1 research outputs found
Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework
Rowhammer is a hardware-based bug that allows the attacker to modify the data
in the memory without accessing it, just repeatedly and frequently accessing
(or hammering) physically adjacent memory rows. So that it can break the memory
isolation between processes, which is seen as the cornerstone of modern system
security, exposing the sensitive data to unauthorized and imperceptible
corruption. A number of previous works have leveraged the rowhammer bug to
achieve various critical attacks.
In this work, we propose a unified reference framework for analyzing the
rowhammer attacks, indicating three necessary factors in a practical rowhammer
attack: the attack origin, the intended implication and the methodology. Each
factor includes multiple primitives, the attacker can select primitives from
three factors to constitute an effective attack. In particular, the methodology
further summarizes all existing attack techniques, that are used to achieve its
three primitives: Location Preparation (LP), Rapid Hammering (RH), and Exploit
Verification (EV). Based on the reference framework, we analyze all previous
rowhammer attacks and corresponding countermeasures. Our analysis shows that
how primitives in different factors are combined and used in previous attacks,
and thus points out new possibility of rowhammer attacks, enabling proactive
prevention before it causes harm. Under the framework, we propose a novel
expressive rowhammer attack that is capable of accumulating injected memory
changes and achieving rich attack semantics. We conclude by outlining future
research directions