Wider research context: DRAM stores data in memory cells consisting of arrays of capacitors and transistors. To improve storage capacity, performance, and efficiency, manufacturers continuously increase these arrays’ density. At high density, fast readout can unintentionally cause neighboring memory cells to change their value. This effect, known as Rowhammer, can be deliberately exploited to bypass memory isolation and thus jeopardize system security. Research in recent years has shown that Rowhammer can be exploited almost everywhere, e.g., in (LP) DDR3, (LP) DDR4 and DDR5 and also on multiple platforms: x86 (AMD, Intel), Arm, and RISC-V. Effective defense mechanisms are not yet known. Innovation: The Rowhammer effect and its effects have not yet been fully researched in many applications and environments. This research project contributes to closing these knowledge gaps by analyzing the Rowhammer effect and developing effective protective measures against it. Hypotheses: Rowhammer is a systemic design flaw of DRAM that is widely exploitable on Arm systems. Rowhammer attacks can be more efficient with coverage-guided fuzzing, amplification attacks, and bank-level parallelization. Attackers can still conduct Rowhammer attacks from JavaScript without preconditions. Rowhammer attacks are also relevant for non-volatile devices, such as flash memory. Software-based mitigations can pinpoint and efficiently protect targets of privilege-escalation attacks, such as PTEs. Minimal hardware changes can mitigate Rowhammer effectively and efficiently. Approach and Methods: First, we will extend our automated test suite, FlippyR.AM, to conduct another large-scale study of the Rowhammer effect and investigate whether Arm systems are equally vulnerable to the x86 architecture. Second, we will conduct a study investigating Rowhammer amplification attacks on modern DRAMs. Third, we will conduct a study to perform Rowhammer attacks using JavaScript without preconditions. Fourth, we will conduct a study investigating Rowhammer attacks on non-volatile memory such as flash memory. Fifth, to research and develop novel and effective software-based defenses against Rowhammer attacks. Sixth, to research and develop minimal hardware changes in hardware architecture to defend against Rowhammer attacks.

DFG Programme Research Grants

International Connection Austria

Partner Organisation Fonds zur Förderung der wissenschaftlichen Forschung (FWF)

Cooperation Partner Professor Dr. Daniel Gruss