Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking Multicore CPUs

Posted by CmdrTaco on from the i-just-use-a-mallet dept.

Ant writes "The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a carefully written exploit can attack in the window when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..."

3 of 167 comments (clear)

  1. Again? by DeHackEd · · Score: 5, Informative

    Looks like a variation (or maybe a dup) of this.

  2. Re:Fast? by Anonymous Coward · · Score: 5, Informative

    "No, such a difficult and obscure attack is not something that is priority one"

    Thread one sends a command to the OS and knowing that it will take time x to complete

    Thread two waits (x-d) before overwriting the buffer used to store the command (after the OS has checked it for validity, but before the OS has actually processed it)

    what's obscure about that?

  3. Er, that's an OLD attack by davecb · · Score: 5, Informative

    It works on any multiprocessor, including an
    IBM 360/168 mainframe, where I first encountered it.

    --dave

    --
    davecb@spamcop.net