Flip Feng Shui: Hammering a Needle in the Software Stack

K. Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, H.J. Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on hardware bugs to induce bit flips over memory and on the ability to surgically control the physical memory layout to corrupt attacker-targeted data anywhere in the software stack. We show FFS is possible today with very few constraints on the target data, by implementing an instance using the Rowhammer bug and memory deduplication (an OS feature widely deployed in production). Memory deduplication allows an attacker to reverse-map any physical page into a virtual page she owns as long as the page’s contents are known. Rowhammer, in turn, allows an attacker to flip bits in controlled (initially unknown) locations in the target page.

We show FFS is extremely powerful: a malicious VM in a practical cloud setting can gain unauthorized access to a co-hosted victim VM running OpenSSH. Using FFS, we exemplify end-to-end attacks breaking OpenSSH public-key authentication, and forging GPG signatures from trusted keys, thereby compromising the Ubuntu/Debian update mechanism. We conclude by discussing mitigations and future directions for FFS attacks.
Original languageEnglish
Title of host publication25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016
PublisherUSENIX
ISBN (Electronic)978-1-931971-32-4
Publication statusPublished - 2016

Fingerprint

Dive into the research topics of 'Flip Feng Shui: Hammering a Needle in the Software Stack'. Together they form a unique fingerprint.

Cite this