 Using Memory Errors to Attack a Virtual Machine
started 5/15/2003; 2:28:50 AM - last post 5/19/2003; 9:31:57 PM
|
|
Ehud Lamm - Using Memory Errors to Attack a Virtual Machine 
5/15/2003; 2:28:50 AM (reads: 1682, responses: 5)
|
|
| Using Memory Errors to Attack a Virtual Machine |
|
Using Memory Errors to Attack a Virtual Machine. Sudhakar Govindavajhala and Andrew W. Appel, 2003 IEEE Symposium on Security and Privacy, (to appear) May 2003.
We present an experimental study showing that soft
memory errors can lead to serious security vulnerabilities
in Java and .NET virtual machines, or in any system that
relies on type-checking of untrusted programs as a protection
mechanism. Our attack works by sending to the JVM
a Java program that is designed so that almost any memory
error in its address space will allow it to take control
of the JVM. All conventional Java and .NET virtual machines
are vulnerable to this attack. The technique of the
attack is broadly applicable against other language-based
security schemes such as proof-carrying code.
Maybe this item should be in the fun category...
Posted to general by Ehud Lamm on 5/15/03; 2:32:33 AM
|
|
|
|
Toby Reyelts - Re: Using Memory Errors to Attack a Virtual Machine
5/15/2003; 9:00:25 AM (reads: 626, responses: 0)
|
|
|
I don't understand what is particularly exciting about this. There is obviously nothing you can do to protect software from the machine on which it executes. This should be an age-old, well-understood fact.
|
|
Ehud Lamm - Re: Using Memory Errors to Attack a Virtual Machine
5/19/2003; 11:45:19 AM (reads: 476, responses: 0)
|
|
|
|
Tim Sweeney - Re: Using Memory Errors to Attack a Virtual Machine
5/19/2003; 2:30:04 PM (reads: 460, responses: 1)
|
|
|
Using Baseball Bats to Attack a Virtual Machine.
|
|
Ehud Lamm - Re: Using Memory Errors to Attack a Virtual Machine
5/19/2003; 2:33:04 PM (reads: 489, responses: 0)
|
|
|
Are these virtual baseball bats?
|
|
Paul Snively - Re: Using Memory Errors to Attack a Virtual Machine
5/19/2003; 9:31:57 PM (reads: 447, responses: 0)
|
|
|
Artificially-elevated entropy levels cause computer instructions to change! Film at 11!
This reminds me of a John Allen Paulos bit about sensationalism in the form of warning labels on products, when what's actually being said may be quite commonplace. He gives a joking example: "Warning: this object attracts all other objects in the universe with a force inversely proportional to the square of the distance between them!" I nearly bust a gut.
Tim, good to see you here again. Thanks again for the UnrealScript compiler; I'm definitely learning a lot from it, and if you follow the Spirit general mailing list at all, you'll see a lot of stupid questions from me there that are driven by my efforts to craft what I'm calling a QuasiScript compiler using Spirit. At some point I hope that you will follow up on your earlier comments about UnrealScript and game scripting in general, and hopefully also fill us in a bit more about your current language-design explorations.
|
|
|
|