TY - GEN
T1 - Defeating software mitigations against rowhammer
T2 - 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
AU - Tatar, Andrei
AU - Giuffrida, Cristiano
AU - Bos, Herbert
AU - Razavi, Kaveh
PY - 2018
Y1 - 2018
N2 - With software becoming harder to compromise due to modern defenses, attackers are increasingly looking at exploiting hardware vulnerabilities such as Rowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software defenses make about memory addressing are inaccurate. Specifically, we show that physical address space is often not contiguously mapped to DRAM address space, allowing attackers to trigger Rowhammer corruptions despite active software defenses. We develop RAMSES, a software library modeling end-to-end memory addressing, relying on public documentation, where available, and reverse-engineered models otherwise. RAMSES improves existing software-only Rowhammer defenses and also improves attacks by orders of magnitude, as we show in our evaluation. We use RAMSES to build Hammertime, an open-source suite of tools for studying Rowhammer properties affecting attacks and defenses, which we release as open-source software.
AB - With software becoming harder to compromise due to modern defenses, attackers are increasingly looking at exploiting hardware vulnerabilities such as Rowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software defenses make about memory addressing are inaccurate. Specifically, we show that physical address space is often not contiguously mapped to DRAM address space, allowing attackers to trigger Rowhammer corruptions despite active software defenses. We develop RAMSES, a software library modeling end-to-end memory addressing, relying on public documentation, where available, and reverse-engineered models otherwise. RAMSES improves existing software-only Rowhammer defenses and also improves attacks by orders of magnitude, as we show in our evaluation. We use RAMSES to build Hammertime, an open-source suite of tools for studying Rowhammer properties affecting attacks and defenses, which we release as open-source software.
KW - DRAM geometry
KW - Hammertime
KW - Rowhammer
UR - http://www.scopus.com/inward/record.url?scp=85053930094&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85053930094&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-00470-5_3
DO - 10.1007/978-3-030-00470-5_3
M3 - Conference contribution
AN - SCOPUS:85053930094
SN - 9783030004699
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 47
EP - 66
BT - Research in Attacks, Intrusions, and Defenses
A2 - Bailey, Michael
A2 - Ioannidis, Sotiris
A2 - Stamatogiannakis, Manolis
A2 - Holz, Thorsten
PB - Springer/Verlag
Y2 - 10 September 2018 through 12 September 2018
ER -