Cache Attacks and Rowhammer on ARM

Moritz Lipp

Cache Attacks and Rowhammer on ARM

Moritz Lipp

Institute of Applied Information Processing and Communications (7050)

Research output: Thesis › Master's Thesis

Abstract

In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.

Original language	English
Supervisors/Advisors	Gruss, Daniel, Supervisor
Publication status	Published - 2016

Keywords

side-channel attacks
cache attacks
rowhammer
mobile platforms
arm
prime+probe
flush+reload
evict+reload
flush+flush
Cross-CPU attack

Cite this

@mastersthesis{210e95ddcf0043acb1fa9c00d8525848,

title = "Cache Attacks and Rowhammer on ARM",

abstract = "In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.",

keywords = "side-channel attacks, cache attacks, rowhammer, mobile platforms, arm, prime+probe, flush+reload, evict+reload, flush+flush, Cross-CPU attack",

author = "Moritz Lipp",

year = "2016",

language = "English",

}

TY - THES

T1 - Cache Attacks and Rowhammer on ARM

AU - Lipp, Moritz

PY - 2016

Y1 - 2016

N2 - In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.

AB - In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.

KW - side-channel attacks

KW - cache attacks

KW - rowhammer

KW - mobile platforms

KW - arm

KW - prime+probe

KW - flush+reload

KW - evict+reload

KW - flush+flush

KW - Cross-CPU attack

M3 - Master's Thesis

ER -

Cache Attacks and Rowhammer on ARM

Abstract

Keywords

Fingerprint

Cite this