TY - GEN
T1 - Triggering rowhammer hardware faults on ARM
T2 - 2nd Workshop on Attacks and Solutions in Hardware Security, ASHES 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security, CCS 2018
AU - Zhang, Zhenkai
AU - Zhan, Zihao
AU - Balasubramanian, Daniel
AU - Koutsoukos, Xenofon
AU - Karsai, Gabor
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2018/10/15
Y1 - 2018/10/15
N2 - The rowhammer bug belongs to software-induced hardware faults, and has posed great security challenges to numerous systems. On x86, many approaches to triggering the rowhammer bug have been found; yet, due to several different reasons, the number of discovered approaches on ARM is limited. In this paper, we revisit the problem of how to trigger the rowhammer bug on ARM-based devices by carefully investigating whether it is possible to translate the original x86-oriented rowhammer approaches to ARM. We provide a thorough study of the unprivileged ARMv8-A cache maintenance instructions and give two previously overlooked reasons to support their use in rowhammer attacks. Moreover, we present a previously undiscovered instruction that can be exploited to trigger the rowhammer bug on many ARM-based devices. A potential approach to quickly evicting ARM CPU caches is also discussed, and experimental evaluations are carried out to show the effectiveness of our findings.
AB - The rowhammer bug belongs to software-induced hardware faults, and has posed great security challenges to numerous systems. On x86, many approaches to triggering the rowhammer bug have been found; yet, due to several different reasons, the number of discovered approaches on ARM is limited. In this paper, we revisit the problem of how to trigger the rowhammer bug on ARM-based devices by carefully investigating whether it is possible to translate the original x86-oriented rowhammer approaches to ARM. We provide a thorough study of the unprivileged ARMv8-A cache maintenance instructions and give two previously overlooked reasons to support their use in rowhammer attacks. Moreover, we present a previously undiscovered instruction that can be exploited to trigger the rowhammer bug on many ARM-based devices. A potential approach to quickly evicting ARM CPU caches is also discussed, and experimental evaluations are carried out to show the effectiveness of our findings.
KW - Hardware Faults
KW - Microarchitectural Attacks
KW - Rowhammer
UR - http://www.scopus.com/inward/record.url?scp=85056716989&partnerID=8YFLogxK
U2 - 10.1145/3266444.3266454
DO - 10.1145/3266444.3266454
M3 - Conference contribution
AN - SCOPUS:85056716989
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 24
EP - 33
BT - ASHES 2018 - Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security, co-located with CCS 2018
PB - Association for Computing Machinery
Y2 - 19 October 2018
ER -