Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

RAMBleed - Reading Bits in Memory Without Accessing Them

IEEE via YouTube

Overview

Explore the security implications of the Rowhammer bug in DRAM cells through this 16-minute IEEE conference talk. Delve into how an unprivileged adversary can exploit this reliability issue to read bits in memory without directly accessing them, challenging the assumption that bit flips in private memory are harmless. Learn about novel techniques for exploiting the data dependence between Rowhammer-induced bit flips and nearby bits, enabling the deduction of sensitive information across security boundaries. Discover how this attack method threatens both integrity and confidentiality, even in systems with ECC memory. Examine an end-to-end attack on OpenSSH 7.9, extracting an RSA-2048 key from a root-level SSH daemon, and understand the innovative approaches used to manipulate memory and locate physically contiguous areas for double-sided Rowhammering. Gain insights into the broader implications of this research for DRAM security and the need for robust countermeasures against such sophisticated attacks.

Syllabus

Introduction
How Memory Works
Row Hammer Effect
Row HammerInduced Bit Flips
Memory Layout Acquisition
Memory Allocator
OpenSSH Key Placement
Fung Shui
Reading Bits
Reading the Next Bit
EndtoEnd Attack
ECC Memory
ECC Memory Example
Conclusions

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of RAMBleed - Reading Bits in Memory Without Accessing Them

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.