Silently Breaking ASLR in the Cloud

Explore a critical security vulnerability in cloud computing environments through this Black Hat conference talk. Delve into the intricacies of memory deduplication and its unintended consequences on Address Space Layout Randomization (ASLR). Learn how the CAIN (Cross-VM ASL INtrospection) proof-of-concept exploit leverages memory side-channels to defeat ASLR in a 64-bit Windows Server 2012 victim VM running on a default KVM configuration. Understand the underlying concepts of the attack and witness a demonstration of the CAIN exploit in action. Gain valuable insights into cloud security risks and potential mitigation strategies during this 53-minute presentation by Antonio Barresi, Kaveh Razavi, Mathias Payer, and Thomas Gross.

Silently Breaking ASLR In The Cloud