Les Bell
Blog entry by Les Bell
Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.
News Stories
Yet Another Bit Flipping Attack
Many readers doubtless remember the consternation caused by the revelation of the RowHammer attack on dynamic RAM (DRAM) modules back in 2015. Dynamic RAM cells consist of a single transistor and a capacitor which is charged up to represent a one, so that its positive end reads 5V or 3.3V, and discharged to 0V to represent a zero. In order to minimize the number of address pins on each chip, the memory cells are organized into rows and columns, and a complete cell address is typically multiplexed, with one half of the complete address being used to identify the row while the other half addresses the column, thereby addressing the cell.
The charge on the capacitor will, however, gradually drain away, so a refresh controller circuit will periodically - at most every 64 ms - read a row of memory and then rewrite it, recharging the capacitors which need it. But the increasing density of DRAM chips has led to a related problem: the electrostatic field of the capacitor can affect neighbouring cells. This was identified in 2014 by researchers from Carnegie Mellon University and Intel, whp presented a paper - Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors - at that year's Annual International Symposium on Computer Architecture showing that repeated reads of a row can affect the adjacent rows, causing corruption (Kim, et. al, 2014). However, they saw this as a reliability problem, and not specifically a security problem.
The stakes were raised the following year, when a couple of Google Project Zero researchers figured out a way to use this technique in a privilege escalation attack (Seaborn and Dullien, 2015) which they dubbed RowHammer. The attack defeats the page-based memory protection features of the processor; for example, it can be used to flip bits in a 4 KB page which belongs to a privileged process and would not normally be accessible to the attacker.
RowHammer works by performing thousands or even hundreds of thousands of reads of two different rows in the same bank of RAM adjacent to the row which the attacker wants to flip - the victim row. Since a bank of RAM has only a single row buffer for output, each read activates the relevant row to reload the row buffer (repeatedly hammering a single row would only activate it once). Another complication is that the processor's own cache would normally keep a copy of the read values, but a couple of clflush instructions will flush the cached copies, forcing a read of the DRAM.
The result is flipped bits in the target row. Of course, there's a bit more to it, but that's the basic idea, and the Project Zero researchers were able to demonstrate code that broke out of the Chrome Native Client sandbox, as well as a Linux privilege escalation attack which worked by flipping a bit in an x86 page table entry to gain access to the attacking process's own page table, thereby allowing privileged access to all physical memory.
Naturally, the semiconductor industry has not taken this lying down, introducing mitigations into their DRAM circuit designs - and as so often happens in security, this has turned into an escalating arms race as researchers have developed workarounds. For example, DDR3 memory added extra bits onto the rows, using Hamming codes to provide error checking and correction (ECC); ECC used to be a common feature of mainframe and high-end server memory but the reliability of modern chips had led to many dropping it. But once DDR3 became available, it didn't take long for researchers to come up with another RowHammer variant which defeats it.
DDR4 therefore includes an additional feature called Target Row Refresh (TRR). This monitors the number of times a row is accessed and when it exceeds a target threshold, it refreshes adjacent rows to guard against bit flipping. Problem solved, right?
Wrong. A new attack defeats TRR by combining the repeated reads of RowHammer with its own new approach (Luo, wt. al., 2023; Goodin, 2023).
The RowPress attack works by keeping one DRAM row - an aggressor row - open for a long period of time, which disturbs the adjacent rows. This can induce bitflips in the victim row without requiring tens of thousands of activations of the aggressor row, and therefore does not trigger TRR. The researchers concluded:
... with a user-level program on a real DDR4-based Intel system with TRR protection, 1) RowPress induces bitflips when RowHammer cannot, 2) RowPress induces many more bitflips than RowHammer, and 3) increasing tAggON up to a certain value increases RowPress-induced bitflips and number of rows with such bitflips. Thus, read-disturb-based attacks on real systems can leverage RowPress to be more effective despite the existence of periodic auto-refresh and in-DRAM target row refresh mechanisms employed by the manufacturer (Luo et. al., 2023).
In theory, the RowPress technique can achieve bitflipping by holding a row open just once, for an extended period of time. However, this is not really practical, and so an actual attack would combine the RowPress technique with RowHammer, using repeated row activations, but for a longer period of time to keep the number of reads below the TRR threshold, and some experimentation is required to find an optimal combination of the number and duration of activations in order to achieve the desired bitflips.
I dare say a lot of researchers are already working on proof-of-concept exploits, but getting this technique to flip the specific bits required in, say, a page table entry is going to be challenging.
Goodin, Dan, There’s a new way to flip bits in DRAM, and it works against the latest defenses, Ars Technica, 19 October 2023. Available online at https://arstechnica.com/security/2023/10/theres-a-new-way-to-flip-bits-in-dram-and-it-works-against-the-latest-defenses/.
Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., Wilkerson, C., Lai, K., & Mutlu, O., Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA), 361–372, 2014. https://doi.org/10.1109/ISCA.2014.6853210. Available online at http://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf.
Luo, H., Olgun, A., Yağlıkçı, A. G., Tuğrul, Y. C., Rhyner, S., Cavlak, M. B., Lindegger, J., Sadrosadati, M., & Mutlu, O., RowPress: Amplifying Read Disturbance in Modern DRAM Chips. Proceedings of the 50th Annual International Symposium on Computer Architecture, pp. 1–18, 2023. https://doi.org/10.1145/3579371.3589063. Available online at https://people.inf.ethz.ch/omutlu/pub/RowPress_isca23.pdf.
Seaborn, M., & Dulien, Thomas, Project Zero: Exploiting the DRAM rowhammer bug to gain kernel privileges, Google Project Zero blog, 9 March 2015. Available online at https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html.
Upcoming Courses
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 November 2023
- SE221 CISSP Fast Track Review, Sydney, 4 - 8 December 2023
- SE221 CISSP Fast Track Review, Sydney, 11 - 15 March 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 May 2024
- SE221 CISSP Fast Track Review, Virtual/Online, 17 - 21 June 2024
- SE221 CISSP Fast Track Review, Sydney, 22 - 26 July 2024
These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.
Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.