Περίληψη: | The increasing capacity of main memory systems has driven to continuous DRAM scaling. The high DRAM density increases the coupling between adjacent DRAM cells, thereby exacerbating RAM failures and worsening the RAM cell reliability. This thesis investigates the reliability issue and security implications of the rowhammer bug where repeated accesses to DRAM rows can cause bit flips in an adjacent row. The bug occurs in most of today’s DDR modules with fatal consequences for security. The fundamental software security assumption that a memory location can be written only from a process with write access as a guarantee that memory contents do not change unless it is a legitimate modification is easily broken when high-frequency memory location accesses to a row can modify the data contained in an adjacent memory region. Since the initial discovery of this security issue, many previous studies have implemented several attacks that leverage rowhammer by exploiting the memory corruption on sensitive data.
Under the light of the above danger, in this thesis, an overview of this type of attack is discussed, including attacks, threat directives, and countermeasures. The goal of this research is to exhaustively overview attacks and countermeasures in order to survey the possibility of various existing attack directions and highlight the security risks they can pose to different kind of systems. We propose a specific exploitation vector methodology for rowhammer and summarize all existing attacks techniques under the three vector primitives: discover the under attack memory information, choose a method to directly access DRAM and find a location to hammer.The study aims to provide a guide that can be used to reveal new attacks when combining different techniques for each primitive.
Previous researches have demonstrated that the exploits are not only effective against desktop computers or clouds but also against mobile devices, without relying on any software vulnerability. We focus on the study of the attack against ARM architectures by implementing our own attack in native code on an LG Nexus 5 Android device. We carry out our own version of
the Phys Feng Shui technique, identifying the most crucial and prominent issues emerging from implementing on a real system.
|