Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
| Autor: | Onur Mutlu, Lillian Tsai, Stefan Saroiu, Lucian Cojocar, Minesh Patel, Jeremie S. Kim, Alec Wolman |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security B.8.1 Computer science Cloud computing 02 engineering and technology 01 natural sciences D.4.6 End-to-end principle Server 0103 physical sciences Hardware Architecture (cs.AR) 0202 electrical engineering electronic engineering information engineering Computer Science - Hardware Architecture 010302 applied physics Hardware_MEMORYSTRUCTURES business.industry Construct (python library) DIMM 020202 computer hardware & architecture Central processing unit business Cryptography and Security (cs.CR) Dram Computer network |
| Zdroj: | IEEE Symposium on Security and Privacy |
| DOI: | 10.48550/arxiv.2003.04498 |
| Popis: | Cloud providers are concerned that Rowhammer poses a potentially critical threat to their servers, yet today they lack a systematic way to test whether the DRAM used in their servers is vulnerable to Rowhammer attacks. This paper presents an end-to-end methodology to determine if cloud servers are susceptible to these attacks. With our methodology, a cloud provider can construct worst-case testing conditions for DRAM. We apply our methodology to three classes of servers from a major cloud provider. Our findings show that none of the CPU instruction sequences used in prior work to mount Rowhammer attacks create worst-case DRAM testing conditions. To address this limitation, we develop an instruction sequence that leverages microarchitectural side-effects to ``hammer'' DRAM at a near-optimal rate on modern Intel Skylake and Cascade Lake platforms. We also design a DDR4 fault injector that can reverse engineer row adjacency for any DDR4 DIMM. When applied to our cloud provider's DIMMs, we find that DRAM rows do not always follow a linear map. Comment: A version of this paper will appear in the IEEE S&P 2020 proceedings |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|