Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced timing side-channel attacks that compromise kernel security by derandomizing memory locations in the latest Linux kernel systems. Learn about two distinct attack methodologies presented by security researcher Lukas Maar: a software-induced attack exploiting timing differences in kernel hash table access patterns, and a hardware-induced attack targeting the Translation Lookaside Buffer (TLB) CPU cache. Discover how these attacks reveal critical memory layout information necessary for modern kernel exploits, including the first side-channel attack enabling location disclosure on the Linux kernel heap. Examine the root cause analysis of both vulnerabilities, understanding how kernel hash table design inherently enables information leakage and how certain kernel defense mechanisms unintentionally facilitate TLB-based exploits. Follow the demonstration of an end-to-end attack scenario where an unprivileged user successfully leaks locations of security-critical kernel objects on an up-to-date Ubuntu Linux kernel, including kernel heap allocations, page tables, and kernel stack locations.
