Know thy Neighbor: DRAM Addressing and System Security

Modern computers make extensive use of subsystems designed to be completely transparent to software. These so-called microarchitectural subsystems are often shared between programs running concurrently on the machine—shared, unknowingly, across privilege domains. This invisible sharing opens the door to unwanted, and often unforeseen, interactions. Malicious actors manage to manipulate these interactions to spy on the actions of other programs through what are known as side channels, thereby breaking confidentiality, or to meaningfully influence system behavior beyond their authority, compromising the system’s integrity or availability, all without relying on software bugs. Complete compromise of security being a very undesirable outcome, in-place software defenses have been developed to bridge the gap and protect systems until hardware can be updated with a more permanent fix. Both attacks and defenses, however, work by interacting with the intricacies of microarchitecture, and thus have their effectiveness dictated by how well they understand the systems they are manipulating. In this thesis we examine what assumptions these microarchitectural attacks and defenses make about the hardware they are running on and contrast it against reality, with a particular focus on memory addressing. We at first show how currently employed heuristics, despite being considered “good enough”, are far from optimal. In tandem, we implement and evaluate attacks and defenses that employ a much more faithful model of the underlying hardware. We first look at Rowhammer—a long known DRAM defect cleverly repurposed into an unmitigated attack vector—and the ecosystem of attacks and defenses surrounding it, as here the intricacies of memory addressing play a pivotal role. On the attacker’s side we show how faithfully modeling DRAM addressing improves speed and effectiveness by orders of magnitude compared to the state of the art, strongly suggesting that our current threat models are overly optimistic. Additionally, these more targeted and precise attacks make new exploitation vectors practically feasible. Taking a look at defenses, we show how they are undermined by holes and inaccuracies in their crude models of hardware, and how a skilled attacker can completely bypass them. On the other hand, applying a more faithful and precise memory addressing model to defense design yields better, more robust defenses, as well as novel designs that rely on said precision. Our second target is the Translation Lookaside Buffer (or TLB), a crucial component of modern memory addressing tasked with caching virtual to physical address translations, greatly reducing or nearly eliminating the performance cost of virtual memory. The TLB’s role as a shared resource between hardware threads, or even shared between time-multiplexed tasks on the same thread, makes it a natural target for prospective side channels. In addition, due to its caching of address translations—and, therefore, control over whether a lookup will occur or not—the TLB is a key part in exploits that aim to trigger page table lookups, where evicting (part of) the TLB is a common challenge. Despite its central role in many exploits, the behavior of common modern TLBs is very poorly understood. We improve on this front with an extensive reverse engineering effort that makes use of properties unique to the TLB, unearthing many previously undocumented behaviors in the TLBs of several modern commodity processors. Among our findings are the replacement policies of individual TLB components—the rules by which entries are picked for eviction. This allows us to build finite state machine models that can precisely describe the evolution of TLB state over time, that we then use to examine the problem of adversarial eviction. We use our models to build optimal eviction sets and consequently improve both side channels and page table attacks by significant margins.