Solve : Rowhammer attacks: No Protection??

1.	Solve : Rowhammer attacks: No Protection??
Answer» A Rowhammer attack ? What is it? Background: Quote A high-level illustration of DRAM organization, which includes memory cells ... address decoders..., and sense amplifiers... In dynamic RAM (DRAM), each bit of stored data occupies a separate memory cell ... The charge state of a capacitor... with some additional logic that organizes the cells for the purposes of READING, writing and refreshing the data.[7][8] (From Wikipedia.) In loose terms, it means there is a way to sneak into DRAM activity and defeat CRYPTOGRAPHY used as a security wall. Here is a new report by Dan Goodin - 8/31/201 New cloud attack takes full control of virtual machines with little effort. In his article above, Dan Goodin says Rowhammer attacks could come at anytime and the is no effective way to defend important data. Quote Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of COMPUTERS that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit. Really? Postscript: The same author wrote earlier this year about a DRAM 'bug' that allows a posible row hammer attack. Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” Quote And of course, the memory chips used by the host must be vulnerable to Rowhammer attacks, a requirement that's met by 110 out of 129 DDR3 models and eight out of 12 DDR4 varieties tested. Lastly, the PROTOTYPE attack relied on a Linux setting known as transparent huge pages to make the attack simpler and faster, but the researchers said it would work even if the setting wasn't enabled Curious if this also affects ECC RAM with ( error correction ). To me it would SEEM that it would only affect NON-ECC possibly Memory hacks are nothing new, used by many game cheats etc, however Rowhammer is interestingly different in that its hard to control where data corrupting bits were flipped. In game hacks that inject RAM addresses it was my understanding that specific addresses are targeted, unless there is a RAM sniffer that parses the RAM looking for a binary string match and then knowing that say the next 8 bits are to be targeted from the end of the last piece of info that designates its placement within RAM, so that a system with say 1GB RAM it might be sitting at 768 to 769MB block of 1MB while a system with 2GB RAM it night be between 1311 and 1312MB block so the address changes and address cant be targeted because its not the same for all systems. And so the address to target then has to be searched for by a unique identifier flag in memory to know where to start the 8 bit read at say 00110101 and then alter and write back or forced write back to 11111111 without reading in to make a game run a character in a god mode where the health memory address is targeted and injected to keep it max value at a certain iteration that doesnt waste clock cycles degrading performance and always keeps the health set to max.As for ECC, it is of some help, but not enough. What works is a more complex preventative method that senses a posible Rowhammer attack and refreshes the other rows to prevent the error. See the Wikipedia articles. https://en.wikipedia.org/wiki/Row_hammer ...page was last modified on 13 July 2016 What is scary is that some researchers claim the Row hammer can become more aggressive and hard to prevent. Other sties have echoed this recent claim. Micron, the chip maker, gave a report last year, but now some new research sounds grim. [Micro did not mention it in a new report.] http://investors.micron.com/results.cfm Most recent links like the one in my first post:: https://www.wired.com/2016/08/new-form-hacking-breaks-ideas-computers-work/ http://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml http://www.hostingtalk.it/rowhammer-exploit-vm-cloud/ Well I just bought 16GiB of G.Skill DDR4 for my cousin's Skylake build. And of course, before I even installed Windows, I let it run through 8 passes for Memtest86 6.3, which includes a very long rowhammer test. It's the single longest test and its PASSED!

Answer»

A Rowhammer attack ? What is it?
Background:
Quote

A high-level illustration of DRAM organization, which includes memory cells ... address decoders..., and sense amplifiers...
In dynamic RAM (DRAM), each bit of stored data occupies a separate memory cell ... The charge state of a capacitor... with some additional logic that organizes the cells for the purposes of READING, writing and refreshing the data.[7][8]

(From Wikipedia.)
In loose terms, it means there is a way to sneak into DRAM activity and defeat CRYPTOGRAPHY used as a security wall.
Here is a new report by Dan Goodin - 8/31/201
New cloud attack takes full control of virtual machines with little effort.
In his article above, Dan Goodin says Rowhammer attacks could come at anytime and the is no effective way to defend important data.
Quote

Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of COMPUTERS that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit.

Really?

Postscript:
The same author wrote earlier this year about a DRAM 'bug' that allows a posible row hammer attack.
Once thought safe, DDR4 memory shown to be vulnerable to “Rowhammer” Quote

And of course, the memory chips used by the host must be vulnerable to Rowhammer attacks, a requirement that's met by 110 out of 129 DDR3 models and eight out of 12 DDR4 varieties tested. Lastly, the PROTOTYPE attack relied on a Linux setting known as transparent huge pages to make the attack simpler and faster, but the researchers said it would work even if the setting wasn't enabled

Curious if this also affects ECC RAM with ( error correction ). To me it would SEEM that it would only affect NON-ECC possibly

Memory hacks are nothing new, used by many game cheats etc, however Rowhammer is interestingly different in that its hard to control where data corrupting bits were flipped. In game hacks that inject RAM addresses it was my understanding that specific addresses are targeted, unless there is a RAM sniffer that parses the RAM looking for a binary string match and then knowing that say the next 8 bits are to be targeted from the end of the last piece of info that designates its placement within RAM, so that a system with say 1GB RAM it might be sitting at 768 to 769MB block of 1MB while a system with 2GB RAM it night be between 1311 and 1312MB block so the address changes and address cant be targeted because its not the same for all systems. And so the address to target then has to be searched for by a unique identifier flag in memory to know where to start the 8 bit read at say 00110101 and then alter and write back or forced write back to 11111111 without reading in to make a game run a character in a god mode where the health memory address is targeted and injected to keep it max value at a certain iteration that doesnt waste clock cycles degrading performance and always keeps the health set to max.As for ECC, it is of some help, but not enough.
What works is a more complex preventative method that senses a posible Rowhammer attack and refreshes the other rows to prevent the error.
See the Wikipedia articles.
https://en.wikipedia.org/wiki/Row_hammer
...page was last modified on 13 July 2016

What is scary is that some researchers claim the Row hammer can become more aggressive and hard to prevent. Other sties have echoed this recent claim.

Micron, the chip maker, gave a report last year, but now some new research sounds grim. [Micro did not mention it in a new report.] http://investors.micron.com/results.cfm

Most recent links like the one in my first post::

https://www.wired.com/2016/08/new-form-hacking-breaks-ideas-computers-work/

http://news.softpedia.com/news/new-ffs-rowhammer-attack-targets-linux-vm-setups-507290.shtml

http://www.hostingtalk.it/rowhammer-exploit-vm-cloud/
Well I just bought 16GiB of G.Skill DDR4 for my cousin's Skylake build. And of course, before I even installed Windows, I let it run through 8 passes for Memtest86 6.3, which includes a very long rowhammer test. It's the single longest test and its PASSED!

Solve : Rowhammer attacks: No Protection??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment