Skip to main content
SpringerLink
Log in

A Good Anvil Fears No Hammer: Automated Rowhammer Detection Using Unsupervised Deep Learning

  • Conference paper
  • First Online:
Applied Cryptography and Network Security Workshops (ACNS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12809))

Included in the following conference series:

Abstract

The Rowhammer bug has exposed a severe reliability issue in modern commodity-grade DRAM modules where repeated accesses to a particular row can cause bit-flips in its adjacent rows. It is a prime example where a reliability issue can lead to a practical security vulnerability that can aid an adversary to mount an array of local and remote attacks to jeopardize a system completely. Although several security countermeasures have been proposed, recent attacks show that they are not sufficient enough to completely mitigate Rowhammer vulnerability. In this paper, we attempt to take a novel approach by using the DRAM access patterns generated by benign processes to train an unsupervised Deep Learning model. The objective of the model is to analyze the memory access patterns of processes which suffer from high last level cache miss rate and classify it as either benign or anomaly with high accuracy. We also introduce a reverse-engineering module in our approach to uncover the DRAM bank addressing functions (which are not available publicly) based on a novel bin-partitioning algorithm. We further show that our detection methodology can reliably detect a Rowhammer process with 97% accuracy. In a more general context, we show that a suitable combination of deep learning and reverse engineering of physical addresses can help to detect Rowhammer attacks successfully.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    We define exploitable faults as those bit-flips which can lead to security or confidentiality issue. Not all bit-flips can be exploited by an adversary to exploit a system.

  2. 2.

    Given a physical address, its actual location in DRAM is defined by a set of functions which maps a physical address to particular rank, bank and row numbers, which is architecture dependent.

  3. 3.

    Loss quantifies the average prediction error of the network. A decreasing loss indicates that the network is properly learning.

  4. 4.

    pagemap is an interface provided in Linux that allows userspace programs to access page table and related information for a particular process.

  5. 5.

    In our experimental setup, we have empirically selected m as 10 and n as 8.

  6. 6.

    Assuming the tool has admin privilege, which is a practical assumption for a diagnostic tool, itÅ› able to access pagemap in modern Linux kernels.

  7. 7.

    The three sigma rule states that all the data points will lie within three standard deviations of the mean with 99.7% probability.

  8. 8.

    We would like to emphasise that the detection tool is system-independent and can be employed on any standard x86 and Linux based machine.

  9. 9.

    The offline training can also be done on the CPU of the target system.

  10. 10.

    A phenomenon where the neural network actually memorizes the data instead of learning the targeted features.

  11. 11.

    Validation loss is obtained by feeding the model with unknown data which is not used for the training.

References

  1. Alam, M., Bhattacharya, S., Dutta, S., Sinha, S., Mukhopadhyay, D., Chattopadhyay, A.: RATAFIA: ransomware analysis using time and frequency informed autoencoders. In: IEEE HOST, pp. 218–227 (2019)

    Google Scholar 

  2. Alam, M., Bhattacharya, S., Mukhopadhyay, D., Bhattacharya, S.: Performance counters to rescue: A machine learning based safeguard against micro-architectural side-channel-attacks. IACR Cryptology ePrint Archive 2017, 564 (2017)

    Google Scholar 

  3. Aweke, Z.B., Yitbarek, S.F., Qiao, R., Das, R., Hicks, M., Oren, Y., Austin, T.: ANVIL: software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Notices 51(4), 743–755 (2016)

    Article  Google Scholar 

  4. Bhattacharya, S., Mukhopadhyay, D.: Curious case of rowhammer: flipping secret exponent bits using timing analysis. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 602–624. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_29

    Chapter  Google Scholar 

  5. Brasser, F., Davi, L., Gens, D., Liebchen, C., Sadeghi, A.R.: Can’t touch this: software-only mitigation against rowhammer attacks targeting kernel memory. In: USENIX Security 2017, pp. 117–130 (2017)

    Google Scholar 

  6. Chakraborty, A., Bhattacharya, S., Saha, S., Mukhopadhyay, D.: Explframe: exploiting page frame cache for fault analysis of block ciphers. In: DATE, pp. 1303–1306 (2020)

    Google Scholar 

  7. Chakraborty, A., Alam, M., Mukhopadhyay, D.: Deep learning based diagnostics for rowhammer protection of dram chips. In: IEEE ATS, pp. 86–865. IEEE (2019)

    Google Scholar 

  8. Chollet, F.: Building autoencoders in keras. The Keras Blog (2016)

    Google Scholar 

  9. Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15

    Chapter  Google Scholar 

  10. Hara, Y., Tomiyama, H., Honda, S., Takada, H., Ishii, K.: Chstone: a benchmark program suite for practical c-based high-level synthesis. In: 2008 IEEE International Symposium on Circuits and Systems, pp. 1192–1195. IEEE (2008)

    Google Scholar 

  11. Herath, N., Fogh, A.: These are not your grand daddys CPU performance counters-CPU hardware performance counters for security. Black Hat Briefings (2015)

    Google Scholar 

  12. Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of dram disturbance errors. In: ACM SIGARCH Computer Architecture News, vol. 42, pp. 361–372. IEEE Press (2014)

    Google Scholar 

  13. Seaborn, M., Dullien, T.: Exploiting the dram rowhammer bug to gain kernel privileges (2015). https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html

  14. Malhotra, P., Vig, L., Shroff, G., Agarwal, P.: Long short term memory networks for anomaly detection in time series. In: Proceedings, p. 89. Presses universitaires de Louvain (2015)

    Google Scholar 

  15. Mutlu, O., Kim, J.S.: Rowhammer: a retrospective. IEEE Trans. Comput.-Aided Des. Integrated Circ. Syst. 39(8), 1555–1571 (2019)

    Article  Google Scholar 

  16. Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting dram addressing for cross-CPU attacks. In: USENIX Security, pp. 565–581 (2016)

    Google Scholar 

  17. Smith, B., Grehan, R., Yager, T., Niemi, D.: Byte-unixbench: a Unix benchmark suite. Technical report (2011)

    Google Scholar 

  18. Tatar, A., Konoth, R.K., Athanasopoulos, E., Giuffrida, C., Bos, H., Razavi, K.: Throwhammer: Rowhammer attacks over the network and defenses. In: USENIX ATC, pp. 213–226 (2018)

    Google Scholar 

  19. Van Der Veen, V., et al.: Drammer: deterministic rowhammer attacks on mobile platforms. In: ACM CCS, pp. 1675–1689. ACM (2016)

    Google Scholar 

  20. Vig, S., Bhattacharya, S., Mukhopadhyay, D., Lam, S.K.: Rapid detection of rowhammer attacks using dynamic skewed hash tree. In: HASP, p. 7. ACM (2018)

    Google Scholar 

  21. Wang, X., Karri, R.: Numchecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: ACM/EDAC/IEEE DAC, pp. 1–7. IEEE (2013)

    Google Scholar 

  22. Wu, X.C., Sherwood, T., Chong, F.T., Li, Y.: Protecting page tables from rowhammer attacks using monotonic pointers in dram true-cells. In: ASPLOS, pp. 645–657 (2019)

    Google Scholar 

  23. Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: USENIX Security, pp. 19–35 (2016)

    Google Scholar 

  24. Zhang, F., et al.: Persistent fault analysis on block ciphers. IACR TCHES, pp. 150–172 (2018)

    Google Scholar 

  25. Zhang, Z., Zhu, Z., Zhang, X.: Breaking address mapping symmetry at multi-levels of memory hierarchy to reduce dram row-buffer conflicts. JILP 3, 29–63 (2001)

    Google Scholar 

Download references

Acknowledgement

This work was partially supported by Department of Science and Technology, Government of India under the Swarnajayanti Fellowship program and Information Security Education and Awareness (ISEA), MeitY, Government of India.

Author information

Authors and Affiliations

  1. Indian Institute of Technology, Kharagpur, Kharagpur, India

    Anirban Chakraborty, Manaar Alam & Debdeep Mukhopadhyay

Authors
  1. Anirban Chakraborty
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manaar Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anirban Chakraborty .

Editor information

Editors and Affiliations

  1. Singapore University of Technology and Design, Singapore, Singapore

    Jianying Zhou

  2. University of Strathclyde, Glasgow, UK

    Chuadhry Mujeeb Ahmed

  3. ICIS, Radboud University, Nijmegen, The Netherlands

    Lejla Batina

  4. Singapore University of Technology and Design, Singapore, Singapore

    Sudipta Chattopadhyay

  5. LIACS, Leiden University, Leiden, The Netherlands

    Olga Gadyatskaya

  6. Centrum Wiskunde & Informatica, Amsterdam, The Netherlands

    Chenglu Jin

  7. University of Science and Technology of China, Hefei, China

    Jingqiang Lin

  8. University of Padua, Padua, Italy

    Eleonora Losiouk

  9. University of Kansas, Lawrence, KS, USA

    Bo Luo

  10. CIISE, Concordia University, Montréal, Canada

    Suryadipta Majumdar

  11. New York University, Abu Dhabi, United Arab Emirates

    Mihalis Maniatakos

  12. Illinois at Singapore Pte Ltd, Singapore, Singapore

    Daisuke Mashima

  13. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  14. Delft University of Technology, Delft, The Netherlands

    Stjepan Picek

  15. SECOM Co., Ltd., Tokyo, Japan

    Masaki Shimaoka

  16. University of Aizu, Aizu-Wakamatsu, Japan

    Chunhua Su

  17. City University of Hong Kong, Hong Kong, Hong Kong

    Cong Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chakraborty, A., Alam, M., Mukhopadhyay, D. (2021). A Good Anvil Fears No Hammer: Automated Rowhammer Detection Using Unsupervised Deep Learning. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2021. Lecture Notes in Computer Science(), vol 12809. Springer, Cham. https://doi.org/10.1007/978-3-030-81645-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-81645-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-81644-5

  • Online ISBN: 978-3-030-81645-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation