Another Flip in the Wall of Rowhammer Defenses

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

Liu

et al. 2020

Self Cite

The rowhammer bug is to frequently access hammer rows to induce bit flips in their adjacent victim rows, allowing an attacker to gain privilege escalation or steal private data. A key requirement of all existing rowhammer attacks is that an attacker must have access to at least part of an exploitable hammer row. We refer to such rowhammer attacks as PeriHammer. The stateof-the-art software-only defenses against PeriHammer attacks is to make the exploitable hammer rows beyond the attacker's access permission.In this paper, we question the necessity of the above requirement and propose a new class of rowhammer attacks, termed as TeleHammer. It is a paradigm shift in rowhammer attacks since it crosses privilege boundary to stealthily rowhammer an inaccessible row by implicit DRAM accesses. Such accesses are achieved by abusing inherent features of modern hardware and/or software. We propose a generic model to rigorously formalize the necessary conditions to initiate TeleHammer and PeriHammer, respectively. Compared to PeriHammer, TeleHammer can defeat the advanced software-only defenses, stealthy in hiding itself and hard to be mitigated.To demonstrate the practicality of TeleHammer and its advantages, we have created a TeleHammer's instance, called PThammer, which leverages the address-translation feature of modern processors. We observe that a memory access from user space can induce a load of a Level-1 page-table entry (L1PTE) from memory and thus hammer the L1PTE once, although L1PTE is not accessible to us. To achieve a high enough hammering frequency, we flush relevant TLB and cache effectively and efficiently. To this end, we demonstrate PThammer on three different test machines and show that it can cross user-kernel boundary and induce the first bit flips in L1PTEs within 15 minutes of double-sided PThammering. PThammer does not require the superpage system setting, and works on Ubuntu Linux. We have exploited PThammer to defeat advanced software-only rowhammer defenses in default system setting.

Section: Rowhammer Overviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

Liu

et al. 2020

Self Cite

“…If not, then it is called single-sided rowhammer. Alternatively, one-location rowhammer [4] forces the memory controller to clear the row buffer and thus only needs to hammer one row. Lastly, to map a virtual address to a DRAM address, Memory Management Unit (MMU) will translate the virtual address to a physical address, which is mapped to a DRAM address by the memory controller.…”

Section: B the Rowhammer Vulnerabilitymentioning

confidence: 99%

“…The virtual to physical mapping can be addressed by either accessing pagemap or forcing hugepage allocation. Clearly, a correct DRAM address mapping helps induce more rowhammer bit flips and thus affects existing rowhammer attacks [14], [2], [10], [4], [1] and rowhammer DRAM PUFs [11] as well as its attack [15].…”

Section: B the Rowhammer Vulnerabilitymentioning

confidence: 99%

“…Based on the uncovered mappings, we perform double-sided rowhammer tests on three different machine settings and all results show that DRAMDig is much more effective in inducing rowhammer bit flips than the other generic tool, DRAMA [10]. To this end, DRAMDig enables users to test how vulnerable their computers are to the rowhammer problem and also help evaluate the impact of existing rowhammer attacks [14], [2], [10], [4], [1] and rowhammer DRAM PUFs [11], [15]. In summary, we make the following key contributions:…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

DRAMDig: A Knowledge-assisted Tool to Uncover DRAM Address Mapping

Wang

2020 57th ACM/IEEE Design Automation Conference (DAC)

et al. 2020

As recently emerged rowhammer exploits require undocumented DRAM address mapping, we propose a generic knowledge-assisted tool, DRAMDig, which takes domain knowledge into consideration to efficiently and deterministically uncover the DRAM address mappings on any Intel-based machines. We test DRAMDig on a number of machines with different combinations of DRAM chips and microarchitectures ranging from Intel Sandy Bridge to Coffee Lake. Comparing to previous works, DRAMDig deterministically reverse-engineered DRAM address mappings on all the test machines with only 7.8 minutes on average. Based on the uncovered mappings, we perform double-sided rowhammer tests and the results show that DRAMDig induced significantly more bit flips than previous works, justifying the correctness of the uncovered DRAM address mappings.

CATTmew: Defeating Software-Only Physical Kernel Isolation

IEEE Trans. Dependable and Secure Comput.

Nepal

et al. 2021

All the state-of-the-art rowhammer attacks can break the MMU-enforced inter-domain isolation because the physical memory owned by each domain is adjacent to each other. To mitigate these attacks, physical domain isolation, introduced by CATT [7], physically separates each domain by dividing the physical memory into multiple partitions and keeping each partition occupied by only one domain. CATT implemented physical kernel isolation as the first generic and practical software-only defense to protect kernel from being rowhammered as kernel is one of the most appealing targets. In this paper, we develop a novel exploit that could effectively defeat the physical kernel isolation and gain both root and kernel privileges. Our exploit can work without exhausting the page cache or the system memory, or relying on the information of the virtual-to-physical address mapping. The exploit is motivated by our key observation that the modern OSes have double-owned kernel buffers (e.g., video buffers and SCSI Generic buffers) owned concurrently by the kernel and user domains. The existence of such buffers invalidates the physical kernel isolation and makes the rowhammer-based attack possible again. Existing conspicuous rowhammer attacks achieving the root/kernel privilege escalation exhaust the page cache or even the whole system memory. Instead, we propose a new technique, named memory ambush. It is able to place the hammerable double-owned kernel buffers physically adjacent to the target objects (e.g., page tables) with only a small amount of memory. As a result, our exploit is stealthier and has fewer memory footprints. We also replace the inefficient rowhammer algorithm that blindly picks up addresses to hammer with an efficient one. Our algorithm selects suitable addresses based on an existing timing channel [31]. We implement our exploit on the Linux kernel version 4.10.0. Our experiment results indicate that a successful attack could be done within 1 minute. The occupied memory is as low as 88MB.