DOCSLIB.ORG

Flipping Bits in Memory Without Accessing Them: an Experimental Study of DRAM Disturbance Errors

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Flipping Bits in Memory Without Accessing Them: an Experimental Study of DRAM Disturbance Errors Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors 1 1 1 Yoongu Kim Ross Daly Jeremie Kim Chris Fallin Ji Hye Lee Donghyuk Lee1 Chris Wilkerson2 Konrad Lai Onur Mutlu1 1Carnegie Mellon University 2Intel Labs Abstract. Memory isolation is a key property of a reliable disturbance errors, DRAM manufacturers have been employ- and secure computing system — an access to one memory ad- ing a two-pronged approach: (i) improving inter-cell isola- dress should not have unintended side effects on data stored tion through circuit-level techniques [22, 32, 49, 61, 73] and in other addresses. However, as DRAM process technology (ii) screening for disturbance errors during post-production scales down to smaller dimensions, it becomes more difficult testing [3, 4, 64]. We demonstrate that their efforts to contain to prevent DRAM cells from electrically interacting with each disturbance errors have not always been successful, and that 1 other. In this paper, we expose the vulnerability of commodity erroneous DRAM chips have been slipping into the field. DRAM chips to disturbance errors. By reading from the same In this paper, we expose the existence and the widespread address in DRAM, we show that it is possible to corrupt data nature of disturbance errors in commodity DRAM chips sold in nearby addresses. More specifically, activating the same and used today. Among 129 DRAM modules we analyzed row in DRAM corrupts data in nearby rows. We demonstrate (comprising 972 DRAM chips), we discovered disturbance this phenomenon on Intel and AMD systems using a malicious errors in 110 modules (836 chips). In particular, all modules program that generates many DRAM accesses. We induce manufactured in the past two years (2012 and 2013) were vul- errors in most DRAM modules (110 out of 129) from three nerable, which implies that the appearance of disturbance er- major DRAM manufacturers. From this we conclude that rors in the field is a relatively recent phenomenon affecting many deployed systems are likely to be at risk. We identify more advanced generations of process technology. We show the root cause of disturbance errors as the repeated toggling that it takes as few as 139K reads to a DRAM address (more of a DRAM row’s wordline, which stresses inter-cell coupling generally, to a DRAM row) to induce a disturbance error. As effects that accelerate charge leakage from nearby rows. We a proof of concept, we construct a user-level program that provide an extensive characterization study of disturbance er- continuously accesses DRAM by issuing many loads to the rors and their behavior using an FPGA-based testing plat- same address while flushing the cache-line in between. We form. Among our key findings, we show that (i) it takes as demonstrate that such a program induces many disturbance few as 139K accesses to induce an error and (ii) up to one in errors when executed on Intel or AMD machines. every 1.7K cells is susceptible to errors. After examining var- We identify the root cause of DRAM disturbance errors as ious potential ways of addressing the problem, we propose a voltage fluctuations on an internal wire called the wordline. low-overhead solution to prevent the errors. DRAM comprises a two-dimensional array of cells, where each row of cells has its own wordline. To access a cell within 1. Introduction a particular row, the row’s wordline must be enabled by rais- The continued scaling of DRAM process technology has ing its voltage — i.e., the row must be activated. When there enabled smaller cells to be placed closer to each other. Cram- are many activations to the same row, they force the word- ming more DRAM cells into the same area has the well- line to toggle on and off repeatedly. According to our obser- known advantage of reducing the cost-per-bit of memory. vations, such voltage fluctuations on a row’s wordline have Increasing the cell density, however, also has a negative a disturbance effect on nearby rows, inducing some of their impact on memory reliability due to three reasons. First, cells to leak charge at an accelerated rate. If such a cell loses a small cell can hold only a limited amount of charge, too much charge before it is restored to its original value (i.e., which reduces its noise margin and renders it more vulner- refreshed), it experiences a disturbance error. able to data loss [14, 47, 72]. Second, the close proximity We comprehensively characterize DRAM disturbance er- of cells introduces electromagnetic coupling effects between rors on an FPGA-based testing platform to understand their them, causing them to interact with each other in undesirable behavior and symptoms. Based on our findings, we exam- ways [14, 42, 47, 55]. Third, higher variation in process tech- ine a number of potential solutions (e.g., error-correction and nology increases the number of outlier cells that are excep- frequent refreshes), which all have some limitations. We pro- tionally susceptible to inter-cell crosstalk, exacerbating the pose an effective and low-overhead solution, called PARA, two effects described above. that prevents disturbance errors by probabilistically refresh- As a result, high-density DRAM is more likely to suffer ing only those rows that are likely to be at risk. In contrast to from disturbance, a phenomenon in which different cells in- other solutions, PARA does not require expensive hardware terfere with each other’s operation. If a cell is disturbed structures or incur large performance penalties. This paper beyond its noise margin, it malfunctions and experiences a makes the following contributions. disturbance error. Historically, DRAM manufacturers have 1 been aware of disturbance errors since as early as the Intel The industry has been aware of this problem since at least 2012, which 1103, the first commercialized DRAM chip [58]. To mitigate is when a number of patent applications were filed by Intel regarding the problem of “row hammer” [6, 7, 8, 9, 23, 24]. Our paper was under review Work done while at Carnegie Mellon University. when the earliest of these patents was released to the public. 978-1-4799-4394-4/14/$31.00 c 2014 IEEE 1 cell To our knowledge, this is the first paper to expose the row 4 wordline widespread existence of disturbance errors in commodity DRAM chips from recent years. row 3 row 2 We construct a user-level program that induces disturbance row 1 errors on real systems (Intel/AMD). Simply by reading row 0 from DRAM, we show that such a program could poten- bitline tially breach memory protection and corrupt data stored in row-buffer pages that it should not be allowed to access. a. Rows of cells b. A single cell We provide an extensive characterization of DRAM dis- turbance errors using an FPGA-based testing platform and Figure 1. DRAM consists of cells 129 DRAM modules. We identify the root cause of distur- the cells — and immediately writes the charge back into the bance errors as the repeated toggling of a row’s wordline. cells [38, 41, 43]. Subsequently, all accesses to the row are We observe that the resulting voltage fluctuation could dis- served by the row-buffer on behalf of the row. When there turb cells in nearby rows, inducing them to lose charge at are no more accesses to the row, the wordline is lowered to an accelerated rate. Among our key findings, we show that a low voltage, disconnecting the capacitors from the bitlines. (i) disturbable cells exist in 110 out of 129 modules, (ii) A group of rows is called a bank, each of which has its own up to one in 1.7K cells is disturbable, and (iii) toggling the dedicated row-buffer. (The organization of a bank is simi- wordline as few as 139K times causes a disturbance error. lar to what was shown in Figure 1a.) Finally, multiple banks After examining a number of possible solutions, we pro- come together to form a rank. For example, Figure 2 shows pose PARA (probabilistic adjacent row activation), a low- a 2GB rank whose 256K rows are vertically partitioned into overhead way of preventing disturbance errors. Every time eight banks of 32K rows, where each row is 8KB ( 64Kb) a wordline is toggled, PARA refreshes the nearby rows in size [34]. Having multiple banks increases parallelismD be- with a very small probability (p 1). As a wordline is tog- cause accesses to different banks can be served concurrently. gled many times, the increasing disturbance effects are off- 64K cells set by the higher likelihood of refreshing the nearby rows. 2. DRAM Background Bank7 7 data 0 In this section, we provide the necessary background on cmd ••• K 256 Chip DRAM organization and operation to understand the cause addr Chip and symptoms of disturbance errors. Processor Bank0 2.1. High-Level Organization MemCtrl Rank DRAM chips are manufactured in a variety of configura- tions [34], currently ranging in capacities of 1–8 Gbit and in Figure 2. Memory controller, buses, rank, and banks data-bus widths of 4–16 pins. (A particular capacity does not 2.3. Accessing DRAM imply a particular data-bus width.) By itself, an individual DRAM chip has only a small capacity and a narrow data-bus. An access to a rank occurs in three steps: (i) “opening” the That is why multiple DRAM chips are commonly ganged to- desired row within a desired bank, (ii) accessing the desired gether to provide a large capacity and a wide data-bus (typi- columns from the row-buffer, and (iii) “closing” the row.
Load more

Recommended publications
  • ASIC Implementation of DDR SDRAM Memory Controller
    © 2016 IJEDR | Volume 4, Issue 4 | ISSN: 2321-9939 ASIC Implementation of DDR SDRAM Memory Controller Ramagiri Ramya, Naganaik M.Tech Scholar, ASST.PROF, HOD of ECE BRIG-IC, Hyderabad ________________________________________________________________________________________________________ Abstract - A Dedicated Memory Controller is of prime importance in applications that do not contain microprocessors (high-end applications). The Memory Controller provides command signals for memory refresh, read and write operation and initialization of SDRAM. Our work will focus on ASIC Design methodology of Double Data Rate (DDR) SDRAM Controller that is located between the DDR SDRAM and Bus Master. The Controller simplifies the SDRAM command interface to standard system read/write interface and also optimizes the access time of read/write cycle. Keywords - DDR SDRAM Controller, Read/Write Data path, Cadence RTL Compiler. ________________________________________________________________________________________________________ I. INTRODUCTION Memory devices are almost found in all systems and nowadays high speed and high performance memories are in great demand. For better throughput and speed, the controllers are to be designed with clock frequency in the range of megahertz. As the clock speed of the controller is increasing, the design challenges are also becoming complex. Therefore the next generation memory devices require very high speed controllers like double data rate and quad data rate memory controllers. In this paper, the double data rate SDRAM Controller is implemented using ASIC methodology. Synchronous DRAM (SDRAM) is preferred in embedded system memory design because of its speed and pipelining capability. In high-end applications, like microprocessors there will be specific built in peripherals to provide the interface to the SDRAM. But for other applications, the system designer must design a specific memory controller to provide command signals for memory refresh, read and write operation and initialization of SDRAM.
    [Show full text]
  • Hybrid Drowsy SRAM and STT-RAM Buffer Designs for Dark-Silicon
    This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS 1 Hybrid Drowsy SRAM and STT-RAM Buffer Designs for Dark-Silicon-Aware NoC Jia Zhan, Student Member, IEEE, Jin Ouyang, Member, IEEE,FenGe,Member, IEEE, Jishen Zhao, Member, IEEE, and Yuan Xie, Fellow, IEEE Abstract— The breakdown of Dennard scaling prevents us MCMC MC from powering all transistors simultaneously, leaving a large fraction of dark silicon. This crisis has led to innovative work on Tile link power-efficient core and memory architecture designs. However, link link RouterRouter the research for addressing dark silicon challenges with network- To router on-chip (NoC), which is a major contributor to the total chip NI power consumption, is largely unexplored. In this paper, we Core link comprehensively examine the network power consumers and L1-I$ L2 L1-D$ the drawbacks of the conventional power-gating techniques. To overcome the dark silicon issue from the NoC’s perspective, we MCMC MC propose DimNoC, a dim silicon scheme, which leverages recent drowsy SRAM design and spin-transfer torque RAM (STT-RAM) Fig. 1. 4 × 4 NoC-based multicore architecture. In each node, the local technology to replace pure SRAM-based NoC buffers. processing elements (core, L1, L2 caches, and so on) are attached to a router In particular, we propose two novel hybrid buffer architectures: through an NI. Routers are interconnected through links to form an NoC. 1) a hierarchical buffer architecture, which divides the input Four memory controllers are attached at the four corners, which will be used buffers into a set of levels with different power states and 2) a for off-chip memory access.
    [Show full text]
  • An Analysis of Data Corruption in the Storage Stack
    An Analysis of Data Corruption in the Storage Stack Lakshmi N. Bairavasundaram∗, Garth R. Goodson†, Bianca Schroeder‡ Andrea C. Arpaci-Dusseau∗, Remzi H. Arpaci-Dusseau∗ ∗University of Wisconsin-Madison †Network Appliance, Inc. ‡University of Toronto {laksh, dusseau, remzi}@cs.wisc.edu, [email protected], [email protected] Abstract latent sector errors, within disk drives [18]. Latent sector errors are detected by a drive’s internal error-correcting An important threat to reliable storage of data is silent codes (ECC) and are reported to the storage system. data corruption. In order to develop suitable protection Less well-known, however, is that current hard drives mechanisms against data corruption, it is essential to un- and controllers consist of hundreds-of-thousandsof lines derstand its characteristics. In this paper, we present the of low-level firmware code. This firmware code, along first large-scale study of data corruption. We analyze cor- with higher-level system software, has the potential for ruption instances recorded in production storage systems harboring bugs that can cause a more insidious type of containing a total of 1.53 million disk drives, over a pe- disk error – silent data corruption, where the data is riod of 41 months. We study three classes of corruption: silently corrupted with no indication from the drive that checksum mismatches, identity discrepancies, and par- an error has occurred. ity inconsistencies. We focus on checksum mismatches since they occur the most. Silent data corruptionscould lead to data loss more of- We find more than 400,000 instances of checksum ten than latent sector errors, since, unlike latent sector er- mismatches over the 41-month period.
    [Show full text]
  • Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware
    Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware Yanyan Shen Submitted in fulfilment of the requirements for the degree of Doctor of Philosophy School of Computer Science and Engineering Faculty of Engineering March 2019 Thesis/Dissertation Sheet Surname/Family Name : Shen Given Name/s : Yanyan Abbreviation for degree as give in the University calendar : PhD Faculty : Faculty of Engineering School : School of Computer Science and Engineering Microkernel Mechanisms for Improving the Trustworthiness of Commodity Thesis Title : Hardware Abstract 350 words maximum: (PLEASE TYPE) The thesis presents microkernel-based software-implemented mechanisms for improving the trustworthiness of computer systems based on commercial off-the-shelf (COTS) hardware that can malfunction when the hardware is impacted by transient hardware faults. The hardware anomalies, if undetected, can cause data corruptions, system crashes, and security vulnerabilities, significantly undermining system dependability. Specifically, we adopt the single event upset (SEU) fault model and address transient CPU or memory faults. We take advantage of the functional correctness and isolation guarantee provided by the formally verified seL4 microkernel and hardware redundancy provided by multicore processors, design the redundant co-execution (RCoE) architecture that replicates a whole software system (including the microkernel) onto different CPU cores, and implement two variants, loosely-coupled redundant co-execution (LC-RCoE) and closely-coupled redundant co-execution (CC-RCoE), for the ARM and x86 architectures. RCoE treats each replica of the software system as a state machine and ensures that the replicas start from the same initial state, observe consistent inputs, perform equivalent state transitions, and thus produce consistent outputs during error-free executions.
    [Show full text]
  • Understanding Real World Data Corruptions in Cloud Systems
    Understanding Real World Data Corruptions in Cloud Systems Peipei Wang, Daniel J. Dean, Xiaohui Gu Department of Computer Science North Carolina State University Raleigh, North Carolina {pwang7,djdean2}@ncsu.edu, [email protected] Abstract—Big data processing is one of the killer applications enough to require attention, little research has been done to for cloud systems. MapReduce systems such as Hadoop are the understand software-induced data corruption problems. most popular big data processing platforms used in the cloud system. Data corruption is one of the most critical problems in In this paper, we present a comprehensive study on the cloud data processing, which not only has serious impact on characteristics of the real world data corruption problems the integrity of individual application results but also affects the caused by software bugs in cloud systems. We examined 138 performance and availability of the whole data processing system. data corruption incidents reported in the bug repositories of In this paper, we present a comprehensive study on 138 real world four Hadoop projects (i.e., Hadoop-common, HDFS, MapRe- data corruption incidents reported in Hadoop bug repositories. duce, YARN [17]). Although Hadoop provides fault tolerance, We characterize those data corruption problems in four aspects: our study has shown that data corruptions still seriously affect 1) what impact can data corruption have on the application and system? 2) how is data corruption detected? 3) what are the the integrity, performance, and availability
    [Show full text]
  • SMASH: Synchronized Many-Sided Rowhammer Attacks from Javascript
    SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript Finn de Ridder Pietro Frigo Emanuele Vannacci Herbert Bos ETH Zurich VU Amsterdam VU Amsterdam VU Amsterdam VU Amsterdam Cristiano Giuffrida Kaveh Razavi VU Amsterdam ETH Zurich Abstract has instead been lagging behind. In particular, rather than Despite their in-DRAM Target Row Refresh (TRR) mitiga- addressing the root cause of the Rowhammer bug, DDR4 in- tions, some of the most recent DDR4 modules are still vul- troduced a mitigation known as Target Row Refresh (TRR). nerable to many-sided Rowhammer bit flips. While these TRR, however, has already been shown to be ineffective bit flips are exploitable from native code, triggering them against many-sided Rowhammer attacks from native code, in the browser from JavaScript faces three nontrivial chal- at least in its current in-DRAM form [12]. However, it is lenges. First, given the lack of cache flushing instructions in unclear whether TRR’s failing also re-exposes end users to JavaScript, existing eviction-based Rowhammer attacks are TRR-aware, JavaScript-based Rowhammer attacks from the already slow for the older single- or double-sided variants browser. In fact, existing many-sided Rowhammer attacks and thus not always effective. With many-sided Rowhammer, require frequent cache flushes, large physically-contiguous mounting effective attacks is even more challenging, as it re- regions, and certain access patterns to bypass in-DRAM TRR, quires the eviction of many different aggressor addresses from all challenging in JavaScript. the CPU caches. Second, the most effective many-sided vari- In this paper, we show that under realistic assumptions, it ants, known as n-sided, require large physically-contiguous is indeed possible to bypass TRR directly from JavaScript, memory regions which are not available in JavaScript.
    [Show full text]
  • MRAM Technology Status
    National Aeronautics and Space Administration MRAM Technology Status Jason Heidecker Jet Propulsion Laboratory Pasadena, California Jet Propulsion Laboratory California Institute of Technology Pasadena, California JPL Publication 13-3 2/13 National Aeronautics and Space Administration MRAM Technology Status NASA Electronic Parts and Packaging (NEPP) Program Office of Safety and Mission Assurance Jason Heidecker Jet Propulsion Laboratory Pasadena, California NASA WBS: 104593 JPL Project Number: 104593 Task Number: 40.49.01.09 Jet Propulsion Laboratory 4800 Oak Grove Drive Pasadena, CA 91109 http://nepp.nasa.gov i This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, and was sponsored by the National Aeronautics and Space Administration Electronic Parts and Packaging (NEPP) Program. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not constitute or imply its endorsement by the United States Government or the Jet Propulsion Laboratory, California Institute of Technology. ©2013. California Institute of Technology. Government sponsorship acknowledged. ii TABLE OF CONTENTS 1.0 Introduction ............................................................................................................................................................ 1 2.0 MRAM Technology ................................................................................................................................................ 2 2.1
    [Show full text]
  • The Effects of Repeated Refresh Cycles on the Oxide Integrity of EEPROM Memories at High Temperature by Lynn Reed and Vema Reddy Tekmos, Inc
    The Effects of Repeated Refresh Cycles on the Oxide Integrity of EEPROM Memories at High Temperature By Lynn Reed and Vema Reddy Tekmos, Inc. 4120 Commercial Center Drive, #400, Austin, TX 78744 [email protected], [email protected] Abstract Data retention in stored-charge based memories, such as Flash and EEPROMs, decreases with increasing temperature. Compensation for this shortening of retention time can be accomplished by refreshing the data using periodic erase-write refresh cycles, although the number of these cycles is limited by oxide integrity. An alternate approach is to use refresh cycles consisting of a rewrite only cycles, without the prior erase cycle. The viability of this approach requires that this refresh cycle induces less damage than an erase-write cycle. This paper studies the effects of repeated refresh cycles on oxide integrity in a high temperature environment and makes comparisons to the damage caused by erase-write cycles. The experiment consisted of running a large number of refresh cycles on a selected byte. The control group was other bytes which were not subjected to refresh only cycles. The oxide integrity was checked by performing repeated erase-write cycles on each of the two groups to determine if the refresh cycles decreased the number of erase-write cycles before failure. Data was collected from multiple parts, with different numbers of refresh cycles, and at temperatures ranging from 25C to 190C. The experiment was conducted on microcontrollers containing embedded EEPROM memories. The microcontrollers were programmed to test and measure their own memories, and to report the results to an external controller.
    [Show full text]
  • A Modern Primer on Processing in Memory
    A Modern Primer on Processing in Memory Onur Mutlua,b, Saugata Ghoseb,c, Juan Gomez-Luna´ a, Rachata Ausavarungnirund SAFARI Research Group aETH Z¨urich bCarnegie Mellon University cUniversity of Illinois at Urbana-Champaign dKing Mongkut’s University of Technology North Bangkok Abstract Modern computing systems are overwhelmingly designed to move data to computation. This design choice goes directly against at least three key trends in computing that cause performance, scalability and energy bottlenecks: (1) data access is a key bottleneck as many important applications are increasingly data-intensive, and memory bandwidth and energy do not scale well, (2) energy consumption is a key limiter in almost all computing platforms, especially server and mobile systems, (3) data movement, especially off-chip to on-chip, is very expensive in terms of bandwidth, energy and latency, much more so than computation. These trends are especially severely-felt in the data-intensive server and energy-constrained mobile systems of today. At the same time, conventional memory technology is facing many technology scaling challenges in terms of reliability, energy, and performance. As a result, memory system architects are open to organizing memory in different ways and making it more intelligent, at the expense of higher cost. The emergence of 3D-stacked memory plus logic, the adoption of error correcting codes inside the latest DRAM chips, proliferation of different main memory standards and chips, specialized for different purposes (e.g., graphics, low-power, high bandwidth, low latency), and the necessity of designing new solutions to serious reliability and security issues, such as the RowHammer phenomenon, are an evidence of this trend.
    [Show full text]
  • Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
    Drammer: Deterministic Rowhammer Attacks on Mobile Platforms Victor van der Veen Yanick Fratantonio Martina Lindorfer Vrije Universiteit Amsterdam UC Santa Barbara UC Santa Barbara [email protected] [email protected] [email protected] Daniel Gruss Clémentine Maurice Giovanni Vigna Graz University of Technology Graz University of Technology UC Santa Barbara [email protected] [email protected] [email protected] Herbert Bos Kaveh Razavi Cristiano Giuffrida Vrije Universiteit Amsterdam Vrije Universiteit Amsterdam Vrije Universiteit Amsterdam [email protected] [email protected] [email protected] ABSTRACT 1. INTRODUCTION Recent work shows that the Rowhammer hardware bug can The Rowhammer hardware bug allows an attacker to mod- be used to craft powerful attacks and completely subvert a ify memory without accessing it, simply by repeatedly ac- system. However, existing efforts either describe probabilis- cessing, i.e., \hammering", a given physical memory loca- tic (and thus unreliable) attacks or rely on special (and often tion until a bit in an adjacent location flips. Rowhammer unavailable) memory management features to place victim has been used to craft powerful attacks that bypass all cur- objects in vulnerable physical memory locations. Moreover, rent defenses and completely subvert a system [16,32,35,47]. prior work only targets x86 and researchers have openly won- Until now, the proposed exploitation techniques are either dered whether Rowhammer attacks on other architectures, probabilistic [16,35] or rely on special memory management such as ARM, are even possible. features such as memory deduplication [32], MMU paravir- We show that deterministic Rowhammer attacks are feasi- tualization [47], or the pagemap interface [35].
    [Show full text]
  • Throwhammer: Rowhammer Attacks Over the Network and Defenses
    Throwhammer: Rowhammer Attacks over the Network and Defenses Andrei Tatar Radhesh Krishnan Konoth Elias Athanasopoulos VU Amsterdam VU Amsterdam University of Cyprus Cristiano Giuffrida Herbert Bos Kaveh Razavi VU Amsterdam VU Amsterdam VU Amsterdam Abstract never progressed beyond local privilege escalations or sandbox escapes. The attacker needs the ability to run Increasingly sophisticated Rowhammer exploits allow an code on the victim machine in order to flip bits in sen- attacker that can execute code on a vulnerable system sitive data. Hence, Rowhammer posed little threat from to escalate privileges and compromise browsers, clouds, attackers without code execution on the victim machines. and mobile systems. In all these attacks, the common In this paper, we show that this is no longer true and at- assumption is that attackers first need to obtain code tackers can flip bits by only sending network packets to execution on the victim machine to be able to exploit a victim machine connected to RDMA-enabled networks Rowhammer either by having (unprivileged) code exe- commonly used in clouds and data centers [1, 20, 45, 62]. cution on the victim machine or by luring the victim to a website that employs a malicious JavaScript applica- Rowhammer exploits today Rowhammer allows at- tion. In this paper, we revisit this assumption and show tackers to flip a bit in one physical memory location that an attacker can trigger and exploit Rowhammer bit by aggressively reading (or writing) other locations (i.e., flips directly from a remote machine by only sending hammering). As bit flips occur at the physical level, they network packets.
    [Show full text]
  • Can Microkernels Mitigate Microarchitectural Attacks?⋆
    Can Microkernels Mitigate Microarchitectural Attacks?? Gunnar Grimsdal1, Patrik Lundgren2, Christian Vestlund3, Felipe Boeira1, and Mikael Asplund1[0000−0003−1916−3398] 1 Department of Computer and Information Science, Link¨oping University, Sweden ffelipe.boeira,[email protected] 2 Westermo Network Technologies [email protected] 3 Sectra AB, Link¨oping,Sweden Abstract. Microarchitectural attacks such as Meltdown and Spectre have attracted much attention recently. In this paper we study how effec- tive these attacks are on the Genode microkernel framework using three different kernels, Okl4, Nova, and Linux. We try to answer the question whether the strict process separation provided by Genode combined with security-oriented kernels such as Okl4 and Nova can mitigate microar- chitectural attacks. We evaluate the attack effectiveness by measuring the throughput of data transfer that violates the security properties of the system. Our results show that the underlying side-channel attack Flush+Reload used in both Meltdown and Spectre, is effective on all in- vestigated platforms. We were also able to achieve high throughput using the Spectre attack, but we were not able to show any effective Meltdown attack on Okl4 or Nova. Keywords: Genode, Meltdown, Spectre, Flush+Reload, Okl4, Nova 1 Introduction It used to be the case that general-purpose operating systems were mostly found in desktop computers and servers. However, as IoT devices are becoming in- creasingly more sophisticated, they tend more and more to require a powerful operating system such as Linux, since otherwise all basic services must be im- plemented and maintained by the device developers. At the same time, security has become a prime concern both in IoT and in the cloud domain.
    [Show full text]