Intel Transactional Synchronization Extensions (TSX) was introduced since from Haswell processor with adding hardware transactional memory support. It was originally design to speed up execution of multi-threaded software through lock elision. Every new technology has both good side and evil side, then how about TSX extension? What can we use it to do for vulnerability exploits and its defenses?
Showing posts with label exploits. Show all posts
Showing posts with label exploits. Show all posts
Saturday, November 08, 2014
Thursday, October 16, 2014
Is this a good security design in Linux kernel? -- connections between thread_info and kernel stack
In Linux kernel, thread_info is a small CPU-specific data structure that stores some low-level task data for corresponding process, it also has a pointer to task_struct, which is a processor-independent process control block data structure, e.g. scheduling, virtual memory structures.
Friday, June 13, 2014
Exploit NULL pointer dereference bug (ARM and x86)
A NULL pointer dereference occurs when a pointer with the value of 0 (NULL) is assumed to be a valid memory location, and that pointer is then accessed. A write from, or read to, the memory address 0x0 (+ small-offset) will generally reference invalid or unused memory, which typically leads to the majority of published denial-of-service (DoS) attacks both locally and remotely.
Tuesday, May 06, 2014
Introduction to Processor Hardware Security Features in x86 & ARM Architectures
x86 and ARM processors both provide many hardware enforced security features, e.g. NX (No-eXecute) for executable space protection, to help system software engineers to build a secure computing environment.
This article summaries those security features for both x86/Intel and ARM architectures, and explains how are they used by Operating System.
This article summaries those security features for both x86/Intel and ARM architectures, and explains how are they used by Operating System.
Subscribe to:
Posts (Atom)