Огляд апаратних вразливостей вбудованих систем на прикладі Rowhammer.
Ключові слова:
вразливості вбудованих систем, rowhammer, dram пам’ять, архітектура х86.
Анотація
У статті розглянуто вразливості вбудованих систем на прикладі Rowhammer. Розкрито суть вразливості та способи її використання для вчинення протиправних дій. Також описано особливості цієї вразливості на пристроях з архітектурою х86 та розглянуто декілька можливих способів атаки.
Посилання
Enhancing Critical Infrastructure Protection with Innovative SECurity Framework (CIPSEC). H2020 European Project. Available online: www.cipsec.eu (accessed on 28 March 2017).
Challener, D.; Yoder, K.; Catherman, R.; Safford, D.; Van Doorn, L. A Practical Guide to Trusted Computing; IBM Press: Indianapolis, IN, USA, 2007.
Trusted Computing Group. TCG TPM Specification Version 2.0; Trusted Computing Group: Beaverton, OR, USA, 2014.
ARM. ARMTrustZone. Available online: https://www.arm.com/products/security-on-arm/trustzone (accessed on 1 April 2017).
Kim, Y.R.; Daly, J.; Kim, C.; Fallin, J.; Lee, H.; Lee, D.; Wilkerson, C.; Lai, K.; Mutlu, O. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), Minneapolis, MN, USA, 14–18 June 2014
Lanteigne, M. How Rowhammer Could Be Used to Exploit Weakness in Computer Hardware. 2016. Available online: https://www.thirdio.com/rowhammer.pdf (accessed on 1 April 2017).
Van der Veen, V.; Fratantonio, Y.; Lindorfer, M.; Gruss, D.; Maurice, C.; Vigna, G.; Bos, H.; Razavi, K.; Giuffrida, C. Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16), Vienna, Austria, 24–28 October 2016.
Pessl, P.; Gruss, D.; Maurice, C.; Schwarz, M.; Mangard, S. DRAMA: Exploiting DRAM addressing for Cross-CPU attacks. In Proceedings of the USENIX Security Symposium, Austin, TX, USA, 10–12 August 2016.
Bosman, E.; Razavi, K.; Bos, H.; Giuffrida, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In Proceedings of the 2016 IEEE Symposium on Security Privacy, SP 2016, San Jose, MA, USA, 23–25 May 2016; pp. 987–1004.
Seaborn, M.; Dullien, T. Exploting the DRAM rowhammer bug to gain kernel privileges. In Proceedings of the 2016 ACM SIGSAC Conference, Vienna, Austria, 24–28 October 2016.
Qiao, R.; Seaborn, M. A new approach for rowhammer attacks. In Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, USA, 3–5 May 2016.
Aweke, Z.B.; Yitbarek, S.F.; Qiao, R.; Das, R.; Hicks, M.; Oren, Y.; Austin, T. ANVIL: Software-based protection against next-generation rowhammer attacks. In Proceedings of the 21st ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Atlanta, GA, USA, 2–6 April 2016
Moinuddin, K.Q.; Dae-Hyun, K.; Samira, K.; Prashant, J.N.; Onur, M. AVATAR: A variable-retention-time (vrt) aware refresh for dram systems. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Rio de Janeiro, Brazil, 22–25 June 2015
Program for Testing for the DRAM Rowhammer Problem. 2015. Available online: https://github.com/ google/rowhammer-test (accessed on 15 March 2017).
Seaborns, M. How Physical Adressesses Map to Rows and Banks in DRAM. 2015. Available online: http: //lackingrhoticity.blogspot.com/2015/05/how-physical-adresses-map-to-rows-and-banks.html (accessed on 5 April 2017).
Xiao, Y.; Zhang, X.; Teodorescu, R. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilage escalation. In Proceedings of the 25th USENIX Security Symposium, Austin, TX, USA, 10–12 August 2016.
Gruss, D.; Maurice, C.; Mangard, S. Rowhammer.js: A remote software-induced fault attack in javascript. In Proceedings of the 13th Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, 7–8 July 2016
Bhattacharya, S.; Mukhopadhyay, D. Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis. Lect. Notes Comput. Sci. 2016, 9813, 602–624
Salyzyn, M. AOSP Commit 0549ddb9: UPSTREAM: Pagemap: Do Not Leak Physiscal Addresses to Non-Privilahe Userspace. 2015. Available online: http://goo.gl/Qye2MN (accessed on 1 May 2017).
Razai, K.; Gras, B.; Bosman, E.; Preneel, B.; Giuffrida, C.; Bos, H. Flip feng shui: Hammering a needle in the software stack. In Proceedings of the 25th USENIX Security Sympoisium, Austin, TX, USA, 10–12 August 2016.
Challener, D.; Yoder, K.; Catherman, R.; Safford, D.; Van Doorn, L. A Practical Guide to Trusted Computing; IBM Press: Indianapolis, IN, USA, 2007.
Trusted Computing Group. TCG TPM Specification Version 2.0; Trusted Computing Group: Beaverton, OR, USA, 2014.
ARM. ARMTrustZone. Available online: https://www.arm.com/products/security-on-arm/trustzone (accessed on 1 April 2017).
Kim, Y.R.; Daly, J.; Kim, C.; Fallin, J.; Lee, H.; Lee, D.; Wilkerson, C.; Lai, K.; Mutlu, O. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In Proceedings of the ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), Minneapolis, MN, USA, 14–18 June 2014
Lanteigne, M. How Rowhammer Could Be Used to Exploit Weakness in Computer Hardware. 2016. Available online: https://www.thirdio.com/rowhammer.pdf (accessed on 1 April 2017).
Van der Veen, V.; Fratantonio, Y.; Lindorfer, M.; Gruss, D.; Maurice, C.; Vigna, G.; Bos, H.; Razavi, K.; Giuffrida, C. Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16), Vienna, Austria, 24–28 October 2016.
Pessl, P.; Gruss, D.; Maurice, C.; Schwarz, M.; Mangard, S. DRAMA: Exploiting DRAM addressing for Cross-CPU attacks. In Proceedings of the USENIX Security Symposium, Austin, TX, USA, 10–12 August 2016.
Bosman, E.; Razavi, K.; Bos, H.; Giuffrida, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In Proceedings of the 2016 IEEE Symposium on Security Privacy, SP 2016, San Jose, MA, USA, 23–25 May 2016; pp. 987–1004.
Seaborn, M.; Dullien, T. Exploting the DRAM rowhammer bug to gain kernel privileges. In Proceedings of the 2016 ACM SIGSAC Conference, Vienna, Austria, 24–28 October 2016.
Qiao, R.; Seaborn, M. A new approach for rowhammer attacks. In Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, VA, USA, 3–5 May 2016.
Aweke, Z.B.; Yitbarek, S.F.; Qiao, R.; Das, R.; Hicks, M.; Oren, Y.; Austin, T. ANVIL: Software-based protection against next-generation rowhammer attacks. In Proceedings of the 21st ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Atlanta, GA, USA, 2–6 April 2016
Moinuddin, K.Q.; Dae-Hyun, K.; Samira, K.; Prashant, J.N.; Onur, M. AVATAR: A variable-retention-time (vrt) aware refresh for dram systems. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Rio de Janeiro, Brazil, 22–25 June 2015
Program for Testing for the DRAM Rowhammer Problem. 2015. Available online: https://github.com/ google/rowhammer-test (accessed on 15 March 2017).
Seaborns, M. How Physical Adressesses Map to Rows and Banks in DRAM. 2015. Available online: http: //lackingrhoticity.blogspot.com/2015/05/how-physical-adresses-map-to-rows-and-banks.html (accessed on 5 April 2017).
Xiao, Y.; Zhang, X.; Teodorescu, R. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilage escalation. In Proceedings of the 25th USENIX Security Symposium, Austin, TX, USA, 10–12 August 2016.
Gruss, D.; Maurice, C.; Mangard, S. Rowhammer.js: A remote software-induced fault attack in javascript. In Proceedings of the 13th Conference on Detection of Intrusions and Malware Vulnerability Assessment (DIMVA), Donostia-San Sebastián, Spain, 7–8 July 2016
Bhattacharya, S.; Mukhopadhyay, D. Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis. Lect. Notes Comput. Sci. 2016, 9813, 602–624
Salyzyn, M. AOSP Commit 0549ddb9: UPSTREAM: Pagemap: Do Not Leak Physiscal Addresses to Non-Privilahe Userspace. 2015. Available online: http://goo.gl/Qye2MN (accessed on 1 May 2017).
Razai, K.; Gras, B.; Bosman, E.; Preneel, B.; Giuffrida, C.; Bos, H. Flip feng shui: Hammering a needle in the software stack. In Proceedings of the 25th USENIX Security Sympoisium, Austin, TX, USA, 10–12 August 2016.
Опубліковано
2021-10-30
Як цитувати
Костючко C., & Ольшевський , О. (2021). Огляд апаратних вразливостей вбудованих систем на прикладі Rowhammer . КОМП’ЮТЕРНО-ІНТЕГРОВАНІ ТЕХНОЛОГІЇ: ОСВІТА, НАУКА, ВИРОБНИЦТВО, (44), 106-110. https://doi.org/10.36910/6775-2524-0560-2021-44-17
Розділ
Інформатика та обчислювальна техніка
