Mitigation of DMA-based Rowhammer Attacks on ARM
Practical strategies are presented in "GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM" to defend against Rowhammer attacks on ARM architecture. The paper discusses Rowhammer defenses, RAMPAGE attacks on Android OS, and introduces GuardION as a lightweight mitigation approach. It explains how activating neighboring memory cells can cause disturbance errors, leading to security vulnerabilities exploited in Rowhammer attacks.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM Victor van der Veen, Martina Lindorfer , Yanick Fratantonio , Harikrishnan Padmanabha Pillai*, Giovanni Vigna , Christopher Kruegel , Herbert Bos, and Kaveh Razavi VU Amsterdam UC Santa Barbara EURECOM *Amrita University India
Takeaway 1. Overview of Rowhammer defenses 2. RAMPAGE Rowhammer attacks against the latest Android OS 3. GuardION Lightweight mitigation
DRAM Disturbance Errors Memory cells (capacitors) have a natural discharge rate (refresh every 64ms) Activating neighboring cells increases the discharge rate Victim cell is charged to represent 1 Neighboring cells are accessed frequently Victim cell leaks charge below a certain threshold When read, victim cell is interpreted 0 Rowhammer
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
Rowhammer Flip a bit in a victim row by reading from two aggressor rows Not every bit may flip Bit flips are reproducible Challenges 1. Bypass the CPU cache 2. Get large contiguous chunks of memory
Privilege Escalation with Rowhammer Page tables Map virtual addresses to physical addresses (virt x is at phys y) Stored in DRAM Flipping a bit in a page table Modifies the mapping: virt x is at phys z Store a page table at phys z read/write access to a page table: arbitrary read/write
Privilege Escalation with Drammer The Android ION memory allocator Generalized memory manager to support DMA buffers Multiple ION heaps, some with internal pooling User-space can request buffers with modified cache management Camera | Audio | Contiguous (kmalloc) | ADSP | IOMMU | qsecom | CMA | System | MM | Drammer (2016) exploits the contiguous heap to Bypass the CPU cache Get large contiguous allocations
Rowhammer Defenses on ARM Software-based Rowhammer defenses ANVIL | B-CATT | CATT | Android ION patches Secure Do they stop Rowhammer attacks? Practical Can we deploy them in practice, on Android/ARM?
Rowhammer Defenses on ARM ANVIL 1. Performance counters measure cache misses / DRAM accesses Threshold exceeded? 2. Heavy-weight monitoring check for aggressor accesses Threshold exceeded? 3. Access the victim row to trigger a refresh ANVIL is secure, but not practical on ARM No performance counters to support 2.
Rowhammer Defenses on ARM B-CATT Scan memory during boot for vulnerable pages Instruct the OS to mark those pages as unavailable B-CATT is not secure A single scan does not yield all possible bit flips
32,000 Unique bit flips in 4MB 30,000 28,000 Flip count 26,000 0 5 10 15 20 25 Days
Rowhammer Defenses on ARM B-CATT Scan memory during boot for vulnerable pages Instruct the OS to mark those pages as unavailable B-CATT is not secure A single scan does not yield all possible bit flips B-CATT is not practical You may have to blacklist all pages A full memory scan can take over a day to complete
Rowhammer Defenses on ARM CATT Partition memory in n chunks, one for each security domain 1 for user-space allocations, 1 for kernel memory
0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
USER-SPACE 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1
USER-SPACE ION allocations 0 1 0 1 0 1 1 0 0 1 0 1 0 1 0 1 Empty row 0 1 0 1 0 0 1 1 0 1 0 0 0 1 0 1 0 1 0 0 0 0 1 1 Page tables KERNEL MEMORY
Rowhammer Defenses on ARM CATT Partition memory in n chunks, one for each security domain 1 for user-space allocations, 1 for kernel memory CATT is not secure Double-ownership buffers between kernel and user space CATT is not practical Android requires as many domains as installed apps Severe performance penalty for low-memory devices
Rowhammer Defenses on ARM Android ION patches (1/2) Disable the contiguous (kmalloc) heap Reduce ION internal pool sizes to at most 64 KB (equal the rowsize) No longer guaranteed to get large contiguous chunks Complicates scanning for bit flips Complicates memory massaging Practical, but not secure
Rowhammer Defenses on ARM Android ION patches (2/2) Better separation of highmem / lowmem Get ION allocations (highmem) away from page tables (lowmem) Practical, but not secure
Rampage: Rowhammer on Android Oreo 1. Contiguous memory with the IONsystem heap (vmalloc) Allocate and free ION chunks (defragmentation) (many) Multiple consecutive 64 KB requests Timing side-channel (bank conflicts) to verify 2. Getting allocations in lowmem Deplete highmem by using mmap Monitor procfs/pagetypeinfo or procfs/zoneinfo to verify
Rampage Variants App-to-App attacks ION-to-ION CMA-to-CMA CMA-to-system Privilege escalation (Drammer++) PoC on LG G4: 64-bit device running Android 7.1
GuardION Fine grained memory isolation for DMA buffers Focus on Android/ARM Cache-eviction based Rowhammer is impossible Allocate physical guard rows for each DMA allocation
0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1
0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1
Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2
Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2
Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2 Guard row Page Table
Guard row 0 1 0 0 0 0 1 1 Request 1 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 1 1 0 1 0 0 1 0 1 0 1 1 0 1 1 1 1 1 Guard row Request 2 Guard row Page Table
GuardION Fine grained memory isolation for DMA buffers Focus on Android/ARM Cache-eviction based Rowhammer is impossible Allocate two physical guard rows for each DMA allocation Memory overhead At most 128 KB for each allocation Only for uncached pages Not many DMA allocations in practice
GuardION Performance overhead With GuardION, we can re-enable large ION pools No need for many small allocations, just a single large one Performance increase! Implementation: Protection for three heaps: system | CMA | contiguous 422 lines in 5 files for 3 heaps
GuardION Memory Footprint Memory overhead in MB 50 40 30 20 10 0 Benchmark apps found in Google Play
GuardION Performance Overhead Relative performance (%) (higher is better) Performance increase of 5.8% (geometric mean) 30 20 10 0 -10 Benchmark apps found in Google Play
Disclosure to Google CVE 2018-9442 The benchmark code provided has much larger allocation sizes than those observed in real-world tests that we have conducted performance impact is much greater than what is cited from your benchmark memory footprint This is not good enough (yet) Looking forward to improve GuardION
Conclusion http://rampageattack.com Rowhammer in 2018 Overview of defenses still no working solution RAMPAGE Rowhammer attacks on recent Android devices GuardION Lightweight mitigation by isolating DMA buffers https://github.com/vusec/guardion Future research 1. Real-world benchmarks for Android 2. Large-scale analysis on vulnerability of devices