Defeating software mitigations against rowhammer: A surgical precision hammer

Andrei Tatar*, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

496 Downloads (Pure)

Abstract

With software becoming harder to compromise due to modern defenses, attackers are increasingly looking at exploiting hardware vulnerabilities such as Rowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software defenses make about memory addressing are inaccurate. Specifically, we show that physical address space is often not contiguously mapped to DRAM address space, allowing attackers to trigger Rowhammer corruptions despite active software defenses. We develop RAMSES, a software library modeling end-to-end memory addressing, relying on public documentation, where available, and reverse-engineered models otherwise. RAMSES improves existing software-only Rowhammer defenses and also improves attacks by orders of magnitude, as we show in our evaluation. We use RAMSES to build Hammertime, an open-source suite of tools for studying Rowhammer properties affecting attacks and defenses, which we release as open-source software.

Original languageEnglish
Title of host publicationResearch in Attacks, Intrusions, and Defenses
Subtitle of host publication21st International Symposium, RAID 2018, Proceedings
EditorsMichael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
PublisherSpringer/Verlag
Pages47-66
Number of pages20
ISBN (Electronic)9783030004705
ISBN (Print)9783030004699
DOIs
Publication statusPublished - 2018
Event21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece
Duration: 10 Sept 201812 Sept 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11050
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
Country/TerritoryGreece
CityHeraklion
Period10/09/1812/09/18

Funding

FundersFunder number
Horizon 2020 Framework Programme825377, 786669

    Keywords

    • DRAM geometry
    • Hammertime
    • Rowhammer

    Fingerprint

    Dive into the research topics of 'Defeating software mitigations against rowhammer: A surgical precision hammer'. Together they form a unique fingerprint.

    Cite this