Throwhammer: Rowhammer attacks over the network and defenses

Andrei Tatar, Radhesh Krishnan Konoth, Cristiano Giuffrida, Herbert Bos, Elias Athanasopoulos, Kaveh Razavi

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

58 Downloads (Pure)

Abstract

Increasingly sophisticated Rowhammer exploits allow an attacker that can execute code on a vulnerable system to escalate privileges and compromise browsers, clouds, and mobile systems. In all these attacks, the common assumption is that attackers first need to obtain code execution on the victim machine to be able to exploit Rowhammer either by having (unprivileged) code execution on the victim machine or by luring the victim to a website that employs a malicious JavaScript application. In this paper, we revisit this assumption and show that an attacker can trigger and exploit Rowhammer bit flips directly from a remote machine by only sending network packets. This is made possible by increasingly fast, RDMA-enabled networks, which are in wide use in clouds and data centers. To demonstrate the new threat, we show how a malicious client can exploit Rowhammer bit flips to gain code execution on a remote key-value server application. To counter this threat, we propose protecting unmodified applications with a new buffer allocator that is capable of fine-grained memory isolation in the DRAM address space. Using two real-world applications, we show that this defense is practical, self-contained, and can efficiently stop remote Rowhammer attacks by surgically isolating memory buffers that are exposed to untrusted network input.

Original languageEnglish
Title of host publicationProceedings of the 2018 USENIX Annual Technical Conference (USENIX ATC 2018)
PublisherUSENIX Association
Pages213-225
Number of pages13
ISBN (Electronic)9781939133021
Publication statusPublished - 2020
Event2018 USENIX Annual Technical Conference, USENIX ATC 2018 - Boston, United States
Duration: 11 Jul 201813 Jul 2018

Conference

Conference2018 USENIX Annual Technical Conference, USENIX ATC 2018
Country/TerritoryUnited States
CityBoston
Period11/07/1813/07/18

Funding

We would like to thank the anonymous reviewers for their valuable feedback. This work was supported in part by the MALPAY project and in part by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI “Dowsing”, NWO 639.021.753 VENI “PantaRhei”, and NWO 629.002.204 “Parallax”.

FundersFunder number
MALPAY
NWO 629.002.204
NWO 639.021.753 VENI
NWO 639.023.309 VICI639.023.309 VICI
Nederlandse Organisatie voor Wetenschappelijk OnderzoekNWO, 629.002.204

    Fingerprint

    Dive into the research topics of 'Throwhammer: Rowhammer attacks over the network and defenses'. Together they form a unique fingerprint.

    Cite this