Exploiting correcting codes: On the effectiveness of ECC memory against rowhammer attacks

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Given the increasing impact of Rowhammer, and the dearth of adequate other hardware defenses, many in the security community have pinned their hopes on error-correcting code (ECC) memory as one of the few practical defenses against Rowhammer attacks. Specifically, the expectation is that the ECC algorithm will correct or detect any bits they manage to flip in memory in real-world settings. However, the extent to which ECC really protects against Rowhammer is an open research question, due to two key challenges. First, the details of the ECC implementations in commodity systems are not known. Second, existing Rowhammer exploitation techniques cannot yield reliable attacks in presence of ECC memory. In this paper, we address both challenges and provide concrete evidence of the susceptibility of ECC memory to Rowhammer attacks. To address the first challenge, we describe a novel approach that combines a custom-made hardware probe, Rowhammer bit flips, and a cold boot attack to reverse engineer ECC functions on commodity AMD and Intel processors. To address the second challenge, we present ECCploit, a new Rowhammer attack based on composable, data-controlled bit flips and a novel side channel in the ECC memory controller. We show that, while ECC memory does reduce the attack surface for Rowhammer, ECCploit still allows an attacker to mount reliable Rowhammer attacks against vulnerable ECC memory on a variety of systems and configurations. In addition, we show that, despite the non-trivial constraints imposed by ECC, ECCploit can still be powerful in practice and mimic the behavior of prior Rowhammer exploits.

Original languageEnglish
Title of host publication2019 IEEE Symposium on Security and Privacy, SP 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages55-71
Number of pages17
ISBN (Electronic)9781538666609
DOIs
Publication statusPublished - 16 Sep 2019
Event40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States
Duration: 19 May 201923 May 2019

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2019-May
ISSN (Print)1081-6011

Conference

Conference40th IEEE Symposium on Security and Privacy, SP 2019
CountryUnited States
CitySan Francisco
Period19/05/1923/05/19

Keywords

  • Ecc
  • Hardware
  • Rowhammer
  • Security

Fingerprint Dive into the research topics of 'Exploiting correcting codes: On the effectiveness of ECC memory against rowhammer attacks'. Together they form a unique fingerprint.

Cite this