GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2018-06-08

AUTHORS

Victor van der Veen , Martina Lindorfer , Yanick Fratantonio , Harikrishnan Padmanabha Pillai , Giovanni Vigna , Christopher Kruegel , Herbert Bos , Kaveh Razavi

ABSTRACT

Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks. More... »

PAGES

92-113

Book

TITLE

Detection of Intrusions and Malware, and Vulnerability Assessment

ISBN

978-3-319-93410-5
978-3-319-93411-2

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5

DOI

http://dx.doi.org/10.1007/978-3-319-93411-2_5

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1104468667


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "van der Veen", 
        "givenName": "Victor", 
        "id": "sg:person.013737020327.38", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013737020327.38"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lindorfer", 
        "givenName": "Martina", 
        "id": "sg:person.013053706003.45", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013053706003.45"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "EURECOM, Biot, France", 
          "id": "http://www.grid.ac/institutes/grid.28848.3e", 
          "name": [
            "EURECOM, Biot, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fratantonio", 
        "givenName": "Yanick", 
        "id": "sg:person.010423636024.33", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423636024.33"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Amrita University, Coimbatore, India", 
          "id": "http://www.grid.ac/institutes/grid.411370.0", 
          "name": [
            "Amrita University, Coimbatore, India"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Padmanabha Pillai", 
        "givenName": "Harikrishnan", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Vigna", 
        "givenName": "Giovanni", 
        "id": "sg:person.016705742015.59", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016705742015.59"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kruegel", 
        "givenName": "Christopher", 
        "id": "sg:person.014515420415.34", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014515420415.34"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Bos", 
        "givenName": "Herbert", 
        "id": "sg:person.016266457567.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016266457567.28"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Razavi", 
        "givenName": "Kaveh", 
        "id": "sg:person.013464452637.75", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013464452637.75"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2018-06-08", 
    "datePublishedReg": "2018-06-08", 
    "description": "Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks\u2014the main attack vector on mobile devices\u2014by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2\u00a0MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.", 
    "editor": [
      {
        "familyName": "Giuffrida", 
        "givenName": "Cristiano", 
        "type": "Person"
      }, 
      {
        "familyName": "Bardin", 
        "givenName": "S\u00e9bastien", 
        "type": "Person"
      }, 
      {
        "familyName": "Blanc", 
        "givenName": "Gregory", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-93411-2_5", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-319-93410-5", 
        "978-3-319-93411-2"
      ], 
      "name": "Detection of Intrusions and Malware, and Vulnerability Assessment", 
      "type": "Book"
    }, 
    "keywords": [
      "attack vectors", 
      "mobile devices", 
      "rowhammer attacks", 
      "DRAM disturbance errors", 
      "main attack vectors", 
      "single bit flips", 
      "DMA buffers", 
      "software vulnerabilities", 
      "software defenses", 
      "lightweight defense", 
      "Android OS", 
      "memory overheads", 
      "benchmark apps", 
      "root exploits", 
      "Rowhammer bug", 
      "desktop computer", 
      "bit flips", 
      "series of apps", 
      "system performance", 
      "order allocation", 
      "attacks", 
      "exploits", 
      "disturbance errors", 
      "previous attacks", 
      "apps", 
      "practical mitigation", 
      "overhead", 
      "computer", 
      "Google", 
      "cloud", 
      "bugs", 
      "devices", 
      "scenarios", 
      "vector", 
      "allocation", 
      "guard rows", 
      "academia", 
      "set", 
      "search", 
      "proposal", 
      "performance", 
      "error", 
      "OS", 
      "researchers", 
      "mitigation", 
      "vulnerability", 
      "exploitation", 
      "industry", 
      "DMA", 
      "arm", 
      "rows", 
      "defense", 
      "buffer", 
      "rampage", 
      "flip", 
      "series", 
      "years", 
      "reaction", 
      "hardware-level mitigations", 
      "DMA-based Rowhammer attacks", 
      "latest Android OS", 
      "app exploit scenarios", 
      "exploit scenarios", 
      "Rowhammer exploitation", 
      "guardion", 
      "negligible memory overhead", 
      "re-enabling higher order allocations", 
      "higher order allocations"
    ], 
    "name": "GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM", 
    "pagination": "92-113", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1104468667"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-93411-2_5"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-93411-2_5", 
      "https://app.dimensions.ai/details/publication/pub.1104468667"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2021-12-01T19:56", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20211201/entities/gbq_results/chapter/chapter_131.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-93411-2_5"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'


 

This table displays all metadata directly associated to this object as RDF triples.

195 TRIPLES      23 PREDICATES      93 URIs      86 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-93411-2_5 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 schema:author Nf7202add600d4bceab93d1891b443095
4 schema:datePublished 2018-06-08
5 schema:datePublishedReg 2018-06-08
6 schema:description Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.
7 schema:editor Ndee8a59465e447d489edeb8f2ec22999
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf N177a872d7e55431f9e44b3b866593463
12 schema:keywords Android OS
13 DMA
14 DMA buffers
15 DMA-based Rowhammer attacks
16 DRAM disturbance errors
17 Google
18 OS
19 Rowhammer bug
20 Rowhammer exploitation
21 academia
22 allocation
23 app exploit scenarios
24 apps
25 arm
26 attack vectors
27 attacks
28 benchmark apps
29 bit flips
30 buffer
31 bugs
32 cloud
33 computer
34 defense
35 desktop computer
36 devices
37 disturbance errors
38 error
39 exploit scenarios
40 exploitation
41 exploits
42 flip
43 guard rows
44 guardion
45 hardware-level mitigations
46 higher order allocations
47 industry
48 latest Android OS
49 lightweight defense
50 main attack vectors
51 memory overheads
52 mitigation
53 mobile devices
54 negligible memory overhead
55 order allocation
56 overhead
57 performance
58 practical mitigation
59 previous attacks
60 proposal
61 rampage
62 re-enabling higher order allocations
63 reaction
64 researchers
65 root exploits
66 rowhammer attacks
67 rows
68 scenarios
69 search
70 series
71 series of apps
72 set
73 single bit flips
74 software defenses
75 software vulnerabilities
76 system performance
77 vector
78 vulnerability
79 years
80 schema:name GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM
81 schema:pagination 92-113
82 schema:productId N98544df85a7a4c108e6156abfd052d20
83 N9d61846f2b1e4e2d8cef2d735a970b7b
84 schema:publisher N8c6060acdc5845aba7723aa008f222bd
85 schema:sameAs https://app.dimensions.ai/details/publication/pub.1104468667
86 https://doi.org/10.1007/978-3-319-93411-2_5
87 schema:sdDatePublished 2021-12-01T19:56
88 schema:sdLicense https://scigraph.springernature.com/explorer/license/
89 schema:sdPublisher N343395cf2575462493818a6219daafac
90 schema:url https://doi.org/10.1007/978-3-319-93411-2_5
91 sgo:license sg:explorer/license/
92 sgo:sdDataset chapters
93 rdf:type schema:Chapter
94 N177a872d7e55431f9e44b3b866593463 schema:isbn 978-3-319-93410-5
95 978-3-319-93411-2
96 schema:name Detection of Intrusions and Malware, and Vulnerability Assessment
97 rdf:type schema:Book
98 N21937c9685d54c84858e58140a70dd66 rdf:first sg:person.013053706003.45
99 rdf:rest N247ea1227f8d479aad730fea9a72631e
100 N22304f0bc2444b70a0dcbcd2167e7c80 schema:familyName Bardin
101 schema:givenName Sébastien
102 rdf:type schema:Person
103 N23b214da19f94e65bbd96df70ce3e37b rdf:first sg:person.016266457567.28
104 rdf:rest N57e7f57737d04bb5b1392b53151bbb5c
105 N247ea1227f8d479aad730fea9a72631e rdf:first sg:person.010423636024.33
106 rdf:rest Na024763e7a9b4ffeadfe49a01317299c
107 N343395cf2575462493818a6219daafac schema:name Springer Nature - SN SciGraph project
108 rdf:type schema:Organization
109 N486cefb5eeb5412e95e145410ac12e20 rdf:first Nf0cec8c822734a168a3011e9be34000f
110 rdf:rest rdf:nil
111 N57e7f57737d04bb5b1392b53151bbb5c rdf:first sg:person.013464452637.75
112 rdf:rest rdf:nil
113 N597748a0fcd140a8adb84745b2d3f36c schema:familyName Giuffrida
114 schema:givenName Cristiano
115 rdf:type schema:Person
116 N5fc8091bb0d24eef8899ef88cc0cbf60 rdf:first sg:person.016705742015.59
117 rdf:rest Naf7edb9f834342789376f8aed2ed96a8
118 N8c6060acdc5845aba7723aa008f222bd schema:name Springer Nature
119 rdf:type schema:Organisation
120 N98544df85a7a4c108e6156abfd052d20 schema:name doi
121 schema:value 10.1007/978-3-319-93411-2_5
122 rdf:type schema:PropertyValue
123 N9d61846f2b1e4e2d8cef2d735a970b7b schema:name dimensions_id
124 schema:value pub.1104468667
125 rdf:type schema:PropertyValue
126 Na024763e7a9b4ffeadfe49a01317299c rdf:first Nd8e9b38075d248e3a26f82cda723bbf3
127 rdf:rest N5fc8091bb0d24eef8899ef88cc0cbf60
128 Naf7edb9f834342789376f8aed2ed96a8 rdf:first sg:person.014515420415.34
129 rdf:rest N23b214da19f94e65bbd96df70ce3e37b
130 Nd8e9b38075d248e3a26f82cda723bbf3 schema:affiliation grid-institutes:grid.411370.0
131 schema:familyName Padmanabha Pillai
132 schema:givenName Harikrishnan
133 rdf:type schema:Person
134 Ndee8a59465e447d489edeb8f2ec22999 rdf:first N597748a0fcd140a8adb84745b2d3f36c
135 rdf:rest Nf457024c428a4694a572c120ea3945a9
136 Nf0cec8c822734a168a3011e9be34000f schema:familyName Blanc
137 schema:givenName Gregory
138 rdf:type schema:Person
139 Nf457024c428a4694a572c120ea3945a9 rdf:first N22304f0bc2444b70a0dcbcd2167e7c80
140 rdf:rest N486cefb5eeb5412e95e145410ac12e20
141 Nf7202add600d4bceab93d1891b443095 rdf:first sg:person.013737020327.38
142 rdf:rest N21937c9685d54c84858e58140a70dd66
143 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
144 schema:name Information and Computing Sciences
145 rdf:type schema:DefinedTerm
146 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
147 schema:name Computer Software
148 rdf:type schema:DefinedTerm
149 sg:person.010423636024.33 schema:affiliation grid-institutes:grid.28848.3e
150 schema:familyName Fratantonio
151 schema:givenName Yanick
152 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423636024.33
153 rdf:type schema:Person
154 sg:person.013053706003.45 schema:affiliation grid-institutes:grid.133342.4
155 schema:familyName Lindorfer
156 schema:givenName Martina
157 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013053706003.45
158 rdf:type schema:Person
159 sg:person.013464452637.75 schema:affiliation grid-institutes:grid.12380.38
160 schema:familyName Razavi
161 schema:givenName Kaveh
162 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013464452637.75
163 rdf:type schema:Person
164 sg:person.013737020327.38 schema:affiliation grid-institutes:grid.12380.38
165 schema:familyName van der Veen
166 schema:givenName Victor
167 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013737020327.38
168 rdf:type schema:Person
169 sg:person.014515420415.34 schema:affiliation grid-institutes:grid.133342.4
170 schema:familyName Kruegel
171 schema:givenName Christopher
172 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014515420415.34
173 rdf:type schema:Person
174 sg:person.016266457567.28 schema:affiliation grid-institutes:grid.12380.38
175 schema:familyName Bos
176 schema:givenName Herbert
177 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016266457567.28
178 rdf:type schema:Person
179 sg:person.016705742015.59 schema:affiliation grid-institutes:grid.133342.4
180 schema:familyName Vigna
181 schema:givenName Giovanni
182 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016705742015.59
183 rdf:type schema:Person
184 grid-institutes:grid.12380.38 schema:alternateName Vrije Universiteit, Amsterdam, The Netherlands
185 schema:name Vrije Universiteit, Amsterdam, The Netherlands
186 rdf:type schema:Organization
187 grid-institutes:grid.133342.4 schema:alternateName University of California, Santa Barbara, USA
188 schema:name University of California, Santa Barbara, USA
189 rdf:type schema:Organization
190 grid-institutes:grid.28848.3e schema:alternateName EURECOM, Biot, France
191 schema:name EURECOM, Biot, France
192 rdf:type schema:Organization
193 grid-institutes:grid.411370.0 schema:alternateName Amrita University, Coimbatore, India
194 schema:name Amrita University, Coimbatore, India
195 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...