Tawagar masu bincike daga Jami'ar Illinois sun ƙirƙiri sabuwar dabarar kai hari ta hanyar tashar gefe wacce ke sarrafa kwararar bayanai ta hanyar Ring Interconnect na masu sarrafa Intel. Harin yana ba ku damar haskaka bayanan amfani da ƙwaƙwalwar ajiya a cikin wani aikace-aikacen da bin bayanan lokacin maɓalli. Masu binciken sun buga kayan aikin don aiwatar da ma'auni masu alaƙa da samfura da yawa.
An gabatar da fa'idodi guda uku waɗanda zasu ba da izini:
- Mai da guda ɗaya na maɓallan ɓoye lokacin amfani da RSA da aiwatar da EdDSA waɗanda ke da rauni ga hare-haren tashoshi (idan jinkirin ƙididdiga ya dogara da bayanan da ake sarrafa). Misali, yoyon ragowa guda ɗaya tare da bayani game da farkon farawa (babu ɗaya) na EdDSA ya isa a yi amfani da hare-hare don dawo da maɓalli na sirri a jere. Harin yana da wahalar aiwatarwa a aikace kuma ana iya aiwatar da shi tare da adadi mai yawa. Misali, ana nuna aiki mai nasara lokacin da aka kashe SMT (HyperThreading) kuma an raba cache na LLC tsakanin cores na CPU.
- Ƙayyade sigogi game da jinkiri tsakanin maɓallai. Jinkirin ya dogara da matsayin maɓallan kuma yana ba da izini, ta hanyar bincike na ƙididdiga, don sake ƙirƙirar bayanan da aka shigar daga maballin tare da wata yuwuwar (misali, yawancin mutane sukan rubuta "s" bayan "a" da sauri fiye da "g" bayan haka. "s").
- Tsara hanyar sadarwa ta ɓoye don canja wurin bayanai tsakanin matakai a cikin saurin kusan megabits 4 a cikin daƙiƙa guda, wanda baya amfani da ƙwaƙwalwar ajiya, cache cache, da takamaiman albarkatun CPU da tsarin sarrafawa. An lura cewa hanyar da aka tsara na ƙirƙirar tashar ɓoye yana da matukar wahala a toshe tare da hanyoyin kariya daga hare-haren tashoshi na gefe.
Ƙarfafawa baya buƙatar manyan gata kuma ana iya amfani da shi ta talakawa, masu amfani marasa gata. An lura cewa za a iya daidaita harin don tsara kwararar bayanai tsakanin na'urori masu kama da juna, amma wannan batu ya wuce iyakar binciken kuma ba a aiwatar da gwajin tsarin ba. An gwada lambar da aka tsara akan Intel i7-9700 CPU a cikin Ubuntu 16.04. Gabaɗaya, an gwada hanyar harin akan na'urori masu sarrafa tebur daga Intel Coffee Lake da dangin Skylake, kuma ana iya amfani da su ga masu sarrafa sabar Xeon daga dangin Broadwell.
Fasahar haɗin gwiwar zobe ta bayyana a cikin na'urori masu sarrafawa bisa ga microarchitecture na Sandy Bridge kuma ta ƙunshi bas ɗin madaidaicin madauri da yawa da ake amfani da su don haɗa kayan aikin kwamfuta da zane-zane, gadar uwar garken da cache. Mahimman hanyar harin shine, saboda iyakancewar bandwidth bas ɗin zobe, ayyukan ƙwaƙwalwar ajiya a cikin wani tsari suna jinkirta samun damar ƙwaƙwalwar ajiyar wani tsari. Ta hanyar gano cikakkun bayanai na aiwatarwa ta hanyar injiniya na baya, mai hari zai iya haifar da kaya wanda ke haifar da jinkirin samun damar ƙwaƙwalwar ajiya a cikin wani tsari kuma yayi amfani da waɗannan jinkirin azaman tashar gefe don samun bayanai.
Hare-hare kan motocin bas din CPU na cikin gida na fuskantar cikas sakamakon karancin bayanai game da gine-gine da hanyoyin gudanar da bas din, da kuma yawan hayaniya, wanda ke sa da wuya a ware bayanai masu amfani. Yana yiwuwa a fahimci ƙa'idodin aiki na bas ta hanyar injiniyan juzu'i na ƙa'idodin da aka yi amfani da su lokacin watsa bayanai ta cikin bas ɗin. An yi amfani da samfurin rarraba bayanai bisa hanyoyin koyan na'ura don raba bayanai masu amfani da hayaniya. Samfurin da aka tsara ya ba da damar tsara saka idanu na jinkiri yayin ƙididdigewa a cikin takamaiman tsari, a cikin yanayi lokacin da matakai da yawa ke samun damar ƙwaƙwalwar ajiya lokaci guda kuma an dawo da wani ɓangare na bayanan daga caches na sarrafawa.
Bugu da ƙari, za mu iya lura da gano alamun amfani da amfani don bambancin farko na raunin Specter (CVE-2017-5753) yayin hare-hare akan tsarin Linux. Amfanin yana amfani da yatsan bayanan tashoshi na gefe don nemo babban toshe a cikin ƙwaƙwalwar ajiya, ƙayyade inode fayil ɗin /etc/shadow, da lissafin adireshin shafin ƙwaƙwalwar ajiya don dawo da fayil ɗin daga ma'ajin diski.
source: budenet.ru