SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks

Tobah, Youssef; Kwong, Andrew; Kang, Ingab; Genkin, Daniel; Shin, Kang G.

doi:10.1109/sp46214.2022.9833802

Cited by 19 publications

(4 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker locates the gadget's virtual address in the address space of victim's, (23,24) subsequently conducts indirect branches for mentioned address in order to confuse the BTB. The address space of the attacker is used for this training.…”

Section: Exploiting Indirect Branches (Variant 2 (V2))mentioning

confidence: 99%

Securing Virtual Architecture of Smartphones based on Network Function Virtualization

Nahi¹,

Hasan

Lazem

et al. 2023

Metaverse Basic and Applied Research

View full text Add to dashboard Cite

One of the most difficult parts of Network Function Virtualization (NFV) installations is security. The NFV environment is a large-scale, software-driven one with a variety of components. Network topologies and traffic flows are continuously and managed to change. Such complexity necessitates a comprehensive security framework that permits automatic and to manage changeable network conditions, a quick response is required with the least amount of manual involvement. This paper introduced many solutions for securing the NFV environment from attacks such as (Specter and DoS) that attack parts of this architecture based on some experiments. Applied NFV on an operating system of smartphones (Android). We tested some attacks on the device and then on some of the layers in the architecture. We obtain new and obvious results, by comparison, to traditional and updated NFV architecture. Also, update the NFV architecture using vCenter/ESX and Hyper-V being two important terms in security After adding the necessary algorithms to protect the NFV architecture, we noticed about 128 hours to hack a 1.4 megabyte (WinRAR) file, while the same file and the same size needed 126 hours to reach the root without the algorithms used to protect the architecture.

show abstract

Section: Exploiting Indirect Branches (Variant 2 (V2))mentioning

confidence: 99%

Securing Virtual Architecture of Smartphones based on Network Function Virtualization

Nahi¹,

Hasan

Lazem

et al. 2023

Metaverse Basic and Applied Research

View full text Add to dashboard Cite

show abstract

“…Attackers can remotely gain administrative privileges through this vulnerability and then execute malicious instructions with those privileges. Buffer overflow has been identified as one of the most common and dangerous security vulnerabilities to date [7]. Many detection and mitigation techniques have been developed and deployed to reduce the likelihood of buffer overflow attacks [8][9][10].…”

Section: Related Workmentioning

confidence: 99%

Fine-Grained Modeling of ROP Vulnerability Exploitation Process under Stack Overflow Based on Petri Nets

Zhang,

Wang

et al. 2023

Electronics

View full text Add to dashboard Cite

Software vulnerability discovery is currently a hot topic, and buffer overflow remains a prevalent security vulnerability. One of the key issues in vulnerability discovery and analysis is how to quickly analyze buffer overflow vulnerabilities and select critical exploitation paths. Existing modeling methods for vulnerability exploitation cannot accurately reflect the fine-grained execution process of stack overflow exploitation paths. This paper, based on the discussion of buffer overflow exploitation techniques, proposes a fine-grained modeling and analysis method based on Petri nets for the selection and execution of exploitation processes, specifically focusing on the return-oriented programming in stack overflow. Through qualitative analysis, we compared the simulated time of the software with the execution time of existing exploitation tools, achieving timeout-based simulation experiments. We validated the model’s effectiveness using symbolic execution and dynamic analysis techniques. The results indicate that this model performs well for vulnerable programs with Position Independent Executable (PIE) protection enabled and has an advantage in selecting exploitation paths, enabling timeout-based simulation. This method provides a reference for rapidly constructing exploitation implementations.

show abstract

“…Some forms of Rowhammer attacks (Bhattacharya and Mukhopadhyay, 2016;Kwong et al, 2020;Weissman et al, 2019) work on extracting RSA key; others (Rakin et al, 2022) show how weights of a Deep Neural Network (DNN) can be leaked and yet others show how the accuracy of DNN can be diminished using Rowhammer attack (Hong et al, 2019;Yao et al, 2020). SpecHammer (Tobah et al, 2022), a row of hammerassisted specter attacks, was able to bypass current specter defenses. Rowhammer can also be the source of Denial of Service (DoS) attacks; (Lipp et al, 2020) implemented network-based attacks on remote systems to compromise system security or cause Denial of Service (DoS).…”

Section: Rowhammer Exploitationsmentioning

confidence: 99%

DEACT: Hardware Solution to Rowhammer Attacks

Gebrehiwot,

Andargie,

Ismail

2023

Journal of Computer Science

View full text Add to dashboard Cite

Dynamic Random Access Memory (DRAM) is a crucial component in modern computing devices. Improvements in process technology have significantly increased the speed and storage capacity of memory devices. However, as memory cells become smaller and closer to one another, annoying circuit disturbance errors such as the Row-hammer problem have become significant. Studies show that attackers can systematically exploit such errors to induce bit flips and take control of local/remote systems. Even though several hardware and software-based mitigation techniques have been proposed, it is still continuing to be a big threat to system security. In this research, we propose DEACT, a counter-based hardware mitigation to the Rowhammer attack. Contrary to existing countermeasures that refresh victim rows or throttle memory access upon excessive row activation, DEACT uses additional row buffers to keep hot rows and prevent further activation. The size of our counter uses 1.67 times less space than the optimal of existing implementations. DEACT not only eliminates the Rowhammer problem, but it also improves the performance of DRAM. We tested DEACT on the TPC and CPU-2006 benchmarks; the average hit rate has increased by 41% when compared to standard DRAM.

show abstract

SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks

Cited by 19 publications

References 24 publications

Securing Virtual Architecture of Smartphones based on Network Function Virtualization

Securing Virtual Architecture of Smartphones based on Network Function Virtualization

Fine-Grained Modeling of ROP Vulnerability Exploitation Process under Stack Overflow Based on Petri Nets

DEACT: Hardware Solution to Rowhammer Attacks

Contact Info

Product

Resources

About