The Rowhammer bug is an issue in most DRAM modules which allows software to cause bit flips in DRAM cells, consequently manipulating data. Although only considered a reliability issue by DRAM vendors, research has showed that a single bit flip can subvert the security of an entire computer system.
In the introduction of the talk, we will outline the developments around Rowhammer since its presentation at Black Hat USA 2015. We discuss attacks and defenses that researchers came up with. The defenses against Rowhammer either try to prevent the Rowhammer effect entirely, or at least ensure that Rowhammer attacks cannot exploit the bug anymore.
We will present a novel Rowhammer attack that undermines all existing assumptions on the requirements for such attacks. With one-location hammering, we show that Rowhammer does not necessarily require to access two or more addresses alternatingly. We explain that modern CPUs rely on memory-controller policies that enables an attacker to use this new hammering technique. Moreover, we introduce new building blocks for exploiting Rowhammer-like bit flips which circumvent all currently proposed countermeasures. In addition to classical privilege escalation attacks, we also demonstrate a new, easily mountable denial-of-service attack which can be exploited in the cloud.
We will also show that despite all efforts, the Rowhammer bug is still not prevented. We conclude that more research is required to fully understand this bug to subsequently be able to design efficient and secure countermeasures.