Modern operating systems use a number of different techniques and mechanisms to improve system throughput and performance. But some of these optimizations can passively leak crucial side-channel information regarding sensitive data that is being processed and stored in the system. In this paper, we talk about one such optimization mechanism prevalent in modern Linux based operating system, called page frame cache, which is an integral part of physical memory allocation subsystem. It is a purely software cache storing the page frames that are recently being released by the process or processes running on the corresponding CPU. We show that an adversary can force the kernel to allocate specific page frames to a victim process, running on the same CPU. We also discuss about the possibility of a practical scenario where the adversary can conduct Rowhammer attack to induce bit flips in the victim’s page using only user level privilege.
[1]
Yuan Xiao,et al.
One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
,
2016,
USENIX Security Symposium.
[2]
Herbert Bos,et al.
Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector
,
2016,
2016 IEEE Symposium on Security and Privacy (SP).
[3]
Daniel Pierre Bovet,et al.
Understanding the Linux Kernel
,
2000
.
[4]
Wei He,et al.
Persistent Fault Analysis on Block Ciphers
,
2018,
IACR Trans. Cryptogr. Hardw. Embed. Syst..
[5]
Debdeep Mukhopadhyay,et al.
Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis
,
2016,
CHES.
[6]
Yanick Fratantonio,et al.
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
,
2016,
CCS.
[7]
Laura Hoch.
Understanding The Linux Virtual Memory Manager
,
2016
.