I-PLATYPUS: uhlaselo olutsha oluchaphazela zombini i-INTEL kunye ne-AMD

Iqela le abaphandi abavela kwiYunivesithi yaseGraz yeTekhnoloji (Ostriya), ngaphambili yaziwa ngokuphuhlisa iindlela zokuhlasela ukuya MDS, NetSpectre, Throwhammer kunye neZombieLoad, yaziwe Kutshanje iindaba zokuba baphuhlise indlela yecala yokuhlasela yecala, enamakhowudi "IPLATYUSI".

Uhlaselo ivumela ukwakhiwa kwakhona kwedatha ebaliweyo ngokusekwe kulwazi olufunyenweyo ngumsebenzisi ongenalungelo elilodwa ngokusebenzisa i-RAPL yokujonga umbane kwi-Intel (CVE-2020-8694, CVE-2020-8695) kunye ne-AMD (CVE-2020-12912).

Malunga nePLATYPUS

Abaphandi Bakwazile ukubonisa ukukhutshwa kwe-Intel SGX enclave kwiqhosha labucala le-RSA isetyenziselwa ukubethela usebenzisa ithala leencwadi le-TLS mbed, Kunye nezitshixo ze-AES ezisetyenziselwa ukubethela i-AES-NI kwinqanaba le-Linux kernel.

Kwakhona, Ibonisa ukuba uhlaselo lunokusetyenziselwa ukugqitha kwiinkqubo zokhuselo kunye nokumisela iiparameter zokukhetha indawo (KASLR) ngelixa usebenzisa ubungozi obahlukeneyo.

Uhlaselo Isekwe kukuhla kwamandla e-CPU xa usenza imiyalelo ethile yeprosesa, ulungisa ii-oparesheni ezahlukeneyo, kunye nokufumana idatha kwimemori, evumela ukugweba imeko yedatha elayishiwe. Ngokungafaniyo neendlela zokuhlaselwa ezifanayo eziphuhliswe ngaphambili ezihlalutya ukuhla kwamandla ombane, I-PLATYPUS ayifuni ukufikelela ngokwasemzimbeni kwisixhobo kunye nonxibelelwano lwe-oscilloscope, kodwa ivumela ukusebenzisa i-RAPL interface (Runing Average Power Limit) iyafumaneka kwi-Intel nakwiiprosesa ze-AMD, ukuqala ngeSandy Bridge nakwiintsapho zeZen.

Sisebenzisa ithuba lokungafikeleli kwindawo yokungena kwi-Intel RAPL interface ngokuveza ukusetyenziswa kweprosesa ukufaka idatha kunye nokukhupha izitshixo ze-cryptographic.

Ingxaki ihlanganiswe yinto yokuba isakhelo samandla esongezwe kwi-kernel yeLinux ibonelela ngokufikelela kwizibali ze-RAPL kubasebenzisi abangenalungelo, okwenza ukuba kulandelwe ukusetyenziswa kwe-CPU kunye ne-DRAM. KwiWindows nakwiMacOS, uhlaselo lufuna ukufakelwa kwempahla ye-Intel Power Gadget (le phakheji ifuna ukufikelela kwilungelo).

Uhlaselo luyaphazanyiswa sisisombululo esisezantsi kakhulu, esingalinganiyo ngokuchaneka okuphunyezwe nge-oscilloscope. Ngokukodwa, i-RAPL ingathatha ukufundwa kwi-20 kilohertz kunye namaxabiso aphakathi, ngelixa i-oscilloscope inokuthatha imilinganiselo kwi-gigahertz ezininzi. Nangona kunjalo, ukuchaneka kwe-RAPL kuvele kwanele ukukhupha ulwazi kulwazi lokuhamba ngokubanzi malunga nokwenziwa kwemiyalelo ephindaphindwayo eneedatha ezahlukeneyo okanye ii-operands.

Iinkampani I-Intel kunye ne-AMD bakhuphe ikhowudi yokuqhuba ehlaziyiweyo yeLinux, apho ukufikelela kwiRAPL kuthintelwe kumsebenzisi wengcambu. Abaphuhlisi beXen hypervisor bakhuphe isisombululo esivimba ukufikelela kwiRAPL kwiinkqubo zeendwendwe.

Kwangelo xesha Izithintelo zofikelelo azonelanga kuthintela uhlaselo kwiindawo ezifihliweyo I-Intel SGX enokwenziwa ngabahlaseli abaye bafumana ilungelo elikhethekileyo kwinkqubo.

Ukukhusela kolu hlaselo, mnauNtel ukhuphe uhlaziyo lwe-microcode, ekwalungisa ukuba semngciphekweni okungaphezulu oku kunokukhokelela ekwaphuleni idatha. Lilonke, uhlaziyo luka-Intel lukaNovemba olungelelanise ukuba semngciphekweni kwama-95 kwiimveliso ezahlukeneyo.

Uluhlu olubanzi lwe Iiprosesa ze-Intel, iselfowuni kunye neeprosesa zeseva, ukuqala nosapho lweSandy Bridge, ihlaselwa.

Kwiinkqubo ezisekwe kwi-CPU ye-AMD, ujongano lweRAPL ibikade ikho ukusukela kusapho lweZen, kodwa abaqhubi beLinux kernel bavumela kuphela ukufikelela okungafumanekiyo kubalo lwe-AMD Roma CPU.

Uhlaselo lunokusetyenziswa kwiiprosesa ze-ARM, ezineenkqubo zazo zokuqokelela iimetrikhi kutshintsho lwamandla, kunye nabalawuli be-chip ye-Marvell kunye ne-Ampere babonelela ngokungenakufikeleleka kwiimvakalelo, kodwa uhlalutyo oluneenkcukacha ukubanakho ukuphumeza uhlaselo lwezixhobo ezinjalo.

Ekugqibeleni, ukuba unomdla wokwazi okungakumbi ngayo malunga nohlobo olutsha lokuhlaselwa «IPLATYUSI», unokujonga iinkcukacha Kule khonkco ilandelayo.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.