YoVDO

Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers

Offered By: IEEE via YouTube

Tags

Hardware Vulnerabilities Courses Cybersecurity Courses Cloud Computing Courses Reverse Engineering Courses

Course Description

Overview

Explore an end-to-end methodology for cloud providers to assess their servers' vulnerability to Rowhammer attacks in this 17-minute IEEE conference talk. Learn about the challenges in creating worst-case DRAM testing conditions and discover a novel instruction sequence that leverages microarchitectural side-effects to "hammer" DRAM at near-optimal rates on modern Intel platforms. Gain insights into the development of a DDR4 fault injector for reverse engineering row adjacency and understand why DRAM rows may not always follow a linear map. Delve into the landscape of Rowhammer, key testing requirements, and the limitations of previous instruction sequences used in Rowhammer attacks. Uncover the importance of masking refresh commands and examine the complete hardware stack used in this comprehensive approach to evaluating Rowhammer susceptibility in cloud environments.

Syllabus

Intro
Landscape of Rowhammer
Rowhammer Primer
Two Key Requirements for Rowhammer Testing
Challenges in Generating Highest Rate of ACTS
Typical Rowhammer Instruction Sequence
Rate of ACTs from Previous Instruction Sequences
Our Near-Optimal Instruction Sequence on Skylake
Determining Physically Adjacent Rows
Previous Reverse-Engineering Methodology Relies on Rowhammer
Mount a Devastating Rowhammer by Masking Refreshes (REF)
Fault Injector that Masks Refresh Commands
Our Complete Hardware Stack
Row Adjacency Map
Key Takeaways
An end-to-end methodology to test if any cloud server is susceptible to Rowhammer


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Software as a Service
University of California, Berkeley via Coursera
Software Defined Networking
Georgia Institute of Technology via Coursera
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera
Web-Technologien
openHPI
Données et services numériques, dans le nuage et ailleurs
Certificat informatique et internet via France Université Numerique