A team of five academics and security researchers has published a research paper today detailing a new side-channel attack that effective against operating systems like Windows and Linux. The novelty in this paper is that unlike many of the previous side-channel attacks, this one is hardware-agnostic, and in some cases, it can be carried out remotely. The attack is also different because it doesn’t target microarchitectural design flaws in CPUs or other computer components, but targets the operating system itself, hence the reason it is hardware-agnostic.
Commenting on the news is Craig Young, security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT):
“This is some really fascinating research. The team has demonstrated how a fundamental concept in modern OS architecture can be abused to create covert data channels between isolated processes, log keystroke timings, spy on random number generators, and generally leak information from other processes as an unprivileged user. This problem stems from overly permissive operating system designs giving unprivileged processes too much access to certain cache related system calls. The good thing is that these techniques are not rooted in hardware and can, in fact, be mostly mitigated by disallowing unprivileged use of specific system calls and limiting the disclosure of sensitive information. Microsoft has already released suggested changes through the Windows Insider Program with a public release in the first half of 2019. It is unclear what impact the increased permissions requirement may have on existing applications.”