3 research outputs found
Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework
Rowhammer is a hardware-based bug that allows the attacker to modify the data
in the memory without accessing it, just repeatedly and frequently accessing
(or hammering) physically adjacent memory rows. So that it can break the memory
isolation between processes, which is seen as the cornerstone of modern system
security, exposing the sensitive data to unauthorized and imperceptible
corruption. A number of previous works have leveraged the rowhammer bug to
achieve various critical attacks.
In this work, we propose a unified reference framework for analyzing the
rowhammer attacks, indicating three necessary factors in a practical rowhammer
attack: the attack origin, the intended implication and the methodology. Each
factor includes multiple primitives, the attacker can select primitives from
three factors to constitute an effective attack. In particular, the methodology
further summarizes all existing attack techniques, that are used to achieve its
three primitives: Location Preparation (LP), Rapid Hammering (RH), and Exploit
Verification (EV). Based on the reference framework, we analyze all previous
rowhammer attacks and corresponding countermeasures. Our analysis shows that
how primitives in different factors are combined and used in previous attacks,
and thus points out new possibility of rowhammer attacks, enabling proactive
prevention before it causes harm. Under the framework, we propose a novel
expressive rowhammer attack that is capable of accumulating injected memory
changes and achieving rich attack semantics. We conclude by outlining future
research directions
RowHammer: A Retrospective
This retrospective paper describes the RowHammer problem in Dynamic Random
Access Memory (DRAM), which was initially introduced by Kim et al. at the ISCA
2014 conference~\cite{rowhammer-isca2014}. RowHammer is a prime (and perhaps
the first) example of how a circuit-level failure mechanism can cause a
practical and widespread system security vulnerability. It is the phenomenon
that repeatedly accessing a row in a modern DRAM chip causes bit flips in
physically-adjacent rows at consistently predictable bit locations. RowHammer
is caused by a hardware failure mechanism called {\em DRAM disturbance errors},
which is a manifestation of circuit-level cell-to-cell interference in a scaled
memory technology.
Researchers from Google Project Zero demonstrated in 2015 that this hardware
failure mechanism can be effectively exploited by user-level programs to gain
kernel privileges on real systems. Many other follow-up works demonstrated
other practical attacks exploiting RowHammer. In this article, we
comprehensively survey the scientific literature on RowHammer-based attacks as
well as mitigation techniques to prevent RowHammer. We also discuss what other
related vulnerabilities may be lurking in DRAM and other types of memories,
e.g., NAND flash memory or Phase Change Memory, that can potentially threaten
the foundations of secure systems, as the memory technologies scale to higher
densities. We conclude by describing and advocating a principled approach to
memory reliability and security research that can enable us to better
anticipate and prevent such vulnerabilities.Comment: A version of this work is to appear at IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems (TCAD) Special Issue
on Top Picks in Hardware and Embedded Security, 2019. arXiv admin note:
substantial text overlap with arXiv:1703.00626, arXiv:1903.1105
Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
Cloud providers are concerned that Rowhammer poses a potentially critical
threat to their servers, yet today they lack a systematic way to test whether
the DRAM used in their servers is vulnerable to Rowhammer attacks. This paper
presents an end-to-end methodology to determine if cloud servers are
susceptible to these attacks. With our methodology, a cloud provider can
construct worst-case testing conditions for DRAM.
We apply our methodology to three classes of servers from a major cloud
provider. Our findings show that none of the CPU instruction sequences used in
prior work to mount Rowhammer attacks create worst-case DRAM testing
conditions. To address this limitation, we develop an instruction sequence that
leverages microarchitectural side-effects to ``hammer'' DRAM at a near-optimal
rate on modern Intel Skylake and Cascade Lake platforms. We also design a DDR4
fault injector that can reverse engineer row adjacency for any DDR4 DIMM. When
applied to our cloud provider's DIMMs, we find that DRAM rows do not always
follow a linear map.Comment: A version of this paper will appear in the IEEE S&P 2020 proceeding