2016−05−04

Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript

Donny Nadolny donny@pagerduty.com / donny.nadolny@gmail.com Papers We Love, May 2016 Paper by Daniel Gruss, Clémentine Maurice, and Stefan Mangard

2016−05−04ROWHAMMER.JS

• Software-exploitable hardware flaw • Cause bit flips in memory

• Can be exploited to get root on a machine, escape from a JVM, break out of a browser

Rowhammer - Impact

2016−05−04ROWHAMMER.JS

• DRAM • Vulnerable to rowhammer (110 / 129 modules tested)

• Most RAM is DRAM • SRAM

• Not vulnerable • Used in your CPU cache

Rowhammer - What’s Affected

2016−05−04ROWHAMMER.JS

DRAM - Simplified One Bit Cell

Transistor

Capacitor

Ground

Sense amplifier

Latch (buffer)

2016−05−04ROWHAMMER.JS

• Capacitor charge decays over time • Need to refresh

• Reading a row causes adjacent rows to leak their charge at an increased rate

DRAM - 4x4

2016−05−04ROWHAMMER.JS

1 code1a: 2 mov (X), %eax 3 mov (Y), %ebx 4 clflush (X) 5 clflush (Y) 6 mfence 7 jmp code1a

Rowhammer (Assembly)

2016-05-03MAKING PAGERDUTY MORE RELIABLE USING PXC

Exploiting Rowhammer

2016−05−04ROWHAMMER.JS

Virtual MemoryPhysical MemoryProcess 1 Virtual Memory

Process 2 Virtual Memory

2016−05−04ROWHAMMER.JS

Virtual MemoryPhysical MemoryProcess 1 Virtual Memory

Process 2 Virtual Memory

Page Table Entry

Physical Address Flags

2016−05−04ROWHAMMER.JS

Filling MemoryPhysical MemoryProcess 1 Virtual Memory

2016−05−04ROWHAMMER.JS

Filling Memory - Bit Flip In PTEPhysical MemoryProcess 1 Virtual Memory

2016−05−04ROWHAMMER.JS

Filling Memory - Change Your PTEPhysical MemoryProcess 1 Virtual Memory

2016-05-03MAKING PAGERDUTY MORE RELIABLE USING PXC

Rowhammer.js - no clflush

2016−05−04ROWHAMMER.JS

• Target memory address p • Access other memory addresses so that p is evicted from cache,

then accessing p will hit memory, repeat

• Naive approach: access sizeof(cache), then p

Rowhammering without clflush

2016−05−04ROWHAMMER.JS

• CPU cache is a fixed size array • Direct mapped, set associative, fully associative

• Barriers for attacking set associative caches: • Undocumented addressing function

• Undocumented / proprietary eviction strategy

CPU Cache

2016−05−04ROWHAMMER.JS

1. Add random addresses until target address isn’t cached

Adaptive Eviction Algorithm - Step 1Access p

while cached(p) do

Choose random 64-byte-

aligned address r from eviction buffer

Insert r into eviction list

e twice at two random positions

end

2016−05−04ROWHAMMER.JS

1. Add random addresses until target address isn’t cached

2. Replace all instances of a random address with other addresses in the list until you can’t replace any address

Adaptive Eviction Algorithm - Step 2Set c = 0

while c < |e| and not cached(p) do

Choose random index r in e

Store all indices ri where e[r] = e[ri]

Replace all e[ri] with e[ri - 1]

if cached(p) then

Undo changes for all indices ri

Set c = c + 1

else

Set c = 0

end

end

2016−05−04ROWHAMMER.JS

1. Add random addresses until target address isn’t cached

2. Replace all instances of a random address with other addresses in the list until you can’t replace any address

3. Remove elements one by one until you can’t remove any more

Adaptive Eviction Algorithm - Step 3Set c = 0

while c < |e| and not cached(p) do

Remove random element from e

if cached(p) then

Undo changes

Set c = c + 1

else

Set c = 0

end

end

2016−05−04ROWHAMMER.JS

• Finding a cache eviction memory access sequence: • up to 1 hour for fallback attack

• “a few seconds” for assumption based attack • Finding a useful repeatable bit flip:

• “several hours”

Practicality of Exploiting Rowhammer.js

2016−05−04ROWHAMMER.JS

• Increase refresh rate: Mostly, but bad efficiency (power usage & data transfer)

• ECC (Error Correcting Codes): Nope, just lowers probability • TRR and pTRR ([pseudo] Target Refresh Rate) / PARA

(Probabilistic Adjacent Row Activation): Yes, though requires a hardware change

• ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks: Yes (for all current attacks), but affects performance

Countermeasures

2016−05−04ROWHAMMER.JS

• Rowhammer.js: A Remote Software-Induced Fault Injection Attack in JavaScript

• https://github.com/google/rowhammer-test - Check your machine • https://github.com/IAIK/rowhammerjs - Sorry, no exploit PoC

• ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks - prevention via performance counters

• Using Memory Errors to Attack a Virtual Machine [2003] - JVM

• Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors - original rowhammer paper

Related Papers / Code