锤子攻击的新方法

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2016-05-03 DOI:10.1109/HST.2016.7495576

Rui Qiao, Mark Seaborn

{"title":"锤子攻击的新方法","authors":"Rui Qiao, Mark Seaborn","doi":"10.1109/HST.2016.7495576","DOIUrl":null,"url":null,"abstract":"Rowhammer is a hardware bug identified in recent commodity DRAMs: repeated row activations can cause bit flips in adjacent rows. Rowhammer has been recognized as both a reliability and security issue. And it is a classic example that layered abstractions and trust (in this case, virtual memory) can be broken from hardware level. Previous rowhammer attacks either rely on rarely used special instructions or complicated memory access patterns. In this paper, we propose a new approach for rowhammer that is based on x86 non-temporal instructions. This approach bypasses existing rowhammer defense and is much less constrained for a more challenging task: remote rowhammer attacks, i.e., triggering rowhammer with existing, benign code. Moreover, we extend our approach and identify libc memset and memcpy functions as a new rowhammer primitive. Our discussions on rowhammer protection suggest that it is critical to understand this new threat to be able to defend in depth.","PeriodicalId":194799,"journal":{"name":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"398 2","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"89","resultStr":"{\"title\":\"A new approach for rowhammer attacks\",\"authors\":\"Rui Qiao, Mark Seaborn\",\"doi\":\"10.1109/HST.2016.7495576\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Rowhammer is a hardware bug identified in recent commodity DRAMs: repeated row activations can cause bit flips in adjacent rows. Rowhammer has been recognized as both a reliability and security issue. And it is a classic example that layered abstractions and trust (in this case, virtual memory) can be broken from hardware level. Previous rowhammer attacks either rely on rarely used special instructions or complicated memory access patterns. In this paper, we propose a new approach for rowhammer that is based on x86 non-temporal instructions. This approach bypasses existing rowhammer defense and is much less constrained for a more challenging task: remote rowhammer attacks, i.e., triggering rowhammer with existing, benign code. Moreover, we extend our approach and identify libc memset and memcpy functions as a new rowhammer primitive. Our discussions on rowhammer protection suggest that it is critical to understand this new threat to be able to defend in depth.\",\"PeriodicalId\":194799,\"journal\":{\"name\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"398 2\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"89\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2016.7495576\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2016.7495576","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 89

摘要

Rowhammer是在最近的商品dram中发现的一个硬件错误:重复的行激活可能导致相邻行的位翻转。Rowhammer被认为是一个可靠性和安全性问题。分层抽象和信任(在本例中是虚拟内存)可以从硬件级别分解，这是一个经典的例子。以前的滚锤攻击要么依赖于很少使用的特殊指令，要么依赖于复杂的内存访问模式。在本文中，我们提出了一种基于x86非时序指令的rowhammer新方法。这种方法绕过了现有的rowhammer防御，并且对于更具挑战性的任务(远程rowhammer攻击，即用现有的良性代码触发rowhammer)的约束要小得多。此外，我们扩展了我们的方法，并将libc memset和memcpy函数标识为一个新的rowhammer原语。我们对铲车保护的讨论表明，了解这种新的威胁是至关重要的，以便能够深入防御。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A new approach for rowhammer attacks

Rowhammer is a hardware bug identified in recent commodity DRAMs: repeated row activations can cause bit flips in adjacent rows. Rowhammer has been recognized as both a reliability and security issue. And it is a classic example that layered abstractions and trust (in this case, virtual memory) can be broken from hardware level. Previous rowhammer attacks either rely on rarely used special instructions or complicated memory access patterns. In this paper, we propose a new approach for rowhammer that is based on x86 non-temporal instructions. This approach bypasses existing rowhammer defense and is much less constrained for a more challenging task: remote rowhammer attacks, i.e., triggering rowhammer with existing, benign code. Moreover, we extend our approach and identify libc memset and memcpy functions as a new rowhammer primitive. Our discussions on rowhammer protection suggest that it is critical to understand this new threat to be able to defend in depth.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量