Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the DRAM Rowhammer bug and its security implications in this Black Hat conference talk. Delve into the physics-level hardware problem that can be exploited to gain kernel privileges. Learn about the "Rowhammer" issue in DRAM, where repeated memory access can cause bit flips in adjacent rows. Discover how this reliability concern has been transformed into a practical security vulnerability. Examine two exploits that leverage bit flips, including an in-browser attack through NaCl and a method to escalate to kernel privileges. Understand the technical details of row hammering, including cache bypassing and double-sided hammering techniques. Explore mitigation strategies such as ECC memory, Target Row Refresh, and increased refresh rates. Gain insights into the broader implications of hardware-level vulnerabilities for system security.

Syllabus

Bit flips!
The rowhammer DRAM bug
Overview of talk
About the speakers
Exploiting random bit flips
Types of memory error
DRAM row buffer
DRAM refresh
"Hammering" can cause bit flips
Bad cells
Step 1: Bypass the cache
Double-sided hammering
Flippy the Laptop
Intro to Native Client (NaCl)
Escaping an in-process sandbox
Bit flips make safe code unsafe
Using physical memory access
Page reuse
Mitigations
Mitigation: ECC memory
"Ideal" fix: Target Row Refresh, TRR
Mitigation: 2x refresh rate
Conclusions
For more information

Taught by

Black Hat

Reviews

Start your review of Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.