Access your Pro+ Content below.
Royal Holloway: Rowhammer – from DRAM faults to escalating privileges
Sponsored by ComputerWeekly.com
A side effect in dynamic random-access memory (DRAM) that occurs due to increased density, creating a challenge to prevent cell charges from interacting with adjacent cells, has evolved to the vulnerability called Rowhammer. Discover how it is used to exploit memory management techniques in different environments, inject errors in cryptographic protocols and perform privilege escalation attacks, and the counter-measures to help protect your organisation from attack.
Table Of Contents
- The rise in mobile device usage has resulted in increased demand in performance and usability, but the rush to optimise created accidental security vulnerabilities
- One widespread attack based on a hardware vulnerability first detected in 20141 is known as Rowhammer, and it is related to the growing demand for increasing memory density of DRAM modules
- Rowhammer attacks are structured into four procedures: (1) preparation, (2) hammering, (3) verification and (4) exploitation.
- Researchers used the Phys Feng Shui exploitation technique and evaluate it with an LG Nexus 5 mobile device to show the possibility of Rowhammer attacks, and the results show the technique is a real threat.
- A defence mechanism must be able to counter one of the attack primitives: preparation, hammering, verification. Most of the countermeasures now concentrate on hammering, but none of the existing defences is currently practical and usable due to the low security they provide.