Talk Title:

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

Abstract:

The discovery of Rowhammer was almost a decade ago, and the problem is still unsolved. Actually, it is getting worse, with newer DDR generations being ever more vulnerable. Deployed defenses are repeatedly broken with new hammer methods or exploiting previously unknown effects in the DRAM. In this talk, I present CSI:Rowhammer, a principled hardware-software co-design Rowhammer mitigation with cryptographic security and integrity guarantees that does not focus on any specific properties of Rowhammer. Due to this generic design, CSI:Rowhammer protects against all Rowhammer attacks, even new ones that were unknown at the time of publication of the paper.

CSI:Rowhammer uses a new memory error detection mechanism based on a low-latency cryptographic MAC and an exception mechanism initiating a software-level correction routine. The exception handler uses a novel instruction-set extension for the error correction and resumes execution afterward. In contrast to regular ECC-DRAM, which remains exploitable if more than 2 bits are flipped, CSI:Rowhammer maintains the security level of the cryptographic MAC. Under normal conditions, we see latency overheads below 0.75% and no memory overhead compared to off-the-shelf ECC-DRAM. CSI:Rowhammer can detect any number of bitflips with overwhelming probability and correct at least eight bitflips in practical time constraints.

In this talk, I will explain all the details of designing a system like CSI:Rowhammer. How to perform very low-latency hardware correction, use correction in software to its full potential, protect the correction routines in software against bit flips, handle possible race conditions, be compatible with virtual machines, evaluate the whole system, and much more.

Speaker Bio:

Jonas Juffinger is a Ph.D. student in the CoreSec group of Daniel Gruss at the Graz University of Technology. His main research interest is system security, focusing on Rowhammer attacks and mitigations, microarchitectural- and physical side channels, and kernel security.