RuhrSec 2017: "Rowhammer Attacks: A Walkthrough Guide", Dr. Clémentine Maurice & Daniel Gruss

Описание: RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit.
🔽 More information ...

Abstract. In the past 2 years the so-called Rowhammer bug has caught the attention of many academic and non-academic researchers. The scary aspect of the Rowhammer bug is that is entirely invalidates software security assumptions. Isolation mechanisms are ineffective to a degree where an attacker can run in a website and compromise the entire host system.

In this walkthrough guide I will walk you through all Rowhammer attacks that have been presented so far. We will start with the seminal work by Kim. et. al. 2014 and discuss the basic idea of triggering bitflips in software. Subsequently we will discuss how to use their findings in exploits, as demonstrated by Google researchers in 2015. The results from the works of these two groups is still of vital interest for the discussion of countermeasures that now may find their way into the Linux kernel.

Subsequently, we will discuss several attacks that are derived from these initial Rowhammer attacks. We will discuss attacks that lower requirements: Rowhammer.js, non-temporal-access-based attacks, DRAMA and Drammer. These attacks move Rowhammer from the strictly x86 native setting on DDR3 memory to new environments like the JavaScript sandbox, DDR4, or even mobile devices.

Another branch of attacks combine Rowhammer with other attack primitives. We will discuss attacks using deduplication (Dedup est Machina, Flip Feng Shui) and their impact. Furthermore, we will discuss the first Rowhammer attacks on cryptographic primitives that have been presented in 2016.

Finally, we will discuss countermeasures, i.e. Rowhammer detection and Rowhammer mitigation. While several countermeasures have been discussed and some have even been deployed, the problem is widely unsolved. We will shed light on the ongoing discussion amongst Linux kernel developers and point out dead ends that should be avoided in the future.

Biography. Clémentine Maurice is a postdoctoral researcher in the Secure Systems group at the Graz University of Technology, in Austria. She obtained her PhD from Telecom ParisTech in October 2015 while working at Technicolor in Rennes, jointly with the S3 group of Eurecom in Sophia Antipolis. Among other topics, she is interested in microarchitectural covert and side channels and reverse-engineering processor parts. Her research aims at finding new attack vectors on modern commodity devices such as servers, laptops, desktops and mobile devices. She also led the research on Rowhammer hardware fault attacks in JavaScript through a remote website, an attack also known as Rowhammer.js. She presented her work at several academic conferences and venues like the 32nd CCC and BlackHat Europe

Speakers:
Dr. Clémentine Maurice and Daniel Gruss

———

👉 Subscribe to our channel:
   / @hackmanit-it-security  

👉 Read more about interesting IT Security topics on our blog:
https://hackmanit.de/en/blog-en

✍️ Want a deeper dive?
Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here:
https://hackmanit.de/en/training/port...

———

🌍 RuhrSec conference website: https://www.ruhrsec.de
🌍 Visit our website: https://hackmanit.de/en

✔ Follow RuhrSec on Twitter:   / ruhrsec  
✔ Follow Hackmanit on Twitter:   / hackmanit  

Linkedin:   / hackmanit  
XING: https://www.xing.com/pages/hackmanitgmbh

———

Thanks for your attention and support. Stay secure.


#cybersecurity #rowhammer #ruhrsec #cyber #talk #rowhammerbug
#conference #itsecurity #itsicherheit #JavaScriptsandbox #cryptography