Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip...
Transcript of Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip...
![Page 1: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/1.jpg)
Exploiting Correcting Codes:On the Effectiveness of ECC Memory Against
Rowhammer Attacks
Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos
![Page 2: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/2.jpg)
![Page 3: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/3.jpg)
Rowhammer (RH) causes bits to flip
● Exploit to escalate privilege [Seaborn ’15]● Exploit to escape sandboxes [Seaborn ’15, Gruss ’18]● Exploit to compromise confidentiality [Razavi ‘16]● Exploit different targets:
– Desktop computers (browser, local shell etc.)– On phones [van der Veen ‘17], on GPUs [Frigo ‘18]– Over the network [Tatar ‘18, Lipp ‘18]
![Page 4: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/4.jpg)
1 2 3 4 5 6 7 8
Previous RH attacks are on non-server memory
![Page 5: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/5.jpg)
1 2 3 4 5 6 7 8
1 2 3 4 5 6 7 8C
Previous RH attacks are on non-server memory
ECCploit, RH on server (ECC) memory
![Page 6: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/6.jpg)
Overview
1) Challenges for RH on ECC memory
2) Single-bit flips on ECC memory1) Causing them
2) Observing them
3) Reverse engineering of ECC functions
4) Performance of Rowhammer on ECC memory
![Page 7: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/7.jpg)
What makes the exploitation of ECC memory difficult?
![Page 8: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/8.jpg)
BIT FLIPSBIT FLIPS
![Page 9: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/9.jpg)
It is hard (and dangerous) to get 3 bit flipsP
roba
bilit
y of
X b
its t
o be
flip
ped
1 bit flipped
2 bits flipped
3 bits flipped
![Page 10: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/10.jpg)
It is hard (and dangerous) to get 3 bit flipsP
roba
bilit
y of
X b
its t
o be
flip
ped
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
![Page 11: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/11.jpg)
It is hard (and dangerous) to get 3 bit flipsP
roba
bilit
y of
X b
its t
o be
flip
ped
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
Potentially uncorrectablemachine crash
![Page 12: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/12.jpg)
It is hard (and dangerous) to get 3 bit flipsP
roba
bilit
y of
X b
its t
o be
flip
ped
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
Potentially uncorrectablemachine crash
Potentially uncorrectablepotentially undetectable
![Page 13: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/13.jpg)
It is hard (and dangerous) to get 3 bit flips
Kind of useless for Rowhammer Pro
babi
lity
of X
bits
to
be f
lippe
d
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
Potentially uncorrectablemachine crash
Potentially uncorrectablepotentially undetectable
![Page 14: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/14.jpg)
It is hard (and dangerous) to get 3 bit flips
Rowhammer on ECC memory is a mere DoS attack!Pro
babi
lity
of X
bits
to
be f
lippe
d
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
Potentially uncorrectablemachine crash
Potentially uncorrectablepotentially undetectable
![Page 15: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/15.jpg)
It is hard (and dangerous) to get 3 bit flips
ECCploit is an upgrade from the DoS attack.ECCploit only causes undetectable bit flips
Pro
babi
lity
of X
bits
to
be f
lippe
d
1 bit flipped
2 bits flipped
3 bits flipped
Corrected by ECC
Potentially uncorrectablemachine crash
Potentially uncorrectablepotentially undetectable
![Page 16: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/16.jpg)
Q: How to get from one bit flip to three bit flipswithout hitting two bit flips?
1 3
![Page 17: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/17.jpg)
A: Templating bit flips on ECC memory (ECCploit)
1. Get single bit flips
2. Combine them to cause silent corruptions (same ECC)
![Page 18: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/18.jpg)
Challenge: causing a single bit to flip
![Page 19: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/19.jpg)
Challenge: causing a single bit to flip
1 1 1 1 1 1 ... 1A
0 1 1 1 1 1 ... 1V
1 1 1 1 1 1 ... 1A
![Page 20: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/20.jpg)
Challenge: causing a single bit to flip
1 1 1 1 1 1 ... 1A
0 1 1 1 1 1 ... 1V
1 1 1 1 1 1 ... 1A
![Page 21: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/21.jpg)
Challenge: causing a single bit to flip
1 1 1 1 1 1 ... 1A
0 1 1 1 1 1 ... 1V
1 1 1 1 1 1 ... 1A
1 1 1 1 1 1 ... 1A:
1 0 1 1 1 1 ... 1V:
1 1 1 1 1 1 ... 1A:
1 1 1 1 1 1 ... 1A:
1 1 0 1 1 1 ... 1V:
1 1 1 1 1 1 ... 1A:
1 1 1 1 1 1 ... 1A:
1 1 1 0 1 1 ... 1V:
1 1 1 1 1 1 ... 1A:
1 1 1 1 1 1 ... 1A:
1 1 1 1 0 1 ... 1V:
1 1 1 1 1 1 ... 1A:
1 1 1 1 1 1 ... 1A:
1 1 1 1 1 0 ... 1V:
1 1 1 1 1 1 ... 1A:
![Page 22: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/22.jpg)
Challenge: observing a single bit flip
![Page 23: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/23.jpg)
Challenge: observing a single bit flip
![Page 24: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/24.jpg)
ECC correction is observable
Word offset inside row
![Page 25: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/25.jpg)
A: Templating bit flips on ECC memory (ECCploit)
1. Get single bit flips
2. Combine them to cause silent corruptions (same ECC)
![Page 26: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/26.jpg)
Challenge: finding a suitable 3 bit flip that cause silent corruptions
![Page 27: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/27.jpg)
Challenge: finding a suitable 3 bit flip that cause silent corruptions
![Page 28: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/28.jpg)
Challenge: finding a suitable 3 bit flip that cause silent corruptions
Reverse engineering the ECC implementation
![Page 29: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/29.jpg)
ECC errors reveal the ECC function
Fault injection on the memory bus Cold-boot attack
![Page 30: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/30.jpg)
ECC errors reveal the ECC function
Fault injection on the memory bus Cold-boot attack
![Page 31: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/31.jpg)
CPU writes data and control bits
*ptr = data;
MemoryController
64 bits of data
ControlBits = ECC(data); ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 32: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/32.jpg)
CPU writes data and control bits
*ptr = data;
MemoryController
64 bits of data
ControlBits = ECC(data); ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 33: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/33.jpg)
CPU reads data and checks control bits
data = *ptr;
MemoryController
64 bits of data
CB_exp = ECC(data);if (CB_read != CB_exp)
Error(DataForRAS);
ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 34: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/34.jpg)
We can reconstruct the ECC function by observing ECC errors
data = *ptr;
MemoryController
64 bits of data
CB_exp = ECC(data);if (CB_read != CB_exp)
Error(DataForRAS);
ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 35: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/35.jpg)
We can reconstruct the ECC function by observing ECC errors
data = *ptr;
MemoryController
64 bits of data
CB_exp = ECC(data);if (CB_read != CB_exp)
Error(DataForRAS);
ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 36: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/36.jpg)
We can reconstruct the ECC function by observing ECC errors
data = *ptr;
MemoryController
64 bits of data
CB_exp = ECC(data);if (CB_read != CB_exp)
Error(DataThatWeUseForRE);
ECC bits are storednext to data
64 bits of data
8 bits of ECC
12
34
56
78
C
![Page 37: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/37.jpg)
ECCploit attack
1) Recover the ECC function (offline)
2) Template the memory
1) Avoid crashes by triggering only single-bit flips
2) Knowing the ECC function, combine single bit flips in undetectable bit flips
3) Massage the memory
4) Run the Exploit
![Page 38: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/38.jpg)
How long it takes to template ECC memory for Rowhammer?*
*On our setup
![Page 39: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/39.jpg)
How long it takes to template ECC memory for Rowhammer?*
● If a perfect side channel (bit granularity) it takes:– 32 minutes for PTE or code change
– 2 hours for the RSA key attack
*On our setup
![Page 40: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/40.jpg)
How long it takes to template ECC memory for Rowhammer?*
● If a perfect side channel (bit granularity) it takes:– 32 minutes for PTE or code change
– 2 hours for the RSA key attack
● If a typical side channel (word granularity) it takes:– 19 hours for PTE or code change
– 3 days for RSA key attack
*On our setup
![Page 41: Exploiting Correcting Codes: On the Effectiveness of ECC ... · Rowhammer (RH) causes bits to flip Exploit to escalate privilege [Seaborn ’15] Exploit to escape sandboxes [Seaborn](https://reader034.fdocuments.us/reader034/viewer/2022042806/5f69e00b75b0d56dfa4ee3f8/html5/thumbnails/41.jpg)
Error Correcting Codes:Only Slow Down Rowhammer Attacks
https://vusec.net/projects/eccploit