2 research outputs found
On Feasibility and Performance of Rowhammmer Attack
In this paper we study the Rowhammer sidechannel attack and evaluate its feasibility on practical exploitation scenarios in Linux. Currently, all the implementations released, capable of performing the Rowhammer attack, require elevated privileges. This is a very strong requirement which, in a sense, puts ths attack into the theoretical spectrum. The purpose of this report is to explore different techniques that would allow the execution of the Rowhammer attack in userspace. More specifically, we provide two implementations, each of them having different strength of requirements but with one characteristic in common: the capability of executing the Rowhammer attack without elevated privileges. At the end, we see that not only it was possible to reach similar levels of performance with the programs that required elevated privileges, but in some cases even outperform them, in both native and virtual environments
Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework
Rowhammer is a hardware-based bug that allows the attacker to modify the data
in the memory without accessing it, just repeatedly and frequently accessing
(or hammering) physically adjacent memory rows. So that it can break the memory
isolation between processes, which is seen as the cornerstone of modern system
security, exposing the sensitive data to unauthorized and imperceptible
corruption. A number of previous works have leveraged the rowhammer bug to
achieve various critical attacks.
In this work, we propose a unified reference framework for analyzing the
rowhammer attacks, indicating three necessary factors in a practical rowhammer
attack: the attack origin, the intended implication and the methodology. Each
factor includes multiple primitives, the attacker can select primitives from
three factors to constitute an effective attack. In particular, the methodology
further summarizes all existing attack techniques, that are used to achieve its
three primitives: Location Preparation (LP), Rapid Hammering (RH), and Exploit
Verification (EV). Based on the reference framework, we analyze all previous
rowhammer attacks and corresponding countermeasures. Our analysis shows that
how primitives in different factors are combined and used in previous attacks,
and thus points out new possibility of rowhammer attacks, enabling proactive
prevention before it causes harm. Under the framework, we propose a novel
expressive rowhammer attack that is capable of accumulating injected memory
changes and achieving rich attack semantics. We conclude by outlining future
research directions