56 research outputs found
CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY
Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns. The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS
PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses
Rowhammer is a hardware vulnerability in DRAM memory, where repeated access
to memory can induce bit flips in neighboring memory locations. Being a
hardware vulnerability, rowhammer bypasses all of the system memory protection,
allowing adversaries to compromise the integrity and confidentiality of data.
Rowhammer attacks have shown to enable privilege escalation, sandbox escape,
and cryptographic key disclosures. Recently, several proposals suggest
exploiting the spatial proximity between the accessed memory location and the
location of the bit flip for a defense against rowhammer. These all aim to deny
the attacker's permission to access memory locations near sensitive data. In
this paper, we question the core assumption underlying these defenses. We
present PThammer, a confused-deputy attack that causes accesses to memory
locations that the attacker is not allowed to access. Specifically, PThammer
exploits the address translation process of modern processors, inducing the
processor to generate frequent accesses to protected memory locations. We
implement PThammer, demonstrating that it is a viable attack, resulting in a
system compromise (e.g., kernel privilege escalation). We further evaluate the
effectiveness of proposed software-only defenses showing that PThammer can
overcome those.Comment: Preprint of the work accepted at the International Symposium on
Microarchitecture (MICRO) 2020. arXiv admin note: text overlap with
arXiv:1912.0307
Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations
Modern systems mitigate Rowhammer using victim refresh, which refreshes the
two neighbours of an aggressor row when it encounters a specified number of
activations. Unfortunately, complex attack patterns like Half-Double break
victim-refresh, rendering current systems vulnerable. Instead, recently
proposed secure Rowhammer mitigations rely on performing mitigative action on
the aggressor rather than the victims. Such schemes employ mitigative actions
such as row-migration or access-control and include AQUA, SRS, and Blockhammer.
While these schemes incur only modest slowdowns at Rowhammer thresholds of few
thousand, they incur prohibitive slowdowns (15%-600%) for lower thresholds that
are likely in the near future. The goal of our paper is to make secure
Rowhammer mitigations practical at such low thresholds.
Our paper provides the key insights that benign application encounter
thousands of hot rows (receiving more activations than the threshold) due to
the memory mapping, which places spatially proximate lines in the same row to
maximize row-buffer hitrate. Unfortunately, this causes row to receive
activations for many frequently used lines. We propose Rubix, which breaks the
spatial correlation in the line-to-row mapping by using an encrypted address to
access the memory, reducing the likelihood of hot rows by 2 to 3 orders of
magnitude. To aid row-buffer hits, Rubix randomizes a group of 1-4 lines. We
also propose Rubix-D, which dynamically changes the line-to-row mapping.
Rubix-D minimizes hot-rows and makes it much harder for an adversary to learn
the spatial neighbourhood of a row. Rubix reduces the slowdown of AQUA (from
15% to 1%), SRS (from 60% to 2%), and Blockhammer (from 600% to 3%) while
incurring a storage of less than 1 Kilobyte
- …