Iqela labaphandi abavela kwi-Vrije Universiteit Amsterdam kunye ne-ETH Zurich baye baqulunqa ubuchule bokuhlaselwa kwenethiwekhi. (I-Network Cache ATtack), evumela, ukusebenzisa iindlela zokuhlalutya idatha ngokusebenzisa iziteshi zomntu wesithathu, ukumisela ukude izitshixo ezicinezelwe ngumsebenzisi ngelixa usebenza kwiseshoni ye-SSH. Ingxaki ibonakala kuphela kwiiseva ezisebenzisa itekhnoloji (Ukufikelela ngqo kwimemori ekude) kunye (Idatha-Ngqo I/O).
Intel , ukuba ukuhlaselwa kunzima ukuphumeza ekusebenzeni, ekubeni kufuna ukufikelela komhlaseli kuthungelwano lwendawo, iimeko ezingcolileyo kunye nombutho wonxibelelwano lomkhosi usebenzisa i-RDMA kunye ne-DDIO technologies, edla ngokusetyenziswa kwiinethiwekhi ezizimeleyo, umzekelo, apho i-computing amaqela asebenza. Umba unikwe umlinganiselo omncinci (CVSS 2.6, ) kwaye ingcebiso inikwe ukuba ingenzeki i-DDIO kunye ne-RDMA kuthungelwano lwasekhaya apho i-perimeter yokhuseleko ingabonelelwanga kwaye uqhagamshelo lwabaxumi abangathembekanga luvunyelwe. I-DDIO isetyenziswe kwi-Intel server processors ukususela ngo-2012 (Intel Xeon E5, E7 kunye ne-SP). Iinkqubo ezisekelwe kwiiprosesa ezivela kwi-AMD kunye nabanye abavelisi abachatshazelwa yingxaki, kuba abaxhasi ukugcina idatha edluliselwe kwinethiwekhi kwi-cache ye-CPU.
Indlela esetyenziselwa uhlaselo ifana nokuba sesichengeni "", ekuvumela ukuba utshintshe imixholo yeebhithi zomntu ngamnye kwi-RAM ngokukhohlisa iipakethi zenethiwekhi kwiinkqubo ezine-RDMA. Ingxaki entsha sisiphumo somsebenzi wokunciphisa ukulibaziseka xa usebenzisa i-DDIO mechanism, eqinisekisa ukusebenzisana ngokuthe ngqo kwekhadi lenethiwekhi kunye nezinye izixhobo ze-peripheral kunye ne-cache yeprosesa (kwinkqubo yokucubungula iipakethi zekhadi lenethiwekhi, idatha igcinwa kwi-cache kwaye ifunyenwe kwi-cache, ngaphandle kokufikelela kwimemori).
Enkosi kwi-DDIO, i-cache yeprosesa ikwabandakanya idatha eyenziwe ngexesha lomsebenzi wenethiwekhi engalunganga. Uhlaselo lwe-NetCAT lusekwe kwinto yokuba amakhadi enethiwekhi asebenza ngokugcina idatha, kwaye isantya sokupakishwa kwepakethi kuthungelwano lwangoku lwasekhaya lwanele ukuphembelela ukuzaliswa kwe-cache kunye nokumisela ubukho okanye ukungabikho kwedatha kwi-cache ngokuhlalutya ukulibaziseka ngexesha ledatha. ugqithiselo.
Xa usebenzisa iiseshoni ezisebenzisanayo, ezifana ne-SSH, ipakethi yenethiwekhi ithunyelwa ngokukhawuleza emva kokuba isitshixo sicinezelwe, okt. ulibaziseko phakathi kweepakethi ezihambelana nokulibaziseka phakathi kwezitshixo. Ukusebenzisa iindlela zokuhlalutya izibalo kunye nokuthathela ingqalelo ukuba ukulibaziseka phakathi kwee-keystrokes ngokuqhelekileyo kuxhomekeke kwindawo yesitshixo kwikhibhodi, kunokwenzeka ukuphinda wenze ulwazi olungenisiweyo kunye nethuba elithile. Umzekelo, abantu abaninzi bathanda ukuchwetheza u-"s" emva ko-"a" ngokukhawuleza kuno-"g" emva ko-"s".
Ulwazi olufakwe kwi-cache yeprosesa ivumela umntu ukuba agwebe ixesha elichanekileyo leepakethi ezithunyelwe ngekhadi lenethiwekhi xa kusetyenzwa uxhulumaniso olufana ne-SSH. Ngokuvelisa ukuhamba kwetrafikhi ethile, umhlaseli unokumisela umzuzu xa idatha entsha ivela kwi-cache ehambelana nomsebenzi othile kwinkqubo. Ukuhlalutya imixholo ye-cache, indlela isetyenziswa , okubandakanya ukugcwalisa i-cache kunye neseti yereferensi yamaxabiso kunye nokulinganisa ixesha lokufikelela kubo xa bephinda baphindwa ukumisela utshintsho.
Kunokwenzeka ukuba ubuchule obucetywayo bunokusetyenziswa ukumisela kungekuphela nje izitshixo, kodwa kunye nezinye iintlobo zedatha eyimfihlo efakwe kwi-cache ye-CPU. Uhlaselo lunokuthi lwenziwe nokuba i-RDMA ikhubazekile, kodwa ngaphandle kwe-RDMA ukusebenza kwayo kuncitshisiwe kwaye ukubulawa kuba nzima kakhulu. Kwakhona kunokwenzeka ukusebenzisa i-DDIO ukuququzelela umzila wonxibelelwano olufihlakeleyo olusetyenziselwa ukudlulisa idatha emva kokuba umncedisi uphazamisekile, udlula iinkqubo zokhuseleko.
umthombo: opennet.ru