Abstract
The Rowhammer bug has exposed a severe reliability issue in modern commodity-grade DRAM modules where repeated accesses to a particular row can cause bit-flips in its adjacent rows. It is a prime example where a reliability issue can lead to a practical security vulnerability that can aid an adversary to mount an array of local and remote attacks to jeopardize a system completely. Although several security countermeasures have been proposed, recent attacks show that they are not sufficient enough to completely mitigate Rowhammer vulnerability. In this paper, we attempt to take a novel approach by using the DRAM access patterns generated by benign processes to train an unsupervised Deep Learning model. The objective of the model is to analyze the memory access patterns of processes which suffer from high last level cache miss rate and classify it as either benign or anomaly with high accuracy. We also introduce a reverse-engineering module in our approach to uncover the DRAM bank addressing functions (which are not available publicly) based on a novel bin-partitioning algorithm. We further show that our detection methodology can reliably detect a Rowhammer process with 97% accuracy. In a more general context, we show that a suitable combination of deep learning and reverse engineering of physical addresses can help to detect Rowhammer attacks successfully.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We define exploitable faults as those bit-flips which can lead to security or confidentiality issue. Not all bit-flips can be exploited by an adversary to exploit a system.
- 2.
Given a physical address, its actual location in DRAM is defined by a set of functions which maps a physical address to particular rank, bank and row numbers, which is architecture dependent.
- 3.
Loss quantifies the average prediction error of the network. A decreasing loss indicates that the network is properly learning.
- 4.
pagemap is an interface provided in Linux that allows userspace programs to access page table and related information for a particular process.
- 5.
In our experimental setup, we have empirically selected m as 10 and n as 8.
- 6.
Assuming the tool has admin privilege, which is a practical assumption for a diagnostic tool, itÅ› able to access pagemap in modern Linux kernels.
- 7.
The three sigma rule states that all the data points will lie within three standard deviations of the mean with 99.7% probability.
- 8.
We would like to emphasise that the detection tool is system-independent and can be employed on any standard x86 and Linux based machine.
- 9.
The offline training can also be done on the CPU of the target system.
- 10.
A phenomenon where the neural network actually memorizes the data instead of learning the targeted features.
- 11.
Validation loss is obtained by feeding the model with unknown data which is not used for the training.
References
Alam, M., Bhattacharya, S., Dutta, S., Sinha, S., Mukhopadhyay, D., Chattopadhyay, A.: RATAFIA: ransomware analysis using time and frequency informed autoencoders. In: IEEE HOST, pp. 218–227 (2019)
Alam, M., Bhattacharya, S., Mukhopadhyay, D., Bhattacharya, S.: Performance counters to rescue: A machine learning based safeguard against micro-architectural side-channel-attacks. IACR Cryptology ePrint Archive 2017, 564 (2017)
Aweke, Z.B., Yitbarek, S.F., Qiao, R., Das, R., Hicks, M., Oren, Y., Austin, T.: ANVIL: software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Notices 51(4), 743–755 (2016)
Bhattacharya, S., Mukhopadhyay, D.: Curious case of rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29
Brasser, F., Davi, L., Gens, D., Liebchen, C., Sadeghi, A.R.: Can’t touch this: software-only mitigation against rowhammer attacks targeting kernel memory. In: USENIX Security 2017, pp. 117–130 (2017)
Chakraborty, A., Bhattacharya, S., Saha, S., Mukhopadhyay, D.: Explframe: exploiting page frame cache for fault analysis of block ciphers. In: DATE, pp. 1303–1306 (2020)
Chakraborty, A., Alam, M., Mukhopadhyay, D.: Deep learning based diagnostics for rowhammer protection of dram chips. In: IEEE ATS, pp. 86–865. IEEE (2019)
Chollet, F.: Building autoencoders in keras. The Keras Blog (2016)
Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., RodrÃguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15
Hara, Y., Tomiyama, H., Honda, S., Takada, H., Ishii, K.: Chstone: a benchmark program suite for practical c-based high-level synthesis. In: 2008 IEEE International Symposium on Circuits and Systems, pp. 1192–1195. IEEE (2008)
Herath, N., Fogh, A.: These are not your grand daddys CPU performance counters-CPU hardware performance counters for security. Black Hat Briefings (2015)
Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. In: ACM SIGARCH Computer Architecture News, vol. 42, pp. 361–372. IEEE Press (2014)
Seaborn, M., Dullien, T.: Exploiting the dram rowhammer bug to gain kernel privileges (2015). https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
Malhotra, P., Vig, L., Shroff, G., Agarwal, P.: Long short term memory networks for anomaly detection in time series. In: Proceedings, p. 89. Presses universitaires de Louvain (2015)
Mutlu, O., Kim, J.S.: Rowhammer: a retrospective. IEEE Trans. Comput.-Aided Des. Integrated Circ. Syst. 39(8), 1555–1571 (2019)
Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting dram addressing for cross-CPU attacks. In: USENIX Security, pp. 565–581 (2016)
Smith, B., Grehan, R., Yager, T., Niemi, D.: Byte-unixbench: a Unix benchmark suite. Technical report (2011)
Tatar, A., Konoth, R.K., Athanasopoulos, E., Giuffrida, C., Bos, H., Razavi, K.: Throwhammer: Rowhammer attacks over the network and defenses. In: USENIX ATC, pp. 213–226 (2018)
Van Der Veen, V., et al.: Drammer: deterministic rowhammer attacks on mobile platforms. In: ACM CCS, pp. 1675–1689. ACM (2016)
Vig, S., Bhattacharya, S., Mukhopadhyay, D., Lam, S.K.: Rapid detection of rowhammer attacks using dynamic skewed hash tree. In: HASP, p. 7. ACM (2018)
Wang, X., Karri, R.: Numchecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: ACM/EDAC/IEEE DAC, pp. 1–7. IEEE (2013)
Wu, X.C., Sherwood, T., Chong, F.T., Li, Y.: Protecting page tables from rowhammer attacks using monotonic pointers in dram true-cells. In: ASPLOS, pp. 645–657 (2019)
Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: USENIX Security, pp. 19–35 (2016)
Zhang, F., et al.: Persistent fault analysis on block ciphers. IACR TCHES, pp. 150–172 (2018)
Zhang, Z., Zhu, Z., Zhang, X.: Breaking address mapping symmetry at multi-levels of memory hierarchy to reduce dram row-buffer conflicts. JILP 3, 29–63 (2001)
Acknowledgement
This work was partially supported by Department of Science and Technology, Government of India under the Swarnajayanti Fellowship program and Information Security Education and Awareness (ISEA), MeitY, Government of India.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Chakraborty, A., Alam, M., Mukhopadhyay, D. (2021). A Good Anvil Fears No Hammer: Automated Rowhammer Detection Using Unsupervised Deep Learning. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-81645-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-81644-5
Online ISBN: 978-3-030-81645-2
eBook Packages: Computer ScienceComputer Science (R0)