Side-channel attacks have recently progressed into software-induced attacks. In particular, a rowhammer attack, which exploits the characteristics of dynamic random access memory (DRAM), can quickly and continuously access the cells as the cell density of DRAM increases, thereby generating a disturbance error affecting the neighboring cells, resulting in bit flips. Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits, it has been reported that it can be exploited on various platforms such as mobile devices, web browsers, and virtual machines. Furthermore, there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks. A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys. In an attempt to mitigate a rowhammer attack, various hardware- and software-based mitigation techniques are being studied, but there are limitations in that the research methods do not detect the rowhammer attack in advance, causing overhead or degradation of the system performance. Therefore, in this study, a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.
Side-channel attacks have recently developed into other attack types not only with the data gained through direct access to hardware but also with software-induced hardware data. Among such attacks, a rowhammer attack, a fault attack on dynamic random access memory (DRAM), was reported that can occur in both double data rate (DDR) 3 and DDR4 synchronous dynamic random access memory (SDRAM), which shows the feasibility of a software-induced hardware attack. The first study to exploit the rowhammer attack demonstrated that it was possible to access DRAM using malicious programs in Intel and Advanced RISC Machine (ARM) systems, thereby inducing disturbance errors [
As described above, rowhammer attacks have been proven to be exploited in various platforms, and can damage the system memory and system itself, or grant full control to an attacker. In response to such a variety of rowhammer attacks, efforts are being made to improve DRAM chips so that they are no longer vulnerable, or to correct the errors caused by the rowhammer using an error correcting code (ECC). Alternatively, rowhammer-prone cells can be remapped or retired by increasing the refresh rate or through a static or dynamic post-manufacturing analysis. In addition, hammered cells during runtime can be identified and refreshed [
In this study, we propose a technique to detect rowhammer attacks in advance using static analysis. Section 2 describes the DRAM architecture, which is the target of a rowhammer attack. It defines the mechanism of a rowhammer attack as well as techniques to mitigate such an incident. Further, the IDA Python module used in the proposed technique for detecting rowhammer attacks is also described. In Section 3, as the proposed mechanism of this study, we conduct static analysis of rowhammer attacks and propose a technique for their detection. In Section 4, experimental results and analysis of the proposed techniques for detecting a rowhammer attack are provided. Finally, concluding remarks are given in Section 5.
A rowhammer attack exploits the structure of the cells adjacent to the DRAM. The increasing cell density of DRAM is a result of technological advancements; it can enable repeated access to rows, causing bit flips in neighboring memory rows [
In a computing environment, the main memory subsystem consists of DRAM and a memory controller. As shown in
Channel: As a data transfer pathway between DRAM and the memory controller, a single channel has a bandwidth of 64-bits.
Rank: Each rank consists of multiple DRAM banks that share an internal bus for data reading and writing. In general, DRAM is composed of two ranks consisting of eight banks.
Memory Controller: A memory controller can interact with DRAM ranks by time-multiplexing the I/O bus of the channel with a rank. As the I/O bus is shared, a memory controller serializes the accesses to different ranks of the same channel. The functions performed by the memory controllers are as follows:
Convert a process or system request into a memory system command
Generate a timing sequence by determining the priority of the command of the memory system
Send commands such as read/write/refresh to the DRAM chip
Retrieve or store data for the processor or system I/O
Chip: A memory chip consists of DRAM banks and is an integrated circuit that can store data.
Bank: As a component of a memory chip, a bank shares all internal data and a command bus within the chip. The bank is composed of circuits in which a capacitor stores electricity, and a transistor, which is a semiconductor device, acts as an amplifier. They are combined in the form of rows and columns.
Command Bus: A command bus is used to transmit and receive data between a DRAM memory chip and a memory controller.
As shown in
As technologies have advanced, the cell density of DRAM has increased and the cells are no longer isolated, causing them to electrically interact with each other [
The mechanism of a rowhammer attack involves deliberately generating a disturbance error in DRAM, as described ealier.
Code: | ||
---|---|---|
1 | mov(X), %eax | //read values of address X and Y |
2 | mov(Y), %ebx | |
3 | clflush(X) | //evict data in the cache |
4 | clflush(Y) | |
5 | jmp code | //repeat above stage |
The steps involved in the rowhammer attack mechanism are as follows:
To generate a disturbance error by accessing addresses X and Y as above, addresses X and Y must be mapped to the same bank and to different rows simultaneously. To deliberately generate a disturbance error by accessing the desired address, the address in the adjacent row of the same bank must be identified in advance. Accordingly, the virtual address needs to be mapped to the physical address. Therefore, a predictable method or a probabilistic method is used to identify the corresponding addresses. It is also necessary to bypass the cache because a quick activation of the rows in each bank of DRAM is essential to create the bit flips. To bypass the cache, it needs to clear the cache line using the clflush instruction. Consequently, the codes in
Recently, studies have been conducted to mitigate rowhammer attacks by monitoring memory alteration using additional cells. In this section, previous studies on the mitigation of rowhammer attacks are described.
The hardware-based techniques used for the mitigation of rowhammer attacks are as follows:
CRA and PRA: Counter-based row activation (CRA) and probabilistic row activation (PRA) have been proposed to mitigate rowhammer attacks. CRA employs a counter to calculate the number of activations of each row, and if the corresponding counter exceeds the hammering threshold, a dummy activation is actively transmitted to refresh the data. PRA is used to reduce the overhead that is incurred during CRA, which facilitates the generation of a dummy activation probabilistically for all memory accesses. CRA and PRA require an additional counter to count the number of hammerings of the victim rows [ GuardION: GuardION defends against direct memory access (DMA)-based attacks in an ARM environment. This method enables buffers to be physically isolated by adding two empty rows called guard rows. It eliminates the possibility of a bit flip because the victim rows can be arranged more than one row away from the attacked rows [ ECC memory: To defend against rowhammer attacks, error correcting code (ECC) memory is introduced in each rank of DRAM. This method adds a parity bit for detecting errors occurring in data bits and a control bit for transmitting whether an error has occurred. ECC memory was used to detect and correct errors that could occur owing to the external environment of DRAM, and the introduction of ECC memory became an obstacle for exploitation during a rowhammer attack. However, it has been reported that an attack called ECCploit can be used to conduct a rowhammer attack even in ECC memory-added DRAM [ TRR: In response to rowhammer attacks, a target row refresh (TRR) has been implemented in a DDR4 model to refresh adjacent rows when an access is attempted beyond the threshold value. However, even in TRR-applied DRAM, rowhammer attacks can be reactivated by enabling bit flip attacks through new hammering patterns [
The aforementioned methods that use hardware to mitigate rowhammer attacks require additional hardware resources to detect or monitor errors, which can degrade the performance of existing devices. Furthermore, the rowhammer may be reactivated despite the application of rowhammer attack mitigation techniques to DRAM.
Mitigating technique | Description | Disadvantages | |
---|---|---|---|
CRA and PRA | Counters are added to calculate the number of activations of each row to apply a data refresh based on the threshold of the number of hammerings | Degradation of memory performance from memory overhead and additional counters | |
GuardION | Guard rows are added to reduce the possibility of rowhammer occurrence through physical isolation of buffers | Degradation of memory performance from the use of memory resources in DRAM | |
ECC memory | A parity bit that detects errors in a data bit is added to detect and correct memory errors in DRAM | Degradation of memory performance from additional bit adoption and calculation, and the possibility of bypassing through ECCploit attack | |
TRR(target row refresh) | The number of row activations is calculated, and if the corresponding count exceeds the threshold, a data refresh is used | Possibility of bypassing through new hammering patterns such as TRRespass |
The software-based techniques used for mitigation of rowhammer attacks are as follows:
ANVIL: ANVIL, a software-based method for mitigating rowhammers, detects rowhammer attacks by tracking the access location of DRAM using an existing hardware performance counter. Subsequently, victim rows within the vicinity are selectively refreshed to prevent hammering operations on the victim rows that are frequently accessed through rowhammer attacks [ Technique using skewed hash tree: The occurrence of a bit flip is detected through a secure hash algorithm-3 (SHA-3) Keccack hash function-based dynamic integrity tree structure and a sliding window [ Technique using deep learning: Another study adopted a convolutional neural network (CNN) model, which is a deep learning model, to analyze the access patterns of DRAM in order to predict the rows where rowhammer attacks can occur in advance [
As such, the techniques that use software to mitigate rowhammer attacks require the process of monitoring DRAM to adjust the refresh rate or predicting the rows in which an attack may occur by learning the DRAM access patterns.
Mitigating technique | Description | Disadvantage | |
---|---|---|---|
ANVIL | A rowhammer attack can be detected through the location of rows frequently accessed by DRAM using the existing hardware performance counters | System overhead may be inccured and a modification of the Linux kernel is required | |
Technique using skewed hash tree | Bit flips can be detected through a dynamic integrity tree structure and sliding window | Memory controller is needed to store the root hash and the safety of the MC should be ensured | |
Technique using deep learning | Rows, where a rowhammer attack could occur, can be predicted by learning the access patterns of DRAM | The training of patterns exploiting various rowhammers is required for deep learning |
The interactive disassembler (IDA) is most widely known as a disassembler and is a tool that can be used to perform static analysis of binaries [
Module of IDA python | Input | Output | |
---|---|---|---|
FindText() | Address to start retrieval, string to retrieve, etc. | When the string is found, the address containing the corresponding string | |
GetFunctionName() | Specific address | The name of the function that the input address belongs to | |
GetDisasm() | Specific address | The assembly code that corresponds to the address received as the input |
This section analyzes the common features of various rowhammer attack files through a static analysis on such files that use x86-64 instructions. Based on this, we propose a technique for detecting rowhammer attacks.
Files that trigger the rowhammers used for actual attacks are limited because of the difficulty of conducting an attack in a real-world environment. Furthermore, the number of proof-of-concept rowhammer files that verify the operability in a variable environment is limited. Among them, the attack codes of the rowhammer files using an x86-64 instruction are also limited. Currently, there are six reported attack codes [
In this study, a static analysis was used to detect a rowhammer attack. The analysis was conducted to analyze the attack files without direct execution and facilitates the search for suspicious features and codes [
Attack file | mov | clflush | mmap | cpuid | rdtscp | mfence | open |
---|---|---|---|---|---|---|---|
Double side rowhammer | 1,024,000 | 1,024,000 | 1 | – | – | – | 2 |
Run_rohammer | 1,200,000 | 1,200,000 | 1 | – | 1 | 2 | 1 |
Pinpoint rowhammer | 1,200,000 | 1,200,000 | 1 | – | – | 1 | 1 |
Rowhammer-haswsell | 1,000,000 | 1,000,000 | 1 | 1 | 1 | – | 1 |
Rowhammer-ivy | 1,000,000 | 1,000,000 | 1 | 1 | 1 | – | 1 |
Rowhammer-sandy | 1,000,000 | 1,000,000 | 1 | 1 | 1 | – | 1 |
As shown in mov and clflush: Mov and clflush used in the static analysis proposed in this study deal with memory access, as shown in mmap: Mmap requests the kernel to perform mapping according to the given memory length at the starting position of the given object [ cupid: Cpuid informs hardware information such as the model, manufacturer, and processor of the user device [ rdtscp: Rdtscp is a command that returns the TSC value of the process. It is a serialization command that is executed sequentially. Thus, it does not facilitate parallel execution [ mfence: Mfence is a command that prevents the parallel execution of memory loading and storing of commandsexecution when consecutive memory commands are executed [ open: The open function for /proc/self/pagemap is used in the proposed technique. Attack files use the pagemap interface to find attack rows for each victim row [
The technique proposed in this paper, shown in
If the input file uses the open API and simultaneously accesses “/proc/self/pagemap” from the open API, it is determined that the input file uses pagemap. Because the use of pagemap alone cannot determine the rowhammer, the presence of a rowhammer is not determined in this step. If the input file access the pagemap, there is a possibility that it is searching the victim rows to conduct a rowhammer attack: hence, the process proceeds to the subsequent step (Step 2). This can be implemented as shown in
Find_pagemap: | |
---|---|
1 | WHILE start |
2 | start |
3 | IF start address does not exist, “/proc/self/pagemap” cannot be found |
4 | ELSE IF start address is called in “open,” RETURN TRUE |
5 | start |
6 | RETURN FALSE |
If the input file applies memory mapping using the mmap API function, it is determined that the input file conducts memory mapping. The mmap function requests the kernel to map the object pointed by the file descriptor into memory, which can be used not only in rowhammers but also in various executable files. Accordingly, because the use of nmap alone cannot determine the rowhammer, the presence of rowhammer is not determined in this step. Because there is a possibility of a pre-memory mapping step for executing the rowhammer if the input file applies memory mapping, the process proceeds to the subsequent step (Step 3). This can be implemented as shown in
Find_mmap: | |
---|---|
1 | FOR all functions used in input file: |
2 | |
3 | IF func_name is “mmap,” RETURN TRUE |
5 | ELSE, RETURN FALSE |
If a memory read operation is conducted using the mov opcode for the same address, and the cache line is evicted by using the clflush opcode, this process is determined as a re-read operation. If it is determined as a re-read operation, the process proceeds to Step 4 to analyze the number of hammerings. Also, if it is decidedthat the re-read operation is not applied. it determines that the given file is a file other than a rowhammer file. This process is implemented as shown in
Find_hammering: | |
---|---|
1 | while start |
2 | start |
3 | IF start address does not exist, “clflush” cannot be found |
4 | ELSE |
5 | mov |
6 | IF the corresponding address does not exist, a re-read is not conducted |
7 | ELSE |
8 | IF any command corresponding to mov address accesses a register such as clflush, |
9 | go to number_hammering |
10 | ELSE, re-read is not performed |
11 | start |
12 | RETURN |
Step 4 is conducted to analyze the number of re-read operations in Step 3. In Step 4, the file is determined as a rowhammer file if the number of hammerings in which the re-read operation is repeated is 1,000,000 or more. If the number is less than 1,000,000, it is determined that the given file is not a rowhammer file. The threshold is set to 1,000,000 because the number of re-reads using mov and clflush in the read rowhammer file is 1,000,000 according to the static analysis of the rowhammer file, as shown in
Number_hammering: | |
---|---|
1 | |
2 | IF a label is called in a jump statement |
3 | cmp |
4 | IF the comparison number of “cmp” is 1,000,000 or more |
5 | RETURN it is a rowhammer |
6 | ELSE |
7 | RETURN it is not a rowhammer |
Malicious File: any malicious software executable file, other than rowhammer attack file
Normal File: any normal software executable file, other than rowhammer attack file
To evaluate the method proposed in this study, test sets were established, as shown in
Type of file | Index | Name of file |
---|---|---|
A. Rowhammer attack file | 1 | Double side rowhammer |
2 | Run_rohammer | |
3 | Pinpoint rowhammer | |
4 | Rowhammer-haswsell | |
5 | Rowhammer-ivy | |
6 | Rowhammer-sandy | |
B. Malicious file | 1 | Spectre |
2 | Eggshell | |
3 | Big_file_writer | |
4 | Fork_bomb | |
5 | Mem_killer | |
6 | Sleeper | |
C. Normal file | 1 | Apt |
2 | Basename | |
3 | Chrome-sandbox | |
4 | Dpkg | |
5 | gettext | |
6 | lsattr |
Operating system | Windows 10 pro |
---|---|
CPU | Intel |
RAM | 64 GB |
IDA Pro | version 6.8.150423 (64-bits) |
Python | version 3.8 |
When the results of the rowhammer attack files were analyzed through the proposed detection technique of the rowhammer attack described in Section 3.3, the following results were derived. When the rowhammer detection technique proposed in this study was applied, six actual rowhammer attack files, which corresponded to true positives, were detected as rowhammer files, and 12 rowhammer attack files, which corresponded to true negatives, were detected as non-rowhammer files, as shown in
Confusion matrix | True condition | ||
---|---|---|---|
Condition positive | Condition negative | ||
Predicted condition | Predicted condition positive | 6 | 0 |
Predicted condition negative | 0 | 12 |
According to the results of detecting the actual rowhammer files (A.1–A.6 in
As shown, all rowhammer attack files executed in the x86-64 instruction were accurately detected. All rowhammer attack files were confirmed as using the API that accessed the pagemap and conducted memory mapping through open (“/proc/self/pagemap”). Furthermore, by identifying the mov and clflush commands that access the same register in all attack files, it was possible to determine whether the re-read operation was performed. Although the number of re-read hammerings was different for each attack file, the detection was possible because the number of hammerings was determined to be 1,000,000 or more.
According to the results of detecting non-rowhammer files (B.1–B.6, C.1–C.6 in
Condition Positive–-Predicted Condition Positive: Result of detecting an actual rowhammer file as a rowhammer file (true positive)
Condition Negative–-Predicted Condition Positive: Result of detecting an actual non-rowhammer file as a rowhammer file (false positive)
Condition Positive–-Predicted Condition Negative: Result of detecting an actual rowhammer file as a non-rowhammer file (false negative)
Condition Negative–-Predicted Condition Negative: Result of detecting an actual non-rowhammer file as a non-rowhammer file (true negative).
According to recent studies, next-generation DRAM chips are vulnerable to rowhammer attacks, which can be carried out on various platforms (e.g., Android, ARM, and Linux) and environments (e.g., JavaScript, and network packets), which can be used in various attacks such as kernel privilege escalation, full control, and encryption key tampering. Thus, to mitigate rowhammer attacks, various studies are being conducted, such as adjusting the refresh rate of the DRAM chip, or adding a guard row by monitoring the number of row activations. However, these techniques require continuous monitoring, which can cause overhead or additional hardware resources, resulting in performance degradation. Although efforts are being made to cope with rowhammer attacks, despite the performance degradation and overhead, it is known that it is extremely difficult to mitigate these attacks while generating less overhead in terms of efficiency [
The proposed technique applies a static detection method for rowhammers using an x86-64 instruction, which is the first study on detecting rowhammers in advance because rowhammers can be exploited in attacks such as a privilege escalation and encryption key alteration. In this paper, we applied six datasets to simulate the proposed technique. Datasets that trigger the rowhammers used for actual attacks are limited because of the difficulty of conducting an attack in a real-world environment. Furthermore, the number of rowhammer files that were collected was limited to the number of proof-of-concept files that proved the method operation in a variable environment. Among them, the attack codes of the rowhammer files using an x86-64 instruction were also limited.
If the proposed static-analysis-based detection technique is applied based on an opcode and API analysis using various platforms such as Android and ARM, which have been proven to be exploitable by rowhammers, the method will help with the classification of existing malicious codes as well as a pre-detection of rowhammer attacks operating in various environments. Furthermore, to cope with various software-induced hardware fault attacks as well as rowhammer attacks, studies on detection prior to attack file exploitation of file vulnerabilities are needed, as are studies on adding hardware resources or hardware monitoring.