On Feasibility and Performance of Rowhammmer Attack

In this paper we study the Rowhammer sidechannel attack and evaluate its feasibility on practical exploitation scenarios in Linux. Currently, all the implementations released, capable of performing the Rowhammer attack, require elevated privileges. This is a very strong requirement which, in a sense, puts ths attack into the theoretical spectrum. The purpose of this report is to explore different techniques that would allow the execution of the Rowhammer attack in userspace. More specifically, we provide two implementations, each of them having different strength of requirements but with one characteristic in common: the capability of executing the Rowhammer attack without elevated privileges. At the end, we see that not only it was possible to reach similar levels of performance with the programs that required elevated privileges, but in some cases even outperform them, in both native and virtual environments

Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework

Rowhammer is a hardware-based bug that allows the attacker to modify the data in the memory without accessing it, just repeatedly and frequently accessing (or hammering) physically adjacent memory rows. So that it can break the memory isolation between processes, which is seen as the cornerstone of modern system security, exposing the sensitive data to unauthorized and imperceptible corruption. A number of previous works have leveraged the rowhammer bug to achieve various critical attacks. In this work, we propose a unified reference framework for analyzing the rowhammer attacks, indicating three necessary factors in a practical rowhammer attack: the attack origin, the intended implication and the methodology. Each factor includes multiple primitives, the attacker can select primitives from three factors to constitute an effective attack. In particular, the methodology further summarizes all existing attack techniques, that are used to achieve its three primitives: Location Preparation (LP), Rapid Hammering (RH), and Exploit Verification (EV). Based on the reference framework, we analyze all previous rowhammer attacks and corresponding countermeasures. Our analysis shows that how primitives in different factors are combined and used in previous attacks, and thus points out new possibility of rowhammer attacks, enabling proactive prevention before it causes harm. Under the framework, we propose a novel expressive rowhammer attack that is capable of accumulating injected memory changes and achieving rich attack semantics. We conclude by outlining future research directions