Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests

Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clementine Maurice, Daniel Gruss

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

In this paper, we present Nethammer, a remote Rowhammer attack without a single attacker-controlled line of code on the targeted system, i.e., not even JavaScript. Nethammer works on commodity consumer-grade systems that either are protected with quality-of-service techniques like Intel CAT or that use uncached memory, flush instructions, or non-temporal instructions while handling network requests (e.g., for interaction with the network device). We demonstrate that the frequency of the cache misses is in all three cases high enough to induce bit flips. Our evaluation showed that depending on the location, the bit flip compromises either the security and integrity of the system and the data of its users, or it can leave persistent damage on the system, i.e., persistent denial of service. We invalidate threat models of Rowhammer defenses building upon the assumption of a local attacker. Consequently, we show that most state-of-the-art defenses have no effect on our attack. In particular, we demonstrate that target-row-refresh (TRR) implemented in DDR4 has no aggravating effect on local or remote Rowhammer attacks.
Originalspracheenglisch
Titel2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
Herausgeber (Verlag)Institute of Electrical and Electronics Engineers
Seiten710-719
Seitenumfang10
ISBN (elektronisch)9781728185972
DOIs
PublikationsstatusVeröffentlicht - Sep 2020
Veranstaltung5th IEEE European Symposium on Security and Privacy: SILM Workshop - Virtual, Italien
Dauer: 7 Sep 202011 Sep 2020

Konferenz

Konferenz5th IEEE European Symposium on Security and Privacy
KurztitelEuroS&P 2020
LandItalien
OrtVirtual
Zeitraum7/09/2011/09/20

ASJC Scopus subject areas

  • !!Computer Networks and Communications
  • !!Information Systems and Management
  • !!Safety, Risk, Reliability and Quality

Fingerprint

Untersuchen Sie die Forschungsthemen von „Nethammer: Inducing Rowhammer Faults through Network Requests: Inducing Rowhammer Faults through Network Requests“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren