Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests

Moritz Lipp; Michael Schwarz; Lukas Raab; Lukas Lamster; Misiker Tadesse Aga; Clementine Maurice; Daniel Gruss

doi:10.1109/EuroSPW51379.2020.00102

Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests

Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clementine Maurice, Daniel Gruss

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses have no effect on our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.

Originalsprache	englisch
Titel	2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Herausgeber (Verlag)	Institute of Electrical and Electronics Engineers
Seiten	710-719
Seitenumfang	10
ISBN (elektronisch)	9781728185972
DOIs	https://doi.org/10.1109/EuroSPW51379.2020.00102
Publikationsstatus	Veröffentlicht - Sept. 2020
Veranstaltung	5th IEEE European Symposium on Security and Privacy: SILM Workshop - Virtual, Italien Dauer: 7 Sept. 2020 → 11 Sept. 2020

Konferenz

Konferenz	5th IEEE European Symposium on Security and Privacy
Kurztitel	EuroS&P 2020
Land/Gebiet	Italien
Ort	Virtual
Zeitraum	7/09/20 → 11/09/20

ASJC Scopus subject areas

Computernetzwerke und -kommunikation
Informationssysteme und -management
Sicherheit, Risiko, Zuverlässigkeit und Qualität

Zugriff auf Dokument

10.1109/EuroSPW51379.2020.00102

Andere Dateien und Links

http://www.scopus.com/inward/record.url?scp=85097050725&partnerID=8YFLogxK

Dessnet - Zuverlässige, sichere und zeitnahe Sensornetzwerke
Mangard, S., Glanzer, C., Görtschacher, L. J., Bösch, W., Grosinger, J., Fischbacher, R. B., Deutschmann, B. & Shetty, D.
1/06/17 → 31/07/21
Projekt: Forschungsprojekt
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
Mangard, S.
1/09/16 → 31/08/21
Projekt: Forschungsprojekt

Dieses zitieren

Lipp, M., Schwarz, M., Raab, L., Lamster, L., Aga, M. T., Maurice, C., & Gruss, D. (2020). Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests. in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (S. 710-719). Artikel 9229701 Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/EuroSPW51379.2020.00102

Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests. / Lipp, Moritz; Schwarz, Michael; Raab, Lukas et al.
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). Institute of Electrical and Electronics Engineers, 2020. S. 710-719 9229701.

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Lipp, M, Schwarz, M, Raab, L, Lamster, L, Aga, MT, Maurice, C & Gruss, D 2020, Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests. in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)., 9229701, Institute of Electrical and Electronics Engineers, S. 710-719, 5th IEEE European Symposium on Security and Privacy, Virtual, Italien, 7/09/20. https://doi.org/10.1109/EuroSPW51379.2020.00102

@inproceedings{c3cb5cbe1fee432a925e79a78e58c1e0,

title = "Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests",

abstract = "In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses have no effect on our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.",

keywords = "Fault Attack, Rowhammer, TRR",

author = "Moritz Lipp and Michael Schwarz and Lukas Raab and Lukas Lamster and Aga, {Misiker Tadesse} and Clementine Maurice and Daniel Gruss",

year = "2020",

month = sep,

doi = "10.1109/EuroSPW51379.2020.00102",

language = "English",

pages = "710--719",

booktitle = "2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "5th IEEE European Symposium on Security and Privacy : SILM Workshop , EuroS&P 2020 ; Conference date: 07-09-2020 Through 11-09-2020",

}

TY - GEN

T1 - Nethammer: Inducing Rowhammer Faults through Network Requests

T2 - 5th IEEE European Symposium on Security and Privacy

AU - Lipp, Moritz

AU - Schwarz, Michael

AU - Raab, Lukas

AU - Lamster, Lukas

AU - Aga, Misiker Tadesse

AU - Maurice, Clementine

AU - Gruss, Daniel

PY - 2020/9

Y1 - 2020/9

N2 - In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses have no effect on our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.

AB - In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses have no effect on our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.

KW - Fault Attack

KW - Rowhammer

KW - TRR

UR - http://www.scopus.com/inward/record.url?scp=85097050725&partnerID=8YFLogxK

U2 - 10.1109/EuroSPW51379.2020.00102

DO - 10.1109/EuroSPW51379.2020.00102

M3 - Conference paper

AN - SCOPUS:85097050725

SP - 710

EP - 719

BT - 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

PB - Institute of Electrical and Electronics Engineers

Y2 - 7 September 2020 through 11 September 2020

ER -

Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests

Abstract

Konferenz

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Projekte

Dessnet - Zuverlässige, sichere und zeitnahe Sensornetzwerke

EU - SOPHIA - Absicherung von Software gegen Physische Angriffe

Dieses zitieren