Explore the Rowhammer bug, a critical vulnerability in DRAM modules, through this 50-minute Black Hat conference talk. Delve into the mechanics of DRAM reading, timing differences, and the widespread nature of this issue. Learn about access techniques, physical addresses, and exploitation strategies, including modifying instructions and manipulating page tables. Examine post-Rowhammer exploitation methods, such as bit flips combined with page deduplication. Investigate various mitigation techniques, including hardware and software prevention methods, as well as detection strategies. Gain insights into different hammering techniques like single-sided, double-sided, and one-location hammering. Explore advanced topics such as opcode flipping, memory waylaying, and SGX encrypted memory exploitation. Compare performance numbers and understand the implications of Nethammer bit flips in this comprehensive exploration of DRAM security vulnerabilities.
Overview
Syllabus
Intro
How reading from DRAM works
Timing difference
How widespread is the issue?
Requirements
Access techniques
Physical addresses and DRAM
How to exploit random bit flips?
Strategy: Modify instructions
Page Table Entries
Page Table Manipulation
Post-Rowhammer Exploitation
Bit Flips + Page Deduplication
Mitigations
What about ECC?
Preventing Rowhammer attacks in hardware (1/3)
Preventing Rowhammer attacks in software
Detecting Rowhammer attacks
Defenses Overview
How to hammer?
Single-sided hammering
Double-sided hammering
Hammering techniques
One-location hammering
Memory-Controller Policies
How well does it work?
Opcode Flipping - Conditional Jump
Page Cache
Memory Waylaying
SGX Encrypted Memory
(Ab)using SGX Protection
Just comparing some performance numbers...
Exploiting Nethammer Bit Flips
Taught by
Black Hat
