对 Linux 内核中安全关键内核对象的位置进行去随机化.pdf

1、S C I E N C EPA S S I O NT E C H N O L O G YDerandomizing the Location of Security-CriticalKernelObjectsintheLinuxKernelLukas MaarLukas GinerDaniel GrussStefan MangardAugust 6-7,2025Briefingsisec.tugraz.atAboutTLB-basedlocationdisclosureattacksTimingsidechannel:TLB Evict+ReloadLeakage Amplification:

2、Exploits allocator and defense behaviorAttack:Reliable kernelexploitationDemo:Showsleakage andexploitation1Lukas MaarLukasGinerhttps:/lukasmaar.github.io/AboutTLB-basedlocationdisclosureattacksTimingsidechannel:TLBEvict+ReloadLeakage Amplification:Exploits allocator and defense behaviorAttack:Reliab

3、le kernelexploitationDemo:Showsleakage andexploitation1Lukas MaarLukasGinerhttps:/lukasmaar.github.io/AboutTLB-basedlocationdisclosureattacksTimingsidechannel:TLBEvict+ReloadLeakageAmplification:Exploits allocator and defense behaviorAttack:Reliable kernelexploitationDemo:Showsleakage andexploitatio

4、n1Lukas MaarLukasGinerhttps:/lukasmaar.github.io/AboutTLB-basedlocationdisclosureattacksTimingsidechannel:TLBEvict+ReloadLeakageAmplification:Exploits allocator and defense behaviorAttack:Reliable kernel exploitationDemo:Showsleakage andexploitation1Lukas MaarLukasGinerhttps:/lukasmaar.github.io/Abo

5、utTLB-basedlocationdisclosureattacksTimingsidechannel:TLBEvict+ReloadLeakageAmplification:Exploits allocator and defense behaviorAttack:Reliable kernel exploitationDemo:Shows leakage and exploitation1Lukas MaarLukasGinerhttps:/lukasmaar.github.io/WhoAreWe?Lukas MaarPhD candidateat Graz University of

6、 TechnologySystem SecurityKernel SecuritySide-Channel SecurityLooking for a job(end 2025)LukasGinerPhDSecure Cache ArchitecturesMicroarchitectural AttacksGPU SecurityLooking for a job(now)2Lukas MaarLukasGinerhttps:/lukasmaar.github.io/MotivationPriorKernelExploitationUser SpaceKernelSpace./exploitT