjacent lines of DRAM modules (as a result of repeated access to the same memory line) by means of JavaScript applets. [24] Thus cache attacks are no longer dependent on privileged cache flush instructions, like clflush.
Flush + Flush. Flush + Reload and Prime + Probe attacks trigger numerous cache accesses that can be measured (via system performance counters). The Flush + Flush attack, introduced in 2015, is based on these observations. [8] The attack is almost the same as Flush + Reload. Binary or shared file object - is displayed in the attacker's address space. The memory cell is pushed out of the cache, and control is transferred to the victim program. However, instead of the reboot stage, where the cell is accessed, the cell we are watching for is replaced again; without causing blunders, in comparison with Flush + Reload or Prime + Probe. So it is easy to distinguish whether a memory cell is cached or not.
AnC. This is a newer modification of the “Evict + Time” cash attack, introduced in 2017. [4] The distinctive feature of AnC is that this cache attack relies on the analysis of cached page tables, which are used in most modern processors (Intel, AMD, ARM). [4] Today, at the core of any processor is a “memory management unit” (MMU), which simplifies the management of available physical memory — through its virtualization; for later use by multiple processes. The MMU uses the “Page Table” data structure to map virtual and physical memory cells. “Page Tables” is an attractive target for hardware attacks. For example, spontaneous switching of just one bit (caused by the Rowhammer effect) in the “page table” may be sufficient for the attacker to gain control over the physical memory address to which he should not receive access; and this may be enough to gain superuser privileges. [four]

Effect rowhammer

A separate DRAM chip has a negligible capacity, and therefore several chips are connected together on the same board - in order to form a so-called DRAM-series. A single DRAM memory module may contain one or more DRAM series. The DRAM chip consists of a two-dimensional array of cells. Each DRAM cell is a capacitor; 0 and 1 is the charged or discharged state of the capacitor. Each cell in the grid is connected to an adjacent cell by a wire. If any cell is activated, then the voltage is applied both to its capacitor, and to all other capacitors of the same line. As the memory cells become smaller and smaller and closer to each other as technological progress occurs, the interference caused by the activation of a line of memory very often affects the charges of the capacitors of adjacent rows. In 2014, it was demonstrated [9] that frequent access to the same DRAM memory cell leads to the Rowhammer effect — spontaneous bit switching. This effect can be used to enhance privileges (for example, to exit the security sandbox [15]); it can be implemented as a result of the execution of unprivileged JavaScript code located on the website.
In order to “hammer” a certain memory cell, an attacker needs to find two addresses in the same DRAM bank - but in different lines. Certain bits of the address are used to select a line, channel, and memory location bank. However, how the sampling function works is not documented. Therefore, in 2015 [27], a mechanism for the full automation of reverse engineering of the corresponding function was introduced; using the fact that "string conflicts" lead to an increase in memory access time. The essence of the approach used is to search for addresses that are matched with the same DRAM bank, but on a different line; by repeatedly measuring the access time to two random addresses. For some pairs of addresses, access time is higher than for others - this means that they belong to different lines, but to the same bank. These addresses are then grouped into sets having the same channel, row and bank. These identified addresses are then used to reconstruct the addressing function, by generating all linear functions and applying them to all addresses from an arbitrarily chosen subset. So since the search space is small, the brute force brute force method is very effective here. [one]
The first implementations of attacks using the Rowhammer effect relied either on probabilistic methods (because of which an unplanned system collapse could have occurred during the attack); or specialized memory management functions: memory deduplication, MMU paravirtualization, pagemap interface. However, similar functions on modern devices are either not available at all, or are disabled for security reasons. [thirty]
Therefore, in 2016, the Drammer attack was presented - free from the listed disadvantages and limitations. It relies only on the existing capabilities of modern operating systems that are available without superuser rights. In particular, on the predictable behavior of the physical memory distribution subsystem. This predictability is used to achieve the distribution of physical memory (in which confidential data will be processed, such as tables of memory pages) in a vulnerable location chosen by the attacker. The corresponding method of “massaging memory” was called Phys Feng Shui. To demonstrate the performance of the Drammer attack, an exploit implementation is given that gives access to the root directory for an Android device. This exploit can be launched by any application without special permission; and without exploiting any software vulnerabilities. [thirty]
So using the example of the Drammer attack, it was shown that attacks using the Rowhammer effect are applicable not only to personal computers (working on Intel and AMD processors), but also to mobile phones (working on ARM processors); This demonstration showed that modern software methods of protection against this attack are ineffective and useless. [thirty]
In 2016, the Flip Feng Shui (FFS) memory massage technique was introduced - a new vector of exploitation of the Rowhammer effect, which allows an attacker to initiate predictable bit jumps in an arbitrary location of physical memory; and have full control over this process; even in the complete absence of vulnerabilities in the attacked software. As part of the demonstration of the FFS methodology, the update mechanism used by the Ubuntu / Debian operating systems was compromised. [31]
In 2017, it was demonstrated that modern MLC NAND flash memory modules that are widely used in solid-state SSD drives are also subject to an attack using the Rowhammer effect. As a result of an attack on these media, an attacker could damage the data on them. And just by reading only - without writing requests. [five]

Deduplication of system memory

Content-oriented deduplication subsystem scans all system memory for identical physical memory pages; and sticks them together into one physical page. This mechanism can improve system performance when system memory is limited; for example, for smartphones or servers with a large number of virtual machines. [one]
Shared memory (the pre-image of deduplication) is a common area of memory that can be accessed by several programs to exchange data or avoid redundant copies of duplicate program code in memory. Shared libraries reduce the amount of memory used and increase speed (by reducing the competition for the cache - because the code is one, and it is not necessary to displace it). Among other things, the shared memory mechanism allows you to implement the plugin mechanism — when the program functions are not set by a single executable file, but can also be loaded from other places. In the operating system kernel, the shared memory mechanism is implemented by associating the same physical memory area — with virtual address spaces of different processes. [one]
Memory deduplication is a well-known technology for reducing the amount of memory used in virtual machines; now also the default is used in Windows 8.1 and 10. The deduplication subsystem projects several identical copies of physical pages of memory onto one shared copy, with access in “copy-on-write” mode. As a result, when reading requests - each process receives data from the same page. If a process wants to write data, then before it can do this, a separate copy of the page is created for it. As a result, writing to a shared page causes a “page fault,” and therefore writing to a shared page is much slower than writing to a regular page. An attacker capable of creating pages on the target system can use this time difference to detect the existence of pages of interest. [35]
In 2016, it was demonstrated how, through an attack on a detour channel to the deduplication subsystem, an attacker could read any data from the system memory. For this were presented three techniques. First, it was shown how, thanks to the ability to control the alignment of data in memory, confidential information can be superimposed on known content; and then perform byte-based disclosure of sensitive data (for example, randomized 64-bit pointers). Secondly, it was shown how even without the ability to control the alignment, but with the ability to partially overwrite the data, the attacker can still achieve byte-by-by-disclosure of confidential data. Third, it was shown that even when it is not possible to control the alignment of memory and partially overwrite data, byte-by-by-disclosure of confidential information is still possible - by encouraging the target process to create a large number of interconnected pages. [35]
To demonstrate these three attacks on a detour channel bypass, a valid JavaScript attack was introduced on the new Microsoft Edge browser - in the absence of software errors and with all available defenses active. As a result of this attack, the attacker gets full access to the address space of the browser; with the ability to read and write data. In addition, using the example of the popular ngnix web server, it was demonstrated how using the same technique, you can capture all system memory: get out of the browser's isolated environment and attack any other independent process running on the same system. [35]
So expanding the functionality of operating systems leads to an ever-expanding surface of possible attacks. Even at first glance, harmless functions, such as memory deduplication, in the hands of an advanced attacker can entail fatal consequences. [35]

Pseudo-isolation of the operating system kernel

ASLR (pseudo-random address space allocation) hides confidential information (shadow stacks and hidden regions) in a random place in a very extensive address space. Much of the “derandomizing” attacks rely on complex implementations of bypass channels, or probing the areas of the displayed memory. If we assume that there are no weak points in the implementation of “hidden regions”, then these attacks usually lead to numerous system failures and other visible side effects. For this reason, many researchers believe that pseudo-isolation using ASLR is still quite strong. [33]
However, in 2016, a powerful method of hacking ASLR and finding hidden regions on 32-bit and 64-bit Linux platforms, using a very small number of “malicious manipulations”, was introduced. The originality of the proposed technique lies in the fact that instead of accessing the allocated memory areas, it operates with an unallocated address space — by repeatedly allocating large chunks of memory. Such manipulations allow an attacker to determine the location of hidden regions. So ASLR is no longer a strong defense. [33]
Modern operating system kernels use ASLR - to protect the operating system from attacks that rely on knowledge of virtual addresses, in particular, so-called “Reciprocating Programming” (ROP). This is necessary because the kernel code, as well as the code of user programs, contains errors that can be used to undermine the system security. Therefore, modern operating systems are trying to isolate the kernel code from the user space. [37]
In May 2017, the KAISER protection system was introduced, which claims to reliably isolate the kernel of the operating system from the user address space. But despite marketing assurances, clothed in technically convincing arguments, it does not in fact solve the problem, since it functions at the program level. [37] In particular, KAISER cannot counteract the attack on the BTB (target branch buffer) introduced in 2016. [36]
In 2016, a branch buffer attack (BTB) was presented. BTB index relies on the 30 least significant bits of the virtual address. Just like in the already presented cache attacks, the attacker occupies parts of the BTB — by successively carrying out several transition instructions. If the kernel of the operating system uses virtual addresses, with the same 30-bit values as the attacker, this selected sequence of commands will take longer. , , . BTB- . , Intel Skylake (Intel Skylake i7-6700K), . . [36]
2017 , , - . [34]

. - – , . , . [29]
- - – ; Flush+Reload, Evict+Reload Flush+Flush. - . «» « ». Android , , – ; (. [28]). So .
, - . – . , - , , , . [1] ; ; « » « », ; . - TCP .
2017 , SSH, (45 /); . SSH-, , , telnet-. [29]
2015 , . – ( , ), . . [32]
, . . -, ; , ; .. , . -, ( ). [32]
, , (16 ). , « » Intel Xeon ( 8 ) 12,5/. 5 4 . [32]
2015 , . , , – . [32]
In 2016, a new implementation of the covert channel on Android was presented, which works 250 times faster than any other previously proposed implementation. [one]

Bibliography

1. Moritz Lipp, Daniel Gruss. ARMageddon: Cache Attacks on Mobile Devices // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 549-564.
2. Robert Callan. A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events // 47th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Pages 242-254, December 2014.
3. Junrong Liu. Small Tweaks do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G/4G USIM Cards. BlackHat 2015.
4. Herbert Bos, Ben Gras. Reverse Engineering Hardware Page Table Caches Using Side-Channel Attacks on the MMU . 2017.
5. Yu Cai, Saugata Ghose. Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques // 23rd IEEE Symposium on High Performance Computer Architecture, Industrial session, February 2017.
6. Falkner Katrina. Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack // Proceedings of the 23rd USENIX Security Symposium. 2014. pp. 719–732.
7. Gruss Daniel, Maurice Clementine M angard, Stefan. Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript . 2016.
8. Gruss Daniel, Wagner Klaus. Flush+Flush: A Stealthier Last-Level Cache Attack . 2015
9. Kim Yoongu, Daly Ross. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors // Proceeding of the 41st Annual International Symposium on Computer Architecuture. Piscataway, NJ, USA: IEEE Press, 2012 (ISCA '14).
10. Eck Wim. Electromagnetic radiation from video display units: An eavesdropping risk? // Computers and Security. No. 4, 1985. pp. 269-286.
11. Biham Eli, Shamir Adi. Differential Fault Analysis of Secret Key Cryptosystem // Advances in Cryptology – CRYPTO '97 Bd. 1294.
12. Callan Robert, Zajic Alenka. A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events // Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture. 2014. pp. 242–254.
13. Genkin Daniel. ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs // Cryptology ePrint Archive, Report 2016/129.
14. Gruss Daniel. Cache template attacks: Automating attacks on inclusive last-level caches // Proceedings of the 24th USENIX Security Symposium. 2015. pp. 897–912.
15. Seaborn Mark. Exploiting the DRAM rowhammer bug to gain kernel privileges . 2015
16. Gruss Daniel. Rowhammer bitflips on Skylake with DDR4 . 2016.
17. Lanteigne Mark. How Rowhammer Could Be Used to Exploit Weakness Weaknesses in Computer Hardware . 2016.
18. Osvik Dag, Shamir Adi. Cache Attacks and Countermeasures: the Case of AES // Topics in Cryptology. 2005. pp. 1-20.
19. Tromer Eran, Osvik Dag. Efficient cache attacks on AES, and countermeasures // Journal of Cryptology. 23(1), 2010. pp. 37-71.
20. Liu Fangfei, Yarom, Yuval. Last-level cache side-channel attacks are practical // Proceedings of the IEEE Symposium on Security and Privacy Bd. 2015. pp. 605-622.
21. Eisenbarth Thomas. A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing – and its Application to AES // IEEE Symposium on Security and Privacy. 2015
22. Gullasch David, Bangerter Endre. Cache games – Bringing access-based cache attacks on AES to practice // Proceedings of the IEEE Symposium on Security and Privacy. 2011. pp. 490-505.
23. Irazoqui Gorka, Inci Mehmet. Wait a minute! A fast, cross-VM attack on AES // Lecture Notes in Computer Science Bd. 2014. pp. 299-319.
24. Yarom Yuval, Benger Naomi. Recovering OpenSSL ECDSA Nonces Using the Flush+Reload Cache Side-channel Attack // Cryptology ePrint Archive, Report 2014/140 (2014).
25. Gulmezoglu Berk, Inci Mehmet. A Faster and More Realistic Flush+Reload Attack on AES // Proceedings of the 6th international workshop on Constructive Side-Channel Analysis and Secure Design. 2015. pp. 111-126.
26. Irazoqui Gorka, IncI Mehmet. Know Thy Neighbor: Crypto Library Detection in Cloud // Proceedings of the Privacy Enhancing Technologies. 2015. pp. 25–40.
27. Pessl Peter, Gruss Daniel. Reverse Engineering Intel DRAM Addressing and Exploitation . 2015
28. Marforio Claudio, Ritzdorf Hubert. Analysis of the communication between colluding applications on modern smartphones // Proceedings of the 28th Annual Computer Security Applications Conference. 2012. pp. 51-60.
29. Clementine Maurice, Manuel Webe. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud . 2017.
30. Victor van der Veen, Lindorfer. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016. pp. 1675-1689.
31. Kaveh Razavi, Ben Gras. Flip Feng Shui: Hammering a Needle in the Software Stack // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 1-18.
32. Ramya Jayaram Masti, Devendra Rai. Thermal Covert Channels on Multi-core Platforms // Proceedings of the 24th USENIX Security Symposium. 2015. pp. 865-880.
33. Angelos Oikonomopoulos. Poking Holes in Information Hiding // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 121-138.
34. Koen Koning. No Need to Hide: Protecting Safe Regions on Commodity Hardware // Proceedings of the Twelfth European Conference on Computer Systems. 2017. pp. 437-452.
35. Erik Bosman. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector // Proceedings of the IEEE Symposium on Security and Privacy. 2016. pp. 987-1004.
36. Evtyushkin, D., Ponomarev, D. Jump over ASLR: Attacking branch predictors to bypass ASLR // Proceedings of the 49th International Symposium on Microarchitecture. 2016. pp. 1-13.
37. Daniel Gruss, Moritz Lipp. KASLR is Dead: Long Live KASLR . 2017.

Source: https://habr.com/ru/post/455310/

All Articles