Another Flip in the Wall of Rowhammer Defenses

The Rowhammer bug allows unauthorized modification of bits in DRAM cells from unprivileged software, enabling powerful privilege-escalation attacks. Sophisticated Rowhammer countermeasures have been presented, aiming at mitigating the Rowhammer bug or its exploitation. However, the state of the art provides insufficient insight on the completeness of these defenses. In this paper, we present novel Rowhammer attack and exploitation primitives, showing that even a combination of all defenses is ineffective. Our new attack technique, one-location hammering, breaks previous assumptions on requirements for triggering the Rowhammer bug, i.e., we do not hammer multiple DRAM rows but only keep one DRAM row constantly open. Our new exploitation technique, opcode flipping, bypasses recent isolation mechanisms by flipping bits in a predictable and targeted way in userspace binaries. We replace conspicuous and memory-exhausting spraying and grooming techniques with a novel reliable technique called memory waylaying. Memory waylaying exploits system-level optimizations and a side channel to coax the operating system into placing target pages at attacker-chosen physical locations. Finally, we abuse Intel SGX to hide the attack entirely from the user and the operating system, making any inspection or detection of the attack infeasible. Our Rowhammer enclave can be used for coordinated denial-of-service attacks in the cloud and for privilege escalation on personal computers. We demonstrate that our attacks evade all previously proposed countermeasures for commodity systems.

[1]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[2]  Debdeep Mukhopadhyay,et al.  Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis , 2016, CHES.

[3]  Ahmad-Reza Sadeghi,et al.  HardIDX: Practical and Secure Index with SGX , 2017, DBSec.

[4]  제프리 알. 윌콕스,et al.  Method for dynamically adjusting a memory page closing policy , 2002 .

[5]  Bruno Robisson,et al.  Compilation of a Countermeasure Against Instruction-Skip Fault Attacks , 2016, CS2@HiPEAC.

[6]  Yuan Xiao,et al.  One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation , 2016, USENIX Security Symposium.

[7]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[8]  Lizy Kurian John,et al.  Minimalist open-page: A DRAM page-mode scheduling policy for the many-core era , 2011, 2011 44th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[9]  Herbert Bos,et al.  Flip Feng Shui: Hammering a Needle in the Software Stack , 2016, USENIX Security Symposium.

[10]  Peng Wang,et al.  Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale , 2015, USENIX Security Symposium.

[11]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[12]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[13]  Thomas R. Gross,et al.  CAIN: Silently Breaking ASLR in the Cloud , 2015, WOOT.

[14]  Irfan Habib,et al.  Virtualization with KVM , 2008 .

[15]  Stefan Mangard,et al.  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR , 2016, CCS.

[16]  Nikolas Ioannou,et al.  From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks , 2017, WOOT.

[17]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..

[18]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[19]  Reshma Lal,et al.  An architecture methodology for secure video conferencing , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[20]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[21]  Mengyuan Li,et al.  STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves , 2017, CCS.

[22]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[23]  Frank Piessens,et al.  Mitigating Password Database Breaches with Intel SGX , 2016, SysTEX@Middleware.

[24]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[25]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[26]  Zhi Chen,et al.  CAMFAS: A Compiler Approach to Mitigate Fault Attacks via Enhanced SIMDization , 2017, 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[27]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[28]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[29]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[30]  Cyrille Artho,et al.  Memory deduplication as a threat to the guest OS , 2011, EUROSEC '11.

[31]  Rei-Fu Huang,et al.  Alternate hammering test for application-specific DRAMs and an industrial case study , 2012, DAC Design Automation Conference 2012.

[32]  Onur Mutlu,et al.  The RowHammer problem and other issues we may face as memory becomes denser , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[33]  Carl A. Gunter,et al.  Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX , 2017, CCS.

[34]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[35]  Rui Qiao,et al.  A new approach for rowhammer attacks , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[36]  Ramesh Karri,et al.  MAGIC: Malicious Aging in Circuits/Cores , 2015, TACO.

[37]  Ruby B. Lee,et al.  CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds , 2016, RAID.

[38]  Todd M. Austin,et al.  When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[39]  Vesselina K. Papazova,et al.  IBM zEnterprise redundant array of independent memory subsystem , 2012, IBM J. Res. Dev..

[40]  Rebekah Leslie-Hurd,et al.  Intel® Software Guard Extensions (Intel® SGX) Software Support for Dynamic Memory Allocation inside an Enclave , 2016, HASP@ISCA.

[41]  Herbert Bos,et al.  Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[42]  Dae-Hyun Kim,et al.  Architectural Support for Mitigating Row Hammering in DRAM Memories , 2015, IEEE Computer Architecture Letters.

[43]  Shay Gueron,et al.  A Memory Encryption Engine Suitable for General Purpose Processors , 2016, IACR Cryptol. ePrint Arch..

[44]  Barbara P. Aichinger,et al.  DDR memory errors caused by Row Hammer , 2015, 2015 IEEE High Performance Extreme Computing Conference (HPEC).

[45]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[46]  Yanick Fratantonio,et al.  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms , 2016, CCS.

[47]  Chris Fallin,et al.  Memory power management via dynamic voltage/frequency scaling , 2011, ICAC '11.

[48]  Gorka Irazoqui Apecechea,et al.  MASCAT: Stopping Microarchitectural Attacks Before Execution , 2016, IACR Cryptol. ePrint Arch..

[49]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[50]  Norbert Wehn,et al.  Reverse Engineering of DRAMs: Row Hammer with Crosshair , 2016, MEMSYS.

[51]  Ahmad-Reza Sadeghi,et al.  CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory , 2017, USENIX Security Symposium.

[52]  Reetuparna Das,et al.  ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks , 2016, ASPLOS.

[53]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[54]  Keun Soo Yim,et al.  The Rowhammer Attack Injection Methodology , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS).

[55]  Stefan Mangard,et al.  Practical Memory Deduplication Attacks in Sandboxed Javascript , 2015, ESORICS.