SAFARI Live Seminar - Exploiting RowPress and RowHammer and How To Defend Against It 

Title: Exploiting RowPress and RowHammer and How To Defend Against It
Speaker: Jonas Juffinger, IAIK, TU Graz
Website: www.jonasjuffi...
SAFARI Live Seminar Talk: safari.ethz.ch...
Slides (pdf):
Slides (pptx):
Abstract:
Rowhammer is a vulnerability still plaguing DRAM 10 years after its discovery. With CSI:Rowhammer, we proposed a new generic approach to Rowhammer mitigations. The design idea is to not focus on any supposed characteristics of Rowhammer but to provide cryptographically secure integrity (CSI) protection for all data in the DRAM. Basing a mitigation on known vulnerability characteristics involves the risk that the mitigation can be circumvented due to new, previously unknown effects. With Rowhammer, this was the case with the discovery of one-location Rowhammer, later again with half-double Rowhammer, and just recently with RowPress. RowPress flips bits in memory, exploiting a different underlying effect than Rowhammer by keeping rows open as long as possible.
In our second paper, PressHammer, we further investigate RowPress and compare it to one-location Rowhammer. One-location Rowhammer appears to be very similar to RowPress. However, the analysis in the respective two papers come to different conclusions on the underlying effect that causes bit flips. In PressHammer, we show that actually both papers are right and one-location Rowhammer causes bit flips due to both effects simultaneously. Finally, we show the first exploit on operating system page tables using the RowPress pattern. It requries only very little knowledge about the DRAM mapping that we reverse engineer using a side channel. We can exploit a system in under 10 minutes on average.
Speaker Bio: Jonas Juffinger is a Ph.D. candidate at the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz), working with Prof. Daniel Gruss. His broad research topics cover Rowhammer attacks and mitigations, side channels, microarchitectural attacks, and secure and energy efficient computing.
Past SAFARI Live Seminars: safari.ethz.ch...