Rowhammer exploit (cosin2019)


Manage episode 236861597 series 1330870
By CCC media team. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.
In this talk I will describe how a Rowhammer attack works both on a physical and software level. The focus of the talk will be to show what steps need to be taken in order to make the Rowhammer attack viable against a target using ECC memory. In the first part of the presentation I will be showing how DRAM works and what the key attributes are that make a Rowhammer attack possible. I will also give an introduction as to what ECC memory is and how it works and where it is used. In the second part of the presentation I will be presenting on how a generic rowhammer attack can be executed. In the third part of the part which will be the main focus of this presentation I will discuss what problems we encounter when ECC memory is used on the target machine. This will include: * How to reverse engineer the ECC function -> The cold boot attack used to speed up this process * How to detect bit flips that are corrected * How to trigger bit flips in a specific location. In the last part of the presentation I will give an overview of the mitigations that exist and which ones are still deemed viable about this event:

6105 episodes