Abstract
Rowhammer is a hardware vulnerability that can be exploited to induce bit flips in dynamic random access memory (DRAM), compromising the security of a computer system. Multiple ways of exploiting Rowhammer have been shown and even in the presence of mitigations such as target row refresh (TRR), DRAM modules remain partially vulnerable. In this paper, we present a large-scale reproduction study on the Rowhammer vulnerability using the Blacksmith Rowhammer fuzzer. The main focus of our study is the impact of the fuzzing environment. Our study uses a diverse set of 10 DRAM chips from various manufacturers, with different capacities and memory frequencies. We show that the runtime, used seeds, and DRAM coverage of the fuzzer have been underestimated in previous work. Additionally, we study the entire hardware setup’s impact on the transferability of Rowhammer by fuzzing the same DRAM on 4 identical machines. The transferability study heavily relates to Rowhammer-based physically unclonable functions (PUFs) which rely on the stability of Rowhammer-induced bit flips. Our results confirm the findings of the Blacksmith fuzzer, showing that even modern DRAM chips are vulnerable to Rowhammer. In addition, we show that PUFs are challenging to achieve on commodity systems due to the high variability of Rowhammer bit flips.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
DRAM module 3 broke during testing and is therefore excluded in the transferability study.
References
Anagnostopoulos, N.A., et al.: Intrinsic run-time row hammer PUFs: leveraging the row hammer effect for run-time cryptography and improved security. In: Cryptography (2018)
Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup est machina: memory deduplication as an advanced exploitation vector. In: S&P (2016)
Cojocar, L., Razavi, K., Giuffrida, C., Bos, H.: Exploiting correcting codes: on the effectiveness of ECC memory against rowhammer attacks. In: S&P (2019)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Easdon, C., Schwarz, M., Schwarzl, M., Gruss, D.: Rapid prototyping for microarchitectural attacks. In: USENIX Security (2022)
Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S&P (2020)
Gerlach, L., Schwarz, S., Faroß, N., Schwarz, M.: Efficient and generic microarchitectural hash-function recovery. In: S&P (2024)
Gruss, D., et al.: Another flip in the wall of Rowhammer defenses. In: S&P (2018)
Hassan, H., Can Tuǧrul, Y., Kim, J.S., Van der Veen, V., Razavi, K., Mutlu, O.: Uncovering In-DRAM RowHammer protection mechanisms: a new methodology, custom RowHammer patterns, and implications. In: IEE MICRO, 2021, extended classification tree and PoCs at https://transient.fail/
Helm, C., Akiyama, S., Taura, K.: Reliable reverse engineering of intel dram addressing using performance counters. In: International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS) (2020)
Jattke, P., van der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: S&P (2022)
Juffinger, J., Lamster, L., Kogler, A., Eichlseder, M., Lipp, M., Gruss, D.: CSI: Rowhammer-cryptographic security and integrity against rowhammer. In: IEEE S&P (2022)
Kaczmarski, M.: Thoughts on Intel ® Xeon ® E5-2600 v2 product family performance optimisation – component selection guidelines, August 2014. http://infobazy.gda.pl/2014/pliki/prezentacje/d2s2e4-Kaczmarski-Optymalna.pdf
Kim, J.S., et al.: Revisiting RowHammer: an experimental analysis of modern DRAM devices and mitigation techniques. In: ISCA (2020)
Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ISCA (2014)
Klees, G., Ruef, A., Cooper, B., Wei, S., Hicks, M.: Evaluating fuzz testing. In: SIGSAC (2018)
Kogler, A., et al.: Half-double: hammering from the next row over. In: USENIX Security Symposium (2022)
Lee, E., Kang, I., Lee, S., Suh, G.E., Ahn, J.H.: Twice: preventing row-hammering by exploiting time window counters. In: ISACA (2019)
Lipp, M.et al.: Nethammer: inducing Rowhammer faults through network requests. In: SILM Workshop (2020)
Park, Y., Kwon, W., Lee, E., Ham, T.J., Ahn, J.H., Lee, J.W.: Graphene: strong yet lightweight row hammer protection. In; MICRO (2020)
Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)
Qiao, R., Seaborn, M.: A new approach for Rowhammer attacks. In: International Symposium on Hardware Oriented Security and Trust (2016)
Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip feng shui: hammering a needle in the software stack. In: USENIX Security Symposium (2016)
Schaller, A., et al.: Intrinsic Rowhammer PUFs: leveraging the Rowhammer effect for improved security. In: Hardware Oriented Security and Trust (HOST) (2017)
Seyedzadeh, S.M., Jones, A.K., Melhem, R.: Mitigating wordline crosstalk using adaptive trees of counters. In: ISCA. IEEE (2018)
Son, M., Park, H., Ahn, J., Yoo, S.: Making dram stronger against row hammering. In: DAC (2017)
Tatar, A., Krishnan, R., Athanasopoulos, E., Giuffrida, C., Bos, H., Razavi, K.: Throwhammer: Rowhammer attacks over the network and defenses. In: USENIX ATC (2018)
van der Veen, V., et al.: Drammer: deterministic Rowhammer attacks on mobile platforms. In: CCS (2016)
Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: USENIX Security Symposium (2016)
Yağlıkçı, A.G., et al.: BlockHammer: preventing RowHammer at low cost by blacklisting rapidly-accessed DRAM rows. In: HPCA (2021)
You, J.M., Yang, J.-S.: MRLoc: mitigating row-hammering based on memory locality. In: DAC (2019)
Zeitouni, S., Gens, D., Sadeghi, A.-R.: It’s hammer time: how to attack (rowhammer-based) dram-PUFs. In: DAC (2018)
Acknowledgment
We thank our anonymous reviewers for their valuable feedback. We thank Michele Marazzi for fruitful discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Gerlach, L., Thomas, F., Pietsch, R., Schwarz, M. (2024). A Rowhammer Reproduction Study Using the Blacksmith Fuzzer. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14346. Springer, Cham. https://doi.org/10.1007/978-3-031-51479-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-51479-1_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51478-4
Online ISBN: 978-3-031-51479-1
eBook Packages: Computer ScienceComputer Science (R0)