GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2018-06-08

AUTHORS

Victor van der Veen , Martina Lindorfer , Yanick Fratantonio , Harikrishnan Padmanabha Pillai , Giovanni Vigna , Christopher Kruegel , Herbert Bos , Kaveh Razavi

ABSTRACT

Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks. More... »

PAGES

92-113

Book

TITLE

Detection of Intrusions and Malware, and Vulnerability Assessment

ISBN

978-3-319-93410-5
978-3-319-93411-2

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5

DOI

http://dx.doi.org/10.1007/978-3-319-93411-2_5

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1104468667


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0803", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Computer Software", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "van der Veen", 
        "givenName": "Victor", 
        "id": "sg:person.013737020327.38", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013737020327.38"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lindorfer", 
        "givenName": "Martina", 
        "id": "sg:person.013053706003.45", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013053706003.45"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "EURECOM, Biot, France", 
          "id": "http://www.grid.ac/institutes/grid.28848.3e", 
          "name": [
            "EURECOM, Biot, France"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Fratantonio", 
        "givenName": "Yanick", 
        "id": "sg:person.010423636024.33", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423636024.33"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Amrita University, Coimbatore, India", 
          "id": "http://www.grid.ac/institutes/grid.411370.0", 
          "name": [
            "Amrita University, Coimbatore, India"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Padmanabha Pillai", 
        "givenName": "Harikrishnan", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Vigna", 
        "givenName": "Giovanni", 
        "id": "sg:person.016705742015.59", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016705742015.59"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "University of California, Santa Barbara, USA", 
          "id": "http://www.grid.ac/institutes/grid.133342.4", 
          "name": [
            "University of California, Santa Barbara, USA"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Kruegel", 
        "givenName": "Christopher", 
        "id": "sg:person.014515420415.34", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014515420415.34"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Bos", 
        "givenName": "Herbert", 
        "id": "sg:person.016266457567.28", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016266457567.28"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Vrije Universiteit, Amsterdam, The Netherlands", 
          "id": "http://www.grid.ac/institutes/grid.12380.38", 
          "name": [
            "Vrije Universiteit, Amsterdam, The Netherlands"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Razavi", 
        "givenName": "Kaveh", 
        "id": "sg:person.013464452637.75", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013464452637.75"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2018-06-08", 
    "datePublishedReg": "2018-06-08", 
    "description": "Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks\u2014the main attack vector on mobile devices\u2014by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2\u00a0MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.", 
    "editor": [
      {
        "familyName": "Giuffrida", 
        "givenName": "Cristiano", 
        "type": "Person"
      }, 
      {
        "familyName": "Bardin", 
        "givenName": "S\u00e9bastien", 
        "type": "Person"
      }, 
      {
        "familyName": "Blanc", 
        "givenName": "Gregory", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-93411-2_5", 
    "inLanguage": "en", 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-319-93410-5", 
        "978-3-319-93411-2"
      ], 
      "name": "Detection of Intrusions and Malware, and Vulnerability Assessment", 
      "type": "Book"
    }, 
    "keywords": [
      "attack vectors", 
      "mobile devices", 
      "rowhammer attacks", 
      "DRAM disturbance errors", 
      "main attack vectors", 
      "single bit flips", 
      "DMA buffers", 
      "software vulnerabilities", 
      "software defenses", 
      "lightweight defense", 
      "Android OS", 
      "memory overheads", 
      "benchmark apps", 
      "root exploits", 
      "Rowhammer bug", 
      "desktop computer", 
      "bit flips", 
      "series of apps", 
      "system performance", 
      "order allocation", 
      "attacks", 
      "exploits", 
      "disturbance errors", 
      "previous attacks", 
      "apps", 
      "practical mitigation", 
      "overhead", 
      "computer", 
      "Google", 
      "cloud", 
      "bugs", 
      "devices", 
      "scenarios", 
      "vector", 
      "allocation", 
      "guard rows", 
      "academia", 
      "set", 
      "search", 
      "proposal", 
      "performance", 
      "error", 
      "OS", 
      "researchers", 
      "mitigation", 
      "vulnerability", 
      "exploitation", 
      "industry", 
      "DMA", 
      "arm", 
      "rows", 
      "defense", 
      "buffer", 
      "rampage", 
      "flip", 
      "series", 
      "years", 
      "reaction", 
      "hardware-level mitigations", 
      "DMA-based Rowhammer attacks", 
      "latest Android OS", 
      "app exploit scenarios", 
      "exploit scenarios", 
      "Rowhammer exploitation", 
      "guardion", 
      "negligible memory overhead", 
      "re-enabling higher order allocations", 
      "higher order allocations"
    ], 
    "name": "GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM", 
    "pagination": "92-113", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1104468667"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-93411-2_5"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-93411-2_5", 
      "https://app.dimensions.ai/details/publication/pub.1104468667"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-01-01T19:26", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20220101/entities/gbq_results/chapter/chapter_67.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-319-93411-2_5"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-93411-2_5'


 

This table displays all metadata directly associated to this object as RDF triples.

195 TRIPLES      23 PREDICATES      93 URIs      86 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-93411-2_5 schema:about anzsrc-for:08
2 anzsrc-for:0803
3 schema:author Nfe15ad257a924c199195944f8fa1a963
4 schema:datePublished 2018-06-08
5 schema:datePublishedReg 2018-06-08
6 schema:description Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.Since hardware-level mitigations cannot be backported, a search for software defenses is pressing. Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest Android OS, consisting of (1) a root exploit, and (2) a series of app-to-app exploit scenarios that bypass all defenses.To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks—the main attack vector on mobile devices—by isolating DMA buffers with guard rows. We evaluate guardion on 22 benchmark apps and show that it has a negligible memory overhead (2.2 MB on average). We further show that we can improve system performance by re-enabling higher order allocations after Google disabled these as a reaction to previous attacks.
7 schema:editor Nbc1d0182d5e24b44b639e1b9bd884268
8 schema:genre chapter
9 schema:inLanguage en
10 schema:isAccessibleForFree true
11 schema:isPartOf Nd63ddba40dd346a780883360142a1970
12 schema:keywords Android OS
13 DMA
14 DMA buffers
15 DMA-based Rowhammer attacks
16 DRAM disturbance errors
17 Google
18 OS
19 Rowhammer bug
20 Rowhammer exploitation
21 academia
22 allocation
23 app exploit scenarios
24 apps
25 arm
26 attack vectors
27 attacks
28 benchmark apps
29 bit flips
30 buffer
31 bugs
32 cloud
33 computer
34 defense
35 desktop computer
36 devices
37 disturbance errors
38 error
39 exploit scenarios
40 exploitation
41 exploits
42 flip
43 guard rows
44 guardion
45 hardware-level mitigations
46 higher order allocations
47 industry
48 latest Android OS
49 lightweight defense
50 main attack vectors
51 memory overheads
52 mitigation
53 mobile devices
54 negligible memory overhead
55 order allocation
56 overhead
57 performance
58 practical mitigation
59 previous attacks
60 proposal
61 rampage
62 re-enabling higher order allocations
63 reaction
64 researchers
65 root exploits
66 rowhammer attacks
67 rows
68 scenarios
69 search
70 series
71 series of apps
72 set
73 single bit flips
74 software defenses
75 software vulnerabilities
76 system performance
77 vector
78 vulnerability
79 years
80 schema:name GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM
81 schema:pagination 92-113
82 schema:productId N3984d804a3c04bf2b8c817f0e3cd7dd7
83 N3d12ef7abc5144c3b2b2490768862dc5
84 schema:publisher N0d526ca6e4004268a7e21f07d5191f2a
85 schema:sameAs https://app.dimensions.ai/details/publication/pub.1104468667
86 https://doi.org/10.1007/978-3-319-93411-2_5
87 schema:sdDatePublished 2022-01-01T19:26
88 schema:sdLicense https://scigraph.springernature.com/explorer/license/
89 schema:sdPublisher Nc15ffe23c06641c99196f301b42abcf7
90 schema:url https://doi.org/10.1007/978-3-319-93411-2_5
91 sgo:license sg:explorer/license/
92 sgo:sdDataset chapters
93 rdf:type schema:Chapter
94 N0384b4eeed3346fd95f26fde6f4fb86b rdf:first Nfeddde5cb1d54a83877ec4993771052e
95 rdf:rest N284212dc965049149aca13f314a37ad1
96 N0d526ca6e4004268a7e21f07d5191f2a schema:name Springer Nature
97 rdf:type schema:Organisation
98 N275c7c9fe8444f948b45edbfbced2c78 schema:familyName Blanc
99 schema:givenName Gregory
100 rdf:type schema:Person
101 N284212dc965049149aca13f314a37ad1 rdf:first N275c7c9fe8444f948b45edbfbced2c78
102 rdf:rest rdf:nil
103 N327e4bb8accd470f92c0a2a1897f699a rdf:first N478bf8998954401ebb57a1cfe5292448
104 rdf:rest Na7cd52c2471e4db08edd926f94428e38
105 N3984d804a3c04bf2b8c817f0e3cd7dd7 schema:name doi
106 schema:value 10.1007/978-3-319-93411-2_5
107 rdf:type schema:PropertyValue
108 N3ab64a2203c64660add71ee615b297b7 rdf:first sg:person.010423636024.33
109 rdf:rest N327e4bb8accd470f92c0a2a1897f699a
110 N3d12ef7abc5144c3b2b2490768862dc5 schema:name dimensions_id
111 schema:value pub.1104468667
112 rdf:type schema:PropertyValue
113 N478bf8998954401ebb57a1cfe5292448 schema:affiliation grid-institutes:grid.411370.0
114 schema:familyName Padmanabha Pillai
115 schema:givenName Harikrishnan
116 rdf:type schema:Person
117 N5ef399857e824cd6b8061c6e9922e3c7 schema:familyName Giuffrida
118 schema:givenName Cristiano
119 rdf:type schema:Person
120 N91a93f8ad7c64673b90297ce2ffe650f rdf:first sg:person.014515420415.34
121 rdf:rest Nf1a5f906ca5b4afaa08614c3c4c0c012
122 Na7cd52c2471e4db08edd926f94428e38 rdf:first sg:person.016705742015.59
123 rdf:rest N91a93f8ad7c64673b90297ce2ffe650f
124 Nbbdcd15b6f7e41e9855a3a8d4a382163 rdf:first sg:person.013053706003.45
125 rdf:rest N3ab64a2203c64660add71ee615b297b7
126 Nbc1d0182d5e24b44b639e1b9bd884268 rdf:first N5ef399857e824cd6b8061c6e9922e3c7
127 rdf:rest N0384b4eeed3346fd95f26fde6f4fb86b
128 Nc15ffe23c06641c99196f301b42abcf7 schema:name Springer Nature - SN SciGraph project
129 rdf:type schema:Organization
130 Nd63ddba40dd346a780883360142a1970 schema:isbn 978-3-319-93410-5
131 978-3-319-93411-2
132 schema:name Detection of Intrusions and Malware, and Vulnerability Assessment
133 rdf:type schema:Book
134 Ne6f1acfbeaaf4077b3919bd3efe12fe5 rdf:first sg:person.013464452637.75
135 rdf:rest rdf:nil
136 Nf1a5f906ca5b4afaa08614c3c4c0c012 rdf:first sg:person.016266457567.28
137 rdf:rest Ne6f1acfbeaaf4077b3919bd3efe12fe5
138 Nfe15ad257a924c199195944f8fa1a963 rdf:first sg:person.013737020327.38
139 rdf:rest Nbbdcd15b6f7e41e9855a3a8d4a382163
140 Nfeddde5cb1d54a83877ec4993771052e schema:familyName Bardin
141 schema:givenName Sébastien
142 rdf:type schema:Person
143 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
144 schema:name Information and Computing Sciences
145 rdf:type schema:DefinedTerm
146 anzsrc-for:0803 schema:inDefinedTermSet anzsrc-for:
147 schema:name Computer Software
148 rdf:type schema:DefinedTerm
149 sg:person.010423636024.33 schema:affiliation grid-institutes:grid.28848.3e
150 schema:familyName Fratantonio
151 schema:givenName Yanick
152 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010423636024.33
153 rdf:type schema:Person
154 sg:person.013053706003.45 schema:affiliation grid-institutes:grid.133342.4
155 schema:familyName Lindorfer
156 schema:givenName Martina
157 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013053706003.45
158 rdf:type schema:Person
159 sg:person.013464452637.75 schema:affiliation grid-institutes:grid.12380.38
160 schema:familyName Razavi
161 schema:givenName Kaveh
162 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013464452637.75
163 rdf:type schema:Person
164 sg:person.013737020327.38 schema:affiliation grid-institutes:grid.12380.38
165 schema:familyName van der Veen
166 schema:givenName Victor
167 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013737020327.38
168 rdf:type schema:Person
169 sg:person.014515420415.34 schema:affiliation grid-institutes:grid.133342.4
170 schema:familyName Kruegel
171 schema:givenName Christopher
172 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014515420415.34
173 rdf:type schema:Person
174 sg:person.016266457567.28 schema:affiliation grid-institutes:grid.12380.38
175 schema:familyName Bos
176 schema:givenName Herbert
177 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016266457567.28
178 rdf:type schema:Person
179 sg:person.016705742015.59 schema:affiliation grid-institutes:grid.133342.4
180 schema:familyName Vigna
181 schema:givenName Giovanni
182 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016705742015.59
183 rdf:type schema:Person
184 grid-institutes:grid.12380.38 schema:alternateName Vrije Universiteit, Amsterdam, The Netherlands
185 schema:name Vrije Universiteit, Amsterdam, The Netherlands
186 rdf:type schema:Organization
187 grid-institutes:grid.133342.4 schema:alternateName University of California, Santa Barbara, USA
188 schema:name University of California, Santa Barbara, USA
189 rdf:type schema:Organization
190 grid-institutes:grid.28848.3e schema:alternateName EURECOM, Biot, France
191 schema:name EURECOM, Biot, France
192 rdf:type schema:Organization
193 grid-institutes:grid.411370.0 schema:alternateName Amrita University, Coimbatore, India
194 schema:name Amrita University, Coimbatore, India
195 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...