16 Hits in 3.4 sec

CAn't Touch This: Practical and Generic Software-only Defenses Against Rowhammer Attacks [article]

Ferdinand Brasser and Lucas Davi and David Gens and Christopher Liebchen and Ahmad-Reza Sadeghi
2016 arXiv   pre-print
Rowhammer is a hardware bug that can be exploited to implement privilege escalation and remote code execution attacks.  ...  As proof of concept, we implemented B-CATT on x86, and our generic defense, G-CATT, on x86 and ARM to mitigate rowhammer-based kernel exploits.  ...  However, the infamous rowhammer attack [12] undermines this access control model by exploiting a hardware fault (triggered through software) to flip targeted bits in memory.  ... 
arXiv:1611.08396v2 fatcat:ksxr7kidjbhnzpksiolo7emz4a

Nethammer: Inducing Rowhammer Faults through Network Requests [article]

Moritz Lipp and Misiker Tadesse Aga and Michael Schwarz and Daniel Gruss and Clémentine Maurice and Lukas Raab and Lukas Lamster
2018 arXiv   pre-print
Nethammer is the first truly remote Rowhammer attack, without a single attacker-controlled line of code on the targeted system.  ...  Classical fault attacks show that this assumption does not hold if the attacker has physical access. Rowhammer attacks showed that local code execution is already sufficient to break this assumption.  ...  The most prominent hardware fault which can be induced by software is the Rowhammer bug, caused by a hardware reliability issue of DRAM.  ... 
arXiv:1805.04956v1 fatcat:gtx2flt7lzc35hrrb75j4x6fhu

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi
2018 2018 IEEE Symposium on Security and Privacy (SP)  
These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-toend microarchitectural compromise of a browser running on a mobile phone in under two minutes  ...  While powerful, these GPU primitives are not easy to implement due to undocumented hardware features.  ...  Corrupting data Rowhammer is a prime example of an attack that corrupts data by abusing a hardware fault.  ... 
doi:10.1109/sp.2018.00022 dblp:conf/sp/FrigoGBR18 fatcat:nawd6zg72nambprgvvjaawarj4

RowHammer: A Retrospective [article]

Onur Mutlu, Jeremie S. Kim
2019 arXiv   pre-print
RowHammer is caused by a hardware failure mechanism called DRAM disturbance errors, which is a manifestation of circuit-level cell-to-cell interference in a scaled memory technology.  ...  In this article, we comprehensively survey the scientific literature on RowHammer-based attacks as well as mitigation techniques to prevent RowHammer.  ...  user-level application that requires no permissions, takeover of a mobile system quickly by triggering RowHammer using a mobile GPU, and takeover of a remote system by triggering RowHammer on it through  ... 
arXiv:1904.09724v1 fatcat:eucfr7lbrvawrjtztthuharb5a

Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications [article]

Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, Onur Mutlu
2021 arXiv   pre-print
The RowHammer vulnerability in DRAM is a critical threat to system security.  ...  U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows.  ...  Mutlu, “Understanding and Modeling mer Attacks on ARM,” in DIMVA, 2018. On-Die Error Correction in Modern DRAM: An Experimental Study Using Real [125] R. K.  ... 
arXiv:2110.10603v1 fatcat:ab7zgdwb3vaqtbszjmyxuvngny

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation

Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir
2019 2019 IEEE Symposium on Security and Privacy (SP)  
Hardware Performance Counters (HPCs) have been available in processors for more than a decade. These counters can be used to monitor and measure events that occur at the CPU level.  ...  Modern processors provide hundreds of hardware events  ...  The points of manipulation produce an overcount of one instruction for every page fault triggered.  ... 
doi:10.1109/sp.2019.00022 dblp:conf/sp/BrotzmanLZTK19 fatcat:raatzjxbnrepdo5ll4d3vlmtce

Speculative Buffer Overflows: Attacks and Defenses [article]

Vladimir Kiriansky, Carl Waldspurger
2018 arXiv   pre-print
We introduce Spectre1.1, a new Spectre-v1 variant that leverages speculative stores to create speculative buffer overflows.  ...  We also present Spectre1.2: on CPUs that do not enforce read/write protections, speculative stores can overwrite read-only data and code pointers to breach sandboxes.  ...  Acknowledgments We are grateful to Joel Emer for his early feedback on this work. Thanks to Matt Miller for his thorough technical review and helpful discussions. Jason Brandt, Martin Dixon,  ... 
arXiv:1807.03757v1 fatcat:lko26y74nfcdrlgu2dxzjs7oau

MATANA: A Reconfigurable Framework for Runtime Attack Detection Based on the Analysis of Microarchitectural Signals

Yuxiao Mao, Vincent Migliore, Vincent Nicomette
2022 Applied Sciences  
The paper also describes a prototype implementation, built with a RISC-V softcore processor Rocket running Linux 4.15 on a Virtex-6 FPGA.  ...  Some approaches have attempted to benefit from existing hardware to better understand and detect the microarchitectural attacks (i.e., Hardware Performance Counters or Arm CoreSight), but such hardware  ...  Arm CoreSight is a debug and trace technology inside Arm's System-on-Chip (SoC).  ... 
doi:10.3390/app12031452 fatcat:fyzd5sragjbjlpwhxskygzflh4

Mitigating Rowhammer attacks with software diversity

Manuel Wiesinger, Edgar Weippl
This thesis analyzes publicly available attacks based on Rowhammer as well as known defenses against them. Finally, it suggests a novel solution to the problem based on software diversity.  ...  To evaluate our defense, we implemented a prototype for Linux which we evaluated using widely known benchmarks. page sacrifice is a new defense against Rowhammer based attacks.  ...  He always supported me generously and encouraged me to attempt a scientific career. Moreover, I want to thank Privatdoz. Mag  ... 
doi:10.34726/hss.2018.47713 fatcat:f7c4vhzj4jewxjo5m436ctbebu


Andre Rein
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
[88] for ARM; or (5) discrete hardware security coprocessor-based approaches, similar to [89, 90] .  ...  SKEE does not rely on hardware-based ARM TrustZone or other virtualization extensions, and thus is considered a lightweight alternative for a Trusted Execution Environment tailored explicitly for kernel-level  ... 
doi:10.1145/3052973.3052975 dblp:conf/ccs/Rein17 fatcat:fhee7m5vazc6zkxrqbcj6tsuk4

Bespoke Security for Resource Constrained Cyber-Physical Systems

Miguel Angel Arroyo
We discuss available security primitives and their limitations for both hardware and software. In particular, we focus on software security threats targeting memory safety.  ...  To provide context on the state of security for CPSs, this document begins with the development of a unifying framework that can be used to identify threats and opportunities for enforcing security policies  ...  Proactive Recovery Research on byzantine faults has focused on techniques meant to tolerate benign faults (e.g., hardware errors such as a hard drive failing, etc).  ... 
doi:10.7916/d8-cgaj-mz52 fatcat:oagan66zandbtn65x2gsacmmtu

Repurposing Software Defenses with Specialized Hardware

Kanad Sinha
One way to mitigate this problem is to complement these defenses in hardware.  ...  As a result, although numerous hardware solutions have been proposed in the past, the fact that so few of them have actually transitioned into practice implies that they were unable to strike an optimal  ...  On a page fault, the origin of the fault (DTLB or ITLB) determines whether a code or data page is expected, and fault-handling is done appropriately (as shown in Figure 3 .3).  ... 
doi:10.7916/d8-e6tc-kr63 fatcat:5mmez4ypdzfqffukip6xzaotve

Trust as a Programming Primitive

Adrien Ghosn
Throughout my PhD, Ed was supportive, trusting, but also demanding, thus finding the right balance to keep me on track while I was slowly building myself up as a researcher.  ...  We both know that you are the one to thank for every single one of my achievements.  ...  A fault triggers a VM EXIT, prints a trace of the root-cause, and stops the program's execution.  ... 
doi:10.5075/epfl-thesis-8165 fatcat:4fzojr5gxbgkppth7ze2b5lsiu

Physical Security in the Post-quantum Era: A Survey on Side-channel Analysis, Random Number Generators, and Physically Unclonable Functions [article]

Sreeja Chowdhury, Ana Covic, Rabin Yu Acharya, Spencer Dupee, Fatemeh Ganji, Domenic Forte
This survey aims to draw greater attention to the importance of physical security, with a focus on secure key generation and storage as well as secure execution.  ...  Traditionally, this trend has been primarily seen as a serious risk for cryptography; however, a positive aspect of quantum technology should also be stressed.  ...  For this, first faults have been injected through a softwareonly approach, namely Rowhammer attack [Kim et al, 2014] .  ... 
doi:10.48550/arxiv.2005.04344 fatcat:omcbbz2crfdcjfol43kepmpdjm

Dagstuhl Reports, Volume 9, Issue 7, July 2019, Complete Issue [article]

To the best of our knowledge, there is no way of bootstrapping or extending trust from a first one containing a hardware RoT to a second one which does not contain a hardware based RoT.  ...  In summary, a hardware RoT is required in all system parts which are not fully controlled by one instance already containing a hardware RoT.  ...  The seminar considered secure composition both from a pure hardware perspective, where multiple hardware blocks are composed in, e.g., a system on chip (SoC), and from a hardwaresoftware perspective where  ... 
doi:10.4230/dagrep.9.7 fatcat:x4rfs6mnwfdztnbt6lghoavg6e
« Previous Showing results 1 — 15 out of 16 results