RowHammer attacks have a new friend – RowPress
Rowhammer is a DRAM memory security vulnerability discovered in June 2014 (paper here). It demonstrates a security problem in which programs can modify memory they should not have access too. In the paper, they note how DRAM memory cells interact electrically between themselves by leaking their charges, possibly changing the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.
The row hammer effect has been used in some privilege escalation computer security exploits (Paper here). Google’s Project Zero demonstrated two working privilege escalation exploits based on the row hammer effect in 2015. Since then, there has been a back and forth war of fixes and new exploits – some even involving ways to circumvent ECC (error-correcting) DRAM.
Now we fast forward to today, and there is another way to manipulate bits – RowPress (Paper here). Instead of ‘hammering’ neighbor rows with certain write patterns, this method involves manipulating the length of time the aggressor row is left open when reading it. When a computer accesses a chunk of memory, it opens the rows to the cells storing the desired data and transfers it to the CPU. The researchers show you can use clever methods to manipulate how long that row is left open. When an attacker row is left open the optimal amount, you can affect nearby victim rows:
We show that keeping a DRAM row (i.e., aggressor row) open for a long period of time (i.e., a large aggressor row on time, tAggON) disturbs physically nearby DRAM rows. Doing so induces bitflips in the victim row without requiring (tens of) thousands of activations to the aggressor row. We characterize RowPress in 164 off-the-shelf DDR4 DRAM chips from all three major manufacturers and find that RowPress significantly amplifies DRAM’s vulnerability to read-disturb attacks (i.e., greatly reduces the minimum number of total aggressor row activations to cause at least one bitflip, ACmin.
The methods they use are VERY clever. They started on a FPGA-based test beds to test the idea, then moved to PC’s. This required a deep knowledge of memory hardware and involves clever manipulation of the memory controller and cache systems (section 6.2 of the paper). The summary in the comments was great:
With respect to knowing how physical memory maps to their process memory, they allocated a 1GB hugepage and use a technique called DRAMA to determine the row-column mapping.
To keep their target row open, they take advantage of the fact (new to me) that multiple cache blocks will live on the same physical row, which means that repeated accesses to those blocks can influence the memory controller to keep that row open. They also empty the processor cache between each iteration so that they can be sure that they will hit the actual RAM.
To bypass the target row refresh (TRR) mechanisms that have been implemented to counter traditional RowHammer attacks, they also toggle a large number of dummy rows so that the TRR will pick up on those rather than the actual aggressor rows, since TRR implementations apparently have a small number of candidate aggressor rows.
Article: