Skip to main content
SpringerLink
Log in

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

  • Conference paper
  • First Online:
Computer Security – ESORICS 2023 (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14346))

Included in the following conference series:

  • 265 Accesses

Abstract

Rowhammer is a hardware vulnerability that can be exploited to induce bit flips in dynamic random access memory (DRAM), compromising the security of a computer system. Multiple ways of exploiting Rowhammer have been shown and even in the presence of mitigations such as target row refresh (TRR), DRAM modules remain partially vulnerable. In this paper, we present a large-scale reproduction study on the Rowhammer vulnerability using the Blacksmith Rowhammer fuzzer. The main focus of our study is the impact of the fuzzing environment. Our study uses a diverse set of 10 DRAM chips from various manufacturers, with different capacities and memory frequencies. We show that the runtime, used seeds, and DRAM coverage of the fuzzer have been underestimated in previous work. Additionally, we study the entire hardware setup’s impact on the transferability of Rowhammer by fuzzing the same DRAM on 4 identical machines. The transferability study heavily relates to Rowhammer-based physically unclonable functions (PUFs) which rely on the stability of Rowhammer-induced bit flips. Our results confirm the findings of the Blacksmith fuzzer, showing that even modern DRAM chips are vulnerable to Rowhammer. In addition, we show that PUFs are challenging to achieve on commodity systems due to the high variability of Rowhammer bit flips.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    DRAM module 3 broke during testing and is therefore excluded in the transferability study.

References

  1. Anagnostopoulos, N.A., et al.: Intrinsic run-time row hammer PUFs: leveraging the row hammer effect for run-time cryptography and improved security. In: Cryptography (2018)

    Google Scholar 

  2. Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup est machina: memory deduplication as an advanced exploitation vector. In: S&P (2016)

    Google Scholar 

  3. Cojocar, L., Razavi, K., Giuffrida, C., Bos, H.: Exploiting correcting codes: on the effectiveness of ECC memory against rowhammer attacks. In: S&P (2019)

    Google Scholar 

  4. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31

    Chapter  Google Scholar 

  5. Easdon, C., Schwarz, M., Schwarzl, M., Gruss, D.: Rapid prototyping for microarchitectural attacks. In: USENIX Security (2022)

    Google Scholar 

  6. Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S&P (2020)

    Google Scholar 

  7. Gerlach, L., Schwarz, S., Faroß, N., Schwarz, M.: Efficient and generic microarchitectural hash-function recovery. In: S&P (2024)

    Google Scholar 

  8. Gruss, D., et al.: Another flip in the wall of Rowhammer defenses. In: S&P (2018)

    Google Scholar 

  9. Hassan, H., Can Tuǧrul, Y., Kim, J.S., Van der Veen, V., Razavi, K., Mutlu, O.: Uncovering In-DRAM RowHammer protection mechanisms: a new methodology, custom RowHammer patterns, and implications. In: IEE MICRO, 2021, extended classification tree and PoCs at https://transient.fail/

  10. Helm, C., Akiyama, S., Taura, K.: Reliable reverse engineering of intel dram addressing using performance counters. In: International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020)

    Google Scholar 

  11. Jattke, P., van der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: S&P (2022)

    Google Scholar 

  12. Juffinger, J., Lamster, L., Kogler, A., Eichlseder, M., Lipp, M., Gruss, D.: CSI: Rowhammer-cryptographic security and integrity against rowhammer. In: IEEE S&P (2022)

    Google Scholar 

  13. Kaczmarski, M.: Thoughts on Intel ® Xeon ® E5-2600 v2 product family performance optimisation – component selection guidelines, August 2014. http://infobazy.gda.pl/2014/pliki/prezentacje/d2s2e4-Kaczmarski-Optymalna.pdf

  14. Kim, J.S., et al.: Revisiting RowHammer: an experimental analysis of modern DRAM devices and mitigation techniques. In: ISCA (2020)

    Google Scholar 

  15. Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ISCA (2014)

    Google Scholar 

  16. Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: SIGSAC (2018)

    Google Scholar 

  17. Kogler, A., et al.: Half-double: hammering from the next row over. In: USENIX Security Symposium (2022)

    Google Scholar 

  18. Lee, E., Kang, I., Lee, S., Suh, G.E., Ahn, J.H.: Twice: preventing row-hammering by exploiting time window counters. In: ISACA (2019)

    Google Scholar 

  19. Lipp, M.et al.: Nethammer: inducing Rowhammer faults through network requests. In: SILM Workshop (2020)

    Google Scholar 

  20. Park, Y., Kwon, W., Lee, E., Ham, T.J., Ahn, J.H., Lee, J.W.: Graphene: strong yet lightweight row hammer protection. In; MICRO (2020)

    Google Scholar 

  21. Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)

    Google Scholar 

  22. Qiao, R., Seaborn, M.: A new approach for Rowhammer attacks. In: International Symposium on Hardware Oriented Security and Trust (2016)

    Google Scholar 

  23. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip feng shui: hammering a needle in the software stack. In: USENIX Security Symposium (2016)

    Google Scholar 

  24. Schaller, A., et al.: Intrinsic Rowhammer PUFs: leveraging the Rowhammer effect for improved security. In: Hardware Oriented Security and Trust (HOST) (2017)

    Google Scholar 

  25. Seyedzadeh, S.M., Jones, A.K., Melhem, R.: Mitigating wordline crosstalk using adaptive trees of counters. In: ISCA. IEEE (2018)

    Google Scholar 

  26. Son, M., Park, H., Ahn, J., Yoo, S.: Making dram stronger against row hammering. In: DAC (2017)

    Google Scholar 

  27. Tatar, A., Krishnan, R., Athanasopoulos, E., Giuffrida, C., Bos, H., Razavi, K.: Throwhammer: Rowhammer attacks over the network and defenses. In: USENIX ATC (2018)

    Google Scholar 

  28. van der Veen, V., et al.: Drammer: deterministic Rowhammer attacks on mobile platforms. In: CCS (2016)

    Google Scholar 

  29. Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: USENIX Security Symposium (2016)

    Google Scholar 

  30. Yağlıkçı, A.G., et al.: BlockHammer: preventing RowHammer at low cost by blacklisting rapidly-accessed DRAM rows. In: HPCA (2021)

    Google Scholar 

  31. You, J.M., Yang, J.-S.: MRLoc: mitigating row-hammering based on memory locality. In: DAC (2019)

    Google Scholar 

  32. Zeitouni, S., Gens, D., Sadeghi, A.-R.: It’s hammer time: how to attack (rowhammer-based) dram-PUFs. In: DAC (2018)

    Google Scholar 

Download references

Acknowledgment

We thank our anonymous reviewers for their valuable feedback. We thank Michele Marazzi for fruitful discussions.

Author information

Authors and Affiliations

  1. CISPA Helmholtz Center for Information Security, Saarbrücken, Saarland, Germany

    Lukas Gerlach, Fabian Thomas, Robert Pietsch & Michael Schwarz

Authors
  1. Lukas Gerlach
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabian Thomas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robert Pietsch
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Schwarz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lukas Gerlach .

Editor information

Editors and Affiliations

  1. University of California, Irvine, CA, USA

    Gene Tsudik

  2. University of Padua, Padua, Italy

    Mauro Conti

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. Delft University of Technology, Delft, The Netherlands

    Georgios Smaragdakis

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gerlach, L., Thomas, F., Pietsch, R., Schwarz, M. (2024). A Rowhammer Reproduction Study Using the Blacksmith Fuzzer. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14346. Springer, Cham. https://doi.org/10.1007/978-3-031-51479-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-51479-1_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-51478-4

  • Online ISBN: 978-3-031-51479-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation