Processors
Intel® Processors, Tools, and Utilities
14538 Discussions

Solutions to the AnC exploit, which defeats ASLR

FReic
Beginner
‎05-01-2017 02:26 PM
1,648 Views

Hi all,

A little while ago some researchers devised an exploit called AnC, which is described here:

https://www.vusec.net/projects/anc/ https://www.vusec.net/projects/anc/

The researchers discovered that they can figure out which 4kB pages are

in use at any time, because unfortunately Intel, AMD and ARM processors allow Page Table Entries

to be cached, providing a linkage between user processes and the virtual memory system.

Using a clever technique they can perform a walk of the page tables even using a

Javascript program.

It's a fascinating attack. Here are my questions about how to defeat AnC:

1. Can Intel microcode be updated in deployed systems to prevent PTEs

from ever being cached in the data & instruction caches?

2. If the kernel were to create decoy pages e.g. 10 for every 1 "real" page,

would that not cut down attacks sufficiently in most cases?

3. Is cache partitioning (Cache allocation technology) a solution to AnC,

as the researchers believe and do common Core CPUs offer it, or is it

just a Xeon feature?

Thanks.

0 Kudos

Link Copied

2 Replies
idata
Employee
‎05-02-2017 10:11 AM
756 Views

Hello frankr,

Please let me review your inquiry, I will keep you posted as soon as possible.

Regards,

Amy.

0 Kudos
Copy link
Ronny_G_Intel
Moderator
‎08-23-2017 01:33 PM
756 Views

Hi frankr,

I work for Intel Customer Support and I was looking at this very old post and I see that this is set up to "Assumed Answered" so I hope you got the information that you were looking for.

Unfortunately, all details about this are confidential and cannot be disclosed but please let me know if you are having a real issue related to it.

Thanks,

Ronny G

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.