PLAY PODCASTS
Rowhammer exploit (cosin2019)

Rowhammer exploit (cosin2019)

Viability of the Rowhammer Attack when ECC memory is used

Chaos Computer Club - archive feed · Candyman

June 15, 201938m 4s

Audio is streamed directly from the publisher (cdn.media.ccc.de) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Show Notes

In this talk I will describe how a Rowhammer attack works both on a physical and software level. The focus of the talk will be to show what steps need to be taken in order to make the Rowhammer attack viable against a target using ECC memory. In the first part of the presentation I will be showing how DRAM works and what the key attributes are that make a Rowhammer attack possible. I will also give an introduction as to what ECC memory is and how it works and where it is used. In the second part of the presentation I will be presenting on how a generic rowhammer attack can be executed. In the third part of the part which will be the main focus of this presentation I will discuss what problems we encounter when ECC memory is used on the target machine. This will include: * How to reverse engineer the ECC function -> The cold boot attack used to speed up this process * How to detect bit flips that are corrected * How to trigger bit flips in a specific location. In the last part of the presentation I will give an overview of the mitigations that exist and which ones are still deemed viable about this event: https://www.cosin.ch/fahrplan/2019/events/50.html

Topics

cosin201950Hardware