When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks

Misiker Tadesse Aga, Zelalem Birhanu Aweke, T. Austin
{"title":"When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks","authors":"Misiker Tadesse Aga, Zelalem Birhanu Aweke, T. Austin","doi":"10.1109/HST.2017.7951730","DOIUrl":null,"url":null,"abstract":"The rowhammer vulnerability, where repeated accesses to a DRAM row can speed the discharge of neighboring bits, has emerged as a significant security concern in the computing industry. To address the problem, computer and software vendors have: i) doubled DRAM refresh rates, ii) restricted access to virtual-to-physical page mappings, and iii) disabled access to cache-flush operations in sandboxed environments. While recent efforts have shown how to overcome each of these protections individually, machines today are protected from rowhammer attacks if they employ all three of these protections simultaneously. In this paper, we demonstrate the first rowhammer attack that overcomes all three of these protections when used in tandem. Our attack is a virtual-memory based cache-flush free attack that is sufficiently fast to rowhammer with double rate refresh. The most astonishing aspect of our attack is that it is enabled by the recently introduced Cache Allocation Technology, a mechanism designed in part to protect virtual machines from inter-VM denial-of-service attacks. The subtext of this paper asks the question: “Is there any hope for system security, when the protections for one attack enable yet another?” We claim that the solution to this conundrum lies in the approach taken to protecting systems. Adopting a subtractive approach to secure systems, in contrast to additive measures, could go a long way toward building provably secure systems.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2017.7951730","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 40

Abstract

The rowhammer vulnerability, where repeated accesses to a DRAM row can speed the discharge of neighboring bits, has emerged as a significant security concern in the computing industry. To address the problem, computer and software vendors have: i) doubled DRAM refresh rates, ii) restricted access to virtual-to-physical page mappings, and iii) disabled access to cache-flush operations in sandboxed environments. While recent efforts have shown how to overcome each of these protections individually, machines today are protected from rowhammer attacks if they employ all three of these protections simultaneously. In this paper, we demonstrate the first rowhammer attack that overcomes all three of these protections when used in tandem. Our attack is a virtual-memory based cache-flush free attack that is sufficiently fast to rowhammer with double rate refresh. The most astonishing aspect of our attack is that it is enabled by the recently introduced Cache Allocation Technology, a mechanism designed in part to protect virtual machines from inter-VM denial-of-service attacks. The subtext of this paper asks the question: “Is there any hope for system security, when the protections for one attack enable yet another?” We claim that the solution to this conundrum lies in the approach taken to protecting systems. Adopting a subtractive approach to secure systems, in contrast to additive measures, could go a long way toward building provably secure systems.
当好的保护失效时:利用反dos措施加速恶意攻击
rowhammer漏洞,即对DRAM行的重复访问可以加速相邻位的释放,已经成为计算行业的一个重要安全问题。为了解决这个问题,计算机和软件供应商已经:i)将DRAM刷新率提高一倍,ii)限制对虚拟到物理页面映射的访问,以及iii)在沙盒环境中禁用对缓存刷新操作的访问。虽然最近的研究表明了如何单独克服这三种保护措施,但今天的机器如果同时采用这三种保护措施,就可以免受打滑锤攻击。在本文中,我们演示了当串联使用时克服所有这三种保护的第一个滚锤攻击。我们的攻击是一种基于虚拟内存的缓存刷新自由攻击,它足够快,可以用双倍的刷新率进行刷新。我们的攻击最令人惊讶的方面是,它是由最近引入的缓存分配技术启用的,这种机制部分是为了保护虚拟机免受虚拟机之间的拒绝服务攻击。这篇文章的潜台词提出了这样一个问题:“当对一种攻击的保护使另一种攻击成为可能时,系统安全还有希望吗?”我们认为解决这个难题的方法在于保护系统的方法。采用减法的方法来确保系统的安全,而不是采用加法的方法,可以在构建可证明的安全系统方面走很长的路。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信