Exploiting Correcting Codes: On the Effectiveness of ECC Memory - - PowerPoint PPT Presentation

exploiting correcting codes on the effectiveness of ecc
SMART_READER_LITE
LIVE PREVIEW

Exploiting Correcting Codes: On the Effectiveness of ECC Memory - - PowerPoint PPT Presentation

Nov 18, 2023 27 likes •441 views

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn 15]

slide-1
SLIDE 1

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos

slide-2
SLIDE 2
slide-3
SLIDE 3

Rowhammer (RH) causes bits to flip

  • Exploit to escalate privilege [Seaborn ’15]
  • Exploit to escape sandboxes [Seaborn ’15, Gruss ’18]
  • Exploit to compromise confidentiality [Razavi ‘16]
  • Exploit different targets:

Desktop computers (browser, local shell etc.)

On phones [van der Veen ‘17], on GPUs [Frigo ‘18]

Over the network [Tatar ‘18, Lipp ‘18]

slide-4
SLIDE 4

1 2 3 4 5 6 7 8

Previous RH attacks are on non-server memory

slide-5
SLIDE 5

1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 C

Previous RH attacks are on non-server memory ECCploit, RH on server (ECC) memory

slide-6
SLIDE 6

Overview

1) Challenges for RH on ECC memory 2) Single-bit flips on ECC memory

1) Causing them 2) Observing them

3) Reverse engineering of ECC functions 4) Performance of Rowhammer on ECC memory

slide-7
SLIDE 7

What makes the exploitation of ECC memory difficult?

slide-8
SLIDE 8

BIT FLIPS BIT FLIPS

slide-9
SLIDE 9

It is hard (and dangerous) to get 3 bit flips

Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped

slide-10
SLIDE 10

It is hard (and dangerous) to get 3 bit flips

Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC

slide-11
SLIDE 11

It is hard (and dangerous) to get 3 bit flips

Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC Potentially uncorrectable machine crash

slide-12
SLIDE 12

It is hard (and dangerous) to get 3 bit flips

Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC Potentially uncorrectable machine crash Potentially uncorrectable potentially undetectable

slide-13
SLIDE 13

It is hard (and dangerous) to get 3 bit flips

Kind of useless for Rowhammer Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC Potentially uncorrectable machine crash Potentially uncorrectable potentially undetectable

slide-14
SLIDE 14

It is hard (and dangerous) to get 3 bit flips

Rowhammer on ECC memory is a mere DoS attack! Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC Potentially uncorrectable machine crash Potentially uncorrectable potentially undetectable

slide-15
SLIDE 15

It is hard (and dangerous) to get 3 bit flips

ECCploit is an upgrade from the DoS attack. ECCploit only causes undetectable bit flips Probability of X bits to be flipped 1 bit flipped 2 bits flipped 3 bits flipped Corrected by ECC Potentially uncorrectable machine crash Potentially uncorrectable potentially undetectable

slide-16
SLIDE 16

Q: How to get from one bit flip to three bit flips without hitting two bit flips?

1 3

slide-17
SLIDE 17

A: Templating bit flips on ECC memory (ECCploit)

  • 1. Get single bit flips
  • 2. Combine them to cause silent corruptions (same ECC)
slide-18
SLIDE 18

Challenge: causing a single bit to flip

slide-19
SLIDE 19

Challenge: causing a single bit to flip

1 1 1 1 1 1 ... 1 A 0 1 1 1 1 1 ... 1 V 1 1 1 1 1 1 ... 1 A

slide-20
SLIDE 20

Challenge: causing a single bit to flip

1 1 1 1 1 1 ... 1 A 0 1 1 1 1 1 ... 1 V 1 1 1 1 1 1 ... 1 A

slide-21
SLIDE 21

Challenge: causing a single bit to flip

1 1 1 1 1 1 ... 1 A 0 1 1 1 1 1 ... 1 V 1 1 1 1 1 1 ... 1 A 1 1 1 1 1 1 ... 1 A: 1 0 1 1 1 1 ... 1 V: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 1 1 ... 1 A: 1 1 0 1 1 1 ... 1 V: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 1 1 ... 1 A: 1 1 1 0 1 1 ... 1 V: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 0 1 ... 1 V: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 1 1 ... 1 A: 1 1 1 1 1 0 ... 1 V: 1 1 1 1 1 1 ... 1 A:

slide-22
SLIDE 22

Challenge: observing a single bit flip

slide-23
SLIDE 23

Challenge: observing a single bit flip

slide-24
SLIDE 24

ECC correction is observable

Word offset inside row

slide-25
SLIDE 25

A: Templating bit flips on ECC memory (ECCploit)

  • 1. Get single bit flips
  • 2. Combine them to cause silent corruptions (same ECC)
slide-26
SLIDE 26

Challenge: finding a suitable 3 bit flip that cause silent corruptions

slide-27
SLIDE 27

Challenge: finding a suitable 3 bit flip that cause silent corruptions

slide-28
SLIDE 28

Challenge: finding a suitable 3 bit flip that cause silent corruptions

Reverse engineering the ECC implementation

slide-29
SLIDE 29

ECC errors reveal the ECC function

Fault injection on the memory bus Cold-boot attack

slide-30
SLIDE 30

ECC errors reveal the ECC function

Fault injection on the memory bus Cold-boot attack

slide-31
SLIDE 31

CPU writes data and control bits

*ptr = data; Memory Controller 64 bits of data ControlBits = ECC(data); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-32
SLIDE 32

CPU writes data and control bits

*ptr = data; Memory Controller 64 bits of data ControlBits = ECC(data); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-33
SLIDE 33

CPU reads data and checks control bits

data = *ptr; Memory Controller 64 bits of data CB_exp = ECC(data); if (CB_read != CB_exp) Error(DataForRAS); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-34
SLIDE 34

We can reconstruct the ECC function by

  • bserving ECC errors

data = *ptr; Memory Controller 64 bits of data CB_exp = ECC(data); if (CB_read != CB_exp) Error(DataForRAS); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-35
SLIDE 35

We can reconstruct the ECC function by

  • bserving ECC errors

data = *ptr; Memory Controller 64 bits of data CB_exp = ECC(data); if (CB_read != CB_exp) Error(DataForRAS); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-36
SLIDE 36

We can reconstruct the ECC function by

  • bserving ECC errors

data = *ptr; Memory Controller 64 bits of data CB_exp = ECC(data); if (CB_read != CB_exp) Error(DataThatWeUseForRE); ECC bits are stored next to data 64 bits of data 8 bits of ECC

1 2 3 4 5 6 7 8 C

slide-37
SLIDE 37

ECCploit attack

1) Recover the ECC function (offline) 2) Template the memory

1) Avoid crashes by triggering only single-bit flips 2) Knowing the ECC function, combine single bit flips in undetectable bit flips

3) Massage the memory 4) Run the Exploit

slide-38
SLIDE 38

How long it takes to template ECC memory for Rowhammer?*

*On our setup

slide-39
SLIDE 39

How long it takes to template ECC memory for Rowhammer?*

  • If a perfect side channel (bit granularity) it takes:

– 32 minutes for PTE or code change – 2 hours for the RSA key attack

*On our setup

slide-40
SLIDE 40

How long it takes to template ECC memory for Rowhammer?*

  • If a perfect side channel (bit granularity) it takes:

– 32 minutes for PTE or code change – 2 hours for the RSA key attack

  • If a typical side channel (word granularity) it takes:

– 19 hours for PTE or code change – 3 days for RSA key attack

*On our setup

slide-41
SLIDE 41

Error Correcting Codes: Only Slow Down Rowhammer Attacks

https://vusec.net/projects/eccploit