Description
Rowhammer is a vulnerability still plaguing DRAM 10 years after its discovery. With CSI:Rowhammer, we proposed a new generic approach to Rowhammer mitigations. The design idea is to not focus on any supposed characteristics of Rowhammer but to provide cryptographically secure integrity (CSI) protection for all data in the DRAM. Basing a mitigation on known vulnerability characteristics involves the risk that the mitigation can be circumvented due to new, previously unknown effects. With Rowhammer, this was the case with the discovery of one-location Rowhammer, later again with half-double Rowhammer, and just recently with RowPress. RowPress flips bits in memory, exploiting a different underlying effect than Rowhammer by keeping rows open as long as possible.In our second paper, PressHammer, we further investigate RowPress and compare it to one-location Rowhammer. One-location Rowhammer appears to be very similar to RowPress. However, the analysis in the respective two papers come to different conclusions on the underlying effect that causes bit flips. In PressHammer, we show that actually both papers are right and one-location Rowhammer causes bit flips due to both effects simultaneously. Finally, we show the first exploit on operating system page tables using the RowPress pattern. It requries only very little knowledge about the DRAM mapping that we reverse engineer using a side channel. We can exploit a system in under 10 minutes on average.
Period | 16 Jul 2024 |
---|---|
Event title | SAFARI Live Seminars |
Event type | Seminar |
Location | Zürich, SwitzerlandShow on map |
Degree of Recognition | International |
Related content
-
Publications
-
Presshammer: Rowhammer and Rowpress without Physical Address Information
Research output: Chapter in Book/Report/Conference proceeding › Conference paper
-
Half-Double: Hammering From the Next Row Over
Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review
-
CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer
Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review