Row Hammer漏洞攻击研究

doi:10.11959/j.issn.2096-109x.2018007

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (1): 69-75.doi: 10.11959/j.issn.2096-109x.2018007

• 学术论文 • 上一篇

Row Hammer漏洞攻击研究

王文伟,刘培顺()

中国海洋大学信息科学与工程学院，山东青岛 266100

修回日期:2018-01-03 出版日期:2018-01-01 发布日期:2018-02-09
作者简介:王文伟（1993-），男，陕西咸阳人，中国海洋大学硕士生，主要研究方向为信息安全。|刘培顺（1975-），男，山东菏泽人，中国海洋大学讲师，主要研究方向为网络与信息安全。
基金资助:
国家重点研发计划基金资助项目(2017YFC0806200)

Study of Row Hammer attack

Wenwei WANG,Peishun LIU()

College of Information Science and Engineering,Ocean University of China,Qingdao 266100,China

Revised:2018-01-03 Online:2018-01-01 Published:2018-02-09
Supported by:
The National Key R＆D Plan Program of China(2017YFC0806200)

摘要/Abstract

摘要：

对目前已出现的 Row Hammer 漏洞利用的相关技术和防御方法进行详尽的分析、总结和讨论，指出其蕴含的安全问题及可能的防范方法。然后对现有国内外研究工作进行了总结，指出了安全研究未来有价值的2个方向：ARM架构下Row Hammer漏洞利用技术和防范方法，以及Row Hammer漏洞的准确受控制的攻击方法。

关键词: RowHammer攻击, 提权, 动态随机访问存储器, 缓存驱逐, 页表喷射, 内存伏击

Abstract:

The related technologies and defense methods of the current Row Hammer vulnerabilities were analyzed and summarized,and the security problems and possible precautions were pointed out.At the end,the current research work both at home and abroad is summarized.Two valuable directions for security research in the future are pointed out:Row Hammer exploit techniques and precautions in the ARM architecture,and accurate and controlled attacks on Row Hammer vulnerabilities.

Key words: Row Hammer, privilege escalation, DRAM, cache eviction, page table spraying, memory waylaying

中图分类号:

TP390

王文伟,刘培顺. Row Hammer漏洞攻击研究[J]. 网络与信息安全学报, 2018, 4(1): 69-75.

Wenwei WANG,Peishun LIU. Study of Row Hammer attack[J]. Chinese Journal of Network and Information Security, 2018, 4(1): 69-75.

图/表 5

参考文献 13

[1]	KIM Y,DALY R , KIM J , FALLIN C . Flipping bits in memory without accessing them:an experimental study of DRAM disturbance errors[C]// The 41st International Symposium on Computer Architecture (ISCA). 2014: 361-372.
[2]	SEABORN M , DULLIEN T . Exploiting the DRAM RowHammer bug to gain kernel privileges[C]// Black Hat USA (BH-US). 2015.
[3]	SEABORN M , DULLIEN T . Exploiting the DRAM RowHammer bug to gain kernel privileges[EB/OL]. .
[4]	石培涛, 刘宇涛, 陈海波 . 基于虚拟化内存隔离的RowHammer攻击防护机制[J]. 信息安全学报, 2017,2(10): 1-12.
	SHI P T , LIU Y T , CHEN H B . Defense against RowHammer attack with memory isolation in virtualized environments[J]. Journal of Cyber Security, 2017,2(10): 1-12.
[5]	GRUSS D , MANGARD S.Rowhammer . js:a remote software-induced fault attack in JavaScript[C]// International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment. 2016: 300-321.
[6]	QIAO R , SEABORN M . A new approach for RowHammer attacks[C]// The 9th IEEE International Symposium on Hardware Oriented Security and Trust (HOST). 2016: 161-166.
[7]	BOSMAN E , RAZAVI K , BOS H ,et al. Dedup est machina:memory deduplication as an advanced exploitation vector[C]// The 37th IEEE Symposium on Security and Privacy(S＆P). 2016: 987-1004.
[8]	XIAO J D , ZHANG X , HUANG H ,et al. Security implications of memory deduplication in a virtualized environment[C]// International Conference on Dependable Systems and Networks (DSN). 2013: 1-12.
[9]	RAZAVI K , GRAS B , BOSMAN E ,et al. Flip feng shui:hammering a needle in the software stack[C]// The 25th USENIX Security Symposium. 2016.
[10]	GRUSS D , LIPP M , SCHWARZ M ,et al. .Another flip in the wall of row hammer defenses[EB/OL]. .
[11]	YIM K S , . The RowHammer attack injection methodology[C]// The 35th Symposium on Reliable Distributed Systems . 2016: 1-10.
[12]	Row hammer privilege escalation[EB/OL]. .
[13]	AWEKE Z B , YITBAREK S F , QIAO R ,et al. ANVIL:software-based protection against next-generation RowHammer attacks[C]// The Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems. 2016: 743-755.

Row Hammer漏洞攻击研究

Study of Row Hammer attack

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 13

相关文章 1

Metrics

推荐阅读 0