Abstract | ||
---|---|---|
Cloud providers are concerned that Rowhammer poses a potentially critical threat to their servers, yet today they lack a systematic way to test whether the DRAM used in their servers is vulnerable to Rowhammer attacks. This paper presents an endto-end methodology to determine if cloud servers are susceptible to these attacks. With our methodology, a cloud provider can construct worst-case testing conditions for DRAM.We apply our methodology to three classes of servers from a major cloud provider. Our findings show that none of the CPU instruction sequences used in prior work to mount Rowhammer attacks create worst-case DRAM testing conditions. To address this limitation, we develop an instruction sequence that leverages microarchitectural side-effects to "hammer" DRAM at a near-optimal rate on modern Intel Skylake and Cascade Lake platforms. We also design a DDR4 fault injector that can reverse engineer row adjacency for any DDR4 DIMM. When applied to our cloud provider's DIMMs, we find that DRAM rows do not always follow a linear map. |
Year | DOI | Venue |
---|---|---|
2020 | 10.1109/SP40000.2020.00085 | 2020 IEEE Symposium on Security and Privacy (SP) |
Keywords | DocType | ISSN |
cloud provider,Rowhammer attacks,cloud servers,worst-case testing conditions,worst-case DRAM testing conditions,end-to-end methodology,Intel Skylake,Cascade Lake platform,CPU instruction sequences | Conference | 1081-6011 |
ISBN | Citations | PageRank |
978-1-7281-3498-7 | 10 | 0.45 |
References | Authors | |
21 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Cojocar Lucian | 1 | 10 | 0.45 |
Jeremie Kim | 2 | 263 | 13.68 |
Minesh Patel | 3 | 204 | 9.82 |
Lillian Tsai | 4 | 10 | 0.79 |
Stefan Saroiu | 5 | 3959 | 282.34 |
Alec Wolman | 6 | 3496 | 267.66 |
Onur Mutlu | 7 | 9446 | 357.40 |