Mitigation of DMA-based Rowhammer Attacks on ARM

 
GuardION:  Practical Mitigation of DMA-based
Rowhammer Attacks on ARM
 
Victor van der Veen
, Martina Lindorfer
, Yanick Fratantonio
,
Harikrishnan Padmanabha Pillai
*
, Giovanni Vigna
,
Christopher Kruegel
, Herbert Bos, and Kaveh Razavi
Takeaway
 
1.
Overview of Rowhammer defenses
2.
RAMPAGE
Rowhammer attacks against the latest Android OS
3.
GuardION
Lightweight mitigation
DRAM Disturbance Errors
(refresh every 64ms)
Memory cells (capacitors) have a natural discharge rate
Activating neighboring cells increases the discharge rate
Victim cell is charged to represent 1
Neighboring cells are accessed frequently
Victim cell leaks charge below a certain threshold
When read, victim cell is interpreted 0
Rowhammer
Rowhammer
 
Flip a bit in a 
victim
 row by reading from two 
aggressor
 rows
Not every bit may flip
Bit flips are 
reproducible
 
Challenges
1.
Bypass the CPU cache
2.
Get large contiguous chunks of memory
Privilege Escalation with Rowhammer
 
Page tables
Map virtual addresses to physical addresses (
virt x
 
is at 
phys y
)
Stored in DRAM
 
Flipping a bit in a page table
Modifies the mapping: 
virt x
 is at 
phys z
Store a page table at 
phys z
… read/write access to a page table: 
arbitrary read/write
Privilege Escalation with Drammer
 
The 
Android
 
ION
 
memory allocator
Generalized memory manager to support DMA buffers
Multiple ION heaps, some with internal pooling
User-space can request buffers with modified cache management
 
Drammer
 (2016) exploits the 
contiguous heap 
to
Bypass the CPU cache
Get large contiguous allocations
Camera | Audio | 
Contiguous (
kmalloc
)
 
| ADSP | IOMMU | qsecom | CMA | System | MM | …
Overview of Defenses
 
Rowhammer Defenses on ARM
 
Software-based
 Rowhammer defenses
ANVIL | B-CATT | CATT | Android ION patches
 
Secure
Do they stop Rowhammer attacks?
 
Practical
Can we deploy them in practice, on Android/ARM?
Rowhammer Defenses on ARM
 
ANVIL
1.
Performance counters measure cache misses / DRAM accesses
Threshold exceeded?
2.
Heavy-weight monitoring check for aggressor accesses
Threshold exceeded?
3.
Access the victim row to trigger a refresh
 
ANVIL is 
secure
, but 
not practical 
on ARM
No performance counters to support 2.
Rowhammer Defenses on ARM
 
B-CATT
Scan memory during boot for vulnerable pages
Instruct the OS to mark those pages as unavailable
B-CATT is 
not secure
A single scan does not yield all possible bit flips
Rowhammer Defenses on ARM
 
B-CATT
Scan memory during boot for vulnerable pages
Instruct the OS to mark those pages as unavailable
 
B-CATT is 
not secure
A single scan does not yield all possible bit flips
B-CATT is 
not practical
You may have to blacklist 
all
 pages
A full memory scan can take over a day to complete
 
Rowhammer Defenses on ARM
 
CATT
Partition memory in 
n
 chunks
, one for each security domain
1 for user-space allocations, 1 for kernel memory
USER-SPACE
KERNEL MEMORY
USER-SPACE
 
Page tables
 
Empty row
 
ION allocations
Rowhammer Defenses on ARM
 
CATT
Partition memory in 
n
 chunks
, one for each security domain
1 for user-space allocations, 1 for kernel memory
 
CATT is 
not secure
Double-ownership buffers between kernel and user space
CATT is 
not practical
Android requires as many domains as installed apps
Severe performance penalty for low-memory devices
 
Rowhammer Defenses on ARM
 
Android ION patches (1/2)
Disable the contiguous (
kmalloc
) heap
Reduce ION internal pool sizes to at most 64 KB 
(equal the rowsize)
No longer guaranteed to get large contiguous chunks
Complicates scanning for bit flips
Complicates memory massaging
 
Practical
, but 
not secure
 
Rowhammer Defenses on ARM
 
Android ION patches (2/2)
Better separation of highmem / lowmem
Get ION allocations (highmem) away from page tables (lowmem)
 
Practical
, but 
not secure
RAMPAGE
Rampage: Rowhammer on Android Oreo
 
1. 
Contiguous memory
 
with the 
ION
 
system heap
 (
vmalloc
)
Allocate and free ION chunks (defragmentation)
(many) Multiple consecutive 64 KB requests
Timing side-channel (bank conflicts) to verify
 
2. Getting allocations in 
lowmem
Deplete highmem by using 
mmap
Monitor 
procfs/pagetypeinfo 
or 
procfs/zoneinfo
 to verify
 
Rampage Variants
 
App-to-App attacks
ION-to-ION
CMA-to-CMA
CMA-to-system
 
Privilege escalation (Drammer++)
PoC on LG G4: 64-bit device running Android 7.1
GUARDION
 
GuardION
 
Fine grained memory isolation for DMA buffers
Focus on Android/ARM
Cache-eviction based Rowhammer is impossible
Allocate physical guard rows for 
each
 DMA allocation
Request 1
Request 1
Guard row
Guard row
Request 1
Request 2
 
Guard row
 
Guard row
Request 2
Request 1
Guard row
Guard row
Request 2
Guard row
Page Table
Request 1
 
Guard row
 
Guard row
 
Guard row
Page Table
Request 1
Request 2
GuardION
 
Fine grained memory isolation for DMA buffers
Focus on Android/ARM
Cache-eviction based Rowhammer is impossible
Allocate two physical guard rows for 
each
 DMA allocation
 
Memory overhead
At most 128 KB for each allocation
Only for 
uncached
 pages
Not many DMA allocations in practice
GuardION
 
Performance overhead
With GuardION, we can re-enable large ION pools
No need for many small allocations, just a single large one
Performance increase!
 
Implementation
:
Protection for three heaps: 
system | CMA | contiguous
422 lines in 5 files for 3 heaps
 
Benchmark apps found in Google Play
 
Basemark OS II
 
Comparison
 
BenchmarkAndroid
 
Billion Counter
 
Bonsai
 
Graphics
 
H264
 
HardBench
 
Kassja
 
KFS
 
LukaLukaBench
 
NextMark
 
OESK
 
OMEGA
 
Phone Benchmark
 
Pi Benchmark
 
Real Benchmark
 
Relative Benchmark
 
RinRinBench
 
SQLite
 
Unity Bench
 
GuardION Memory Footprint
Memory overhead in MB
GuardION Performance Overhead
Relative performance (%) (higher is better)
Benchmark apps found in Google Play
Performance increase of 5.8%
(geometric mean)
CONCLUSION
Disclosure to Google
 
CVE
 2018-9442
 
The benchmark code provided has 
much larger allocation sizes
than those observed in 
real-world tests 
that we have conducted …
performance impact is much greater 
than what is cited from your
benchmark
 
This is not good enough (yet)
Looking forward to improve 
GuardION
memory footprint
Conclusion
Rowhammer in 2018
Overview of defenses – still no working solution
RAMPAGE
 – Rowhammer attacks on recent Android devices
GuardION
 – Lightweight mitigation by isolating DMA buffers
Future research
1.
Real-world benchmarks for Android
2.
Large-scale analysis on vulnerability of devices
http://rampageattack.com
https://github.com/vusec/guardion
Slide Note
Embed
Share

Practical strategies are presented in "GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM" to defend against Rowhammer attacks on ARM architecture. The paper discusses Rowhammer defenses, RAMPAGE attacks on Android OS, and introduces GuardION as a lightweight mitigation approach. It explains how activating neighboring memory cells can cause disturbance errors, leading to security vulnerabilities exploited in Rowhammer attacks.


Uploaded on Jul 27, 2024 | 1 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM Victor van der Veen, Martina Lindorfer , Yanick Fratantonio , Harikrishnan Padmanabha Pillai*, Giovanni Vigna , Christopher Kruegel , Herbert Bos, and Kaveh Razavi VU Amsterdam UC Santa Barbara EURECOM *Amrita University India

  2. Takeaway 1. Overview of Rowhammer defenses 2. RAMPAGE Rowhammer attacks against the latest Android OS 3. GuardION Lightweight mitigation

  3. DRAM Disturbance Errors Memory cells (capacitors) have a natural discharge rate (refresh every 64ms) Activating neighboring cells increases the discharge rate Victim cell is charged to represent 1 Neighboring cells are accessed frequently Victim cell leaks charge below a certain threshold When read, victim cell is interpreted 0 Rowhammer

  4. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  5. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  6. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  7. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  8. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  9. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  10. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  11. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  12. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  13. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  14. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  15. Rowhammer Flip a bit in a victim row by reading from two aggressor rows Not every bit may flip Bit flips are reproducible Challenges 1. Bypass the CPU cache 2. Get large contiguous chunks of memory

  16. Privilege Escalation with Rowhammer Page tables Map virtual addresses to physical addresses (virt x is at phys y) Stored in DRAM Flipping a bit in a page table Modifies the mapping: virt x is at phys z Store a page table at phys z read/write access to a page table: arbitrary read/write

  17. Privilege Escalation with Drammer The Android ION memory allocator Generalized memory manager to support DMA buffers Multiple ION heaps, some with internal pooling User-space can request buffers with modified cache management Camera | Audio | Contiguous (kmalloc) | ADSP | IOMMU | qsecom | CMA | System | MM | Drammer (2016) exploits the contiguous heap to Bypass the CPU cache Get large contiguous allocations

  18. Overview of Defenses

  19. Rowhammer Defenses on ARM Software-based Rowhammer defenses ANVIL | B-CATT | CATT | Android ION patches Secure Do they stop Rowhammer attacks? Practical Can we deploy them in practice, on Android/ARM?

  20. Rowhammer Defenses on ARM ANVIL 1. Performance counters measure cache misses / DRAM accesses Threshold exceeded? 2. Heavy-weight monitoring check for aggressor accesses Threshold exceeded? 3. Access the victim row to trigger a refresh ANVIL is secure, but not practical on ARM No performance counters to support 2.

  21. Rowhammer Defenses on ARM B-CATT Scan memory during boot for vulnerable pages Instruct the OS to mark those pages as unavailable B-CATT is not secure A single scan does not yield all possible bit flips

  22. 32,000 Unique bit flips in 4MB 30,000 28,000 Flip count 26,000 0 5 10 15 20 25 Days

  23. Rowhammer Defenses on ARM B-CATT Scan memory during boot for vulnerable pages Instruct the OS to mark those pages as unavailable B-CATT is not secure A single scan does not yield all possible bit flips B-CATT is not practical You may have to blacklist all pages A full memory scan can take over a day to complete

  24. Rowhammer Defenses on ARM CATT Partition memory in n chunks, one for each security domain 1 for user-space allocations, 1 for kernel memory

  25. 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  26. USER-SPACE 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1

  27. USER-SPACE ION allocations 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 Empty row 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1 Page tables KERNEL MEMORY

  28. Rowhammer Defenses on ARM CATT Partition memory in n chunks, one for each security domain 1 for user-space allocations, 1 for kernel memory CATT is not secure Double-ownership buffers between kernel and user space CATT is not practical Android requires as many domains as installed apps Severe performance penalty for low-memory devices

  29. Rowhammer Defenses on ARM Android ION patches (1/2) Disable the contiguous (kmalloc) heap Reduce ION internal pool sizes to at most 64 KB (equal the rowsize) No longer guaranteed to get large contiguous chunks Complicates scanning for bit flips Complicates memory massaging Practical, but not secure

  30. Rowhammer Defenses on ARM Android ION patches (2/2) Better separation of highmem / lowmem Get ION allocations (highmem) away from page tables (lowmem) Practical, but not secure

  31. RAMPAGE

  32. Rampage: Rowhammer on Android Oreo 1. Contiguous memory with the IONsystem heap (vmalloc) Allocate and free ION chunks (defragmentation) (many) Multiple consecutive 64 KB requests Timing side-channel (bank conflicts) to verify 2. Getting allocations in lowmem Deplete highmem by using mmap Monitor procfs/pagetypeinfo or procfs/zoneinfo to verify

  33. Rampage Variants App-to-App attacks ION-to-ION CMA-to-CMA CMA-to-system Privilege escalation (Drammer++) PoC on LG G4: 64-bit device running Android 7.1

  34. GUARDION

  35. GuardION Fine grained memory isolation for DMA buffers Focus on Android/ARM Cache-eviction based Rowhammer is impossible Allocate physical guard rows for each DMA allocation

  36. 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1

  37. 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1

  38. Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2

  39. Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2

  40. Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2 Guard row Page Table

  41. Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2 Guard row Page Table

  42. GuardION Fine grained memory isolation for DMA buffers Focus on Android/ARM Cache-eviction based Rowhammer is impossible Allocate two physical guard rows for each DMA allocation Memory overhead At most 128 KB for each allocation Only for uncached pages Not many DMA allocations in practice

  43. GuardION Performance overhead With GuardION, we can re-enable large ION pools No need for many small allocations, just a single large one Performance increase! Implementation: Protection for three heaps: system | CMA | contiguous 422 lines in 5 files for 3 heaps

  44. GuardION Memory Footprint Memory overhead in MB 50 40 30 20 10 0 Benchmark apps found in Google Play

  45. GuardION Performance Overhead Relative performance (%) (higher is better) Performance increase of 5.8% (geometric mean) 30 20 10 0 -10 Benchmark apps found in Google Play

  46. CONCLUSION

  47. Disclosure to Google CVE 2018-9442 The benchmark code provided has much larger allocation sizes than those observed in real-world tests that we have conducted performance impact is much greater than what is cited from your benchmark memory footprint This is not good enough (yet) Looking forward to improve GuardION

  48. Conclusion http://rampageattack.com Rowhammer in 2018 Overview of defenses still no working solution RAMPAGE Rowhammer attacks on recent Android devices GuardION Lightweight mitigation by isolating DMA buffers https://github.com/vusec/guardion Future research 1. Real-world benchmarks for Android 2. Large-scale analysis on vulnerability of devices

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#