Ecole d'ingénieur et centre de recherche en Sciences du numérique

Rowhammer.js: A remote software-induced fault attack in JavaScript

Gruss, Daniel; Maurice, Clémentine; Mangard, Stefan

DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, Donostia-San Sebastian, Spain

A fundamental assumption in software security is that a memory location can only be modi ed by processes that may write to this memory location. However, a recent study has shown that parasitic e ects in DRAM can change the content of a memory cell without accessing it, but by accessing other memory locations in a high frequency. This so-called Rowhammer bug occurs in most of today's memory modules and has fatal consequences for the security of all a ected systems, e.g., privilege escalation attacks. All studies and attacks related to Rowhammer so far rely on the availability of a cache ush instruction in order to cause accesses to DRAM modules at a suciently high frequency. We overcome this limitation by defeating complex cache replacement policies. We show that caches can be forced into fast cache eviction to trigger the Rowhammer bug with only regular memory accesses. This allows to trigger the Rowhammer bug in highly restricted and even scripting environments. We demonstrate a fully automated attack that requires nothing but a website with JavaScript to trigger faults on remote hardware. Thereby we can gain unrestricted access to systems of website visitors. We show that the attack works on o -the-shelf systems. Existing countermeasures fail to protect against this new Rowhammer attack.

Document Doi Arxiv Bibtex

Titre:Rowhammer.js: A remote software-induced fault attack in JavaScript
Type:Conférence
Langue:English
Ville:Donostia-San Sebastian
Pays:ESPAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4650
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, Donostia-San Sebastian, Spain and is available at : http://dx.doi.org/10.1007/978-3-319-40667-1_15
Bibtex: @inproceedings{EURECOM+4650, doi = {http://dx.doi.org/10.1007/978-3-319-40667-1_15}, year = {2016}, title = {{R}owhammer.js: {A} remote software-induced fault attack in {J}ava{S}cript}, author = {{G}russ, {D}aniel and {M}aurice, {C}l{\'e}mentine and {M}angard, {S}tefan }, booktitle = {{DIMVA} 2016, 13th {C}onference on {D}etection of {I}ntrusions and {M}alware \& {V}ulnerability {A}ssessment, {J}uly 7-8, 2016, {D}onostia-{S}an {S}ebastian, {S}pain}, address = {{D}onostia-{S}an {S}ebastian, {ESPAGNE}}, month = {07}, url = {http://www.eurecom.fr/publication/4650} }
Voir aussi: