Explore a critical security vulnerability in DRAM architecture common to computers and various devices in this Black Hat conference talk. Delve into the research revealing how DRAM design creates an attack surface for side channel attacks, largely independent of software flaws, operating systems, virtualization technology, and CPU. Understand the role of the row buffer in DRAM modules and how it can be exploited. Learn about address translation, physical addressing, and DRAM organization. Discover techniques for bypassing data caches and measuring differences in DRAM access. Examine the process of reversing mapping functions and spying on memory. Investigate practical attack scenarios, potential solutions, and the intricacies of DRAM packets. Explore the concept of Rowhammer attacks, including their application to DDR4 memory. Gain valuable insights into this critical security issue and its implications for modern computing systems.
Overview
Syllabus
Intro
About this presentation
Take aways
From code to capacitor
Why translation
Address translation on x86-64
Virtual and physical addressing
Road block: Data Caches
Bypass cache road block
How does physical addresses map to memory
DRAM organization
First hint of trouble
The Row buffer
How reading from DRAM works
We can measure a difference
Summary
Remember this?
Reversing the mapping function - Approach
Imagine this code
Spying
Two related questions
How our demo really works
Attacks
Scenario
The solution
The gory details - bits
The gory details - Packets
Rowhammer
Finding rows
DDR4 Row hammer
Black Hat Sound Bytes
Taught by
Black Hat
