Presentation is loading. Please wait.

Presentation is loading. Please wait.

Victor van der Veen and Kaveh Razavi

Similar presentations


Presentation on theme: "Victor van der Veen and Kaveh Razavi"— Presentation transcript:

1 Victor van der Veen and Kaveh Razavi
Flip Feng Shui Victor van der Veen and Kaveh Razavi

2 VUSec.net Binary Armoring Malware Analysis Hardware Vulnerabilities
We do more than just breaking stuff: Reverse engineering (no source code available: can we still protect the binary against attacks?) Fuzzing Software defenses (for example: Shrinkwrap made Google Chrome more secure) More on our website Binary Armoring Malware Analysis Hardware Vulnerabilities Mobile Security Software Reliability Software Testing Flip Feng NCSC – May 17, 2017 Introduction

3 Flip Feng Shui Even if we could build perfect software...
Your takeaway message of today Even if we could build perfect software... Flip Feng NCSC – May 17, 2017 Introduction

4 Flip Feng Shui Even if we could build perfect software...
Your takeaway message of today Even if we could build perfect software... Without any security bugs whatsoever... Flip Feng NCSC – May 17, 2017 Introduction

5 Flip Feng Shui Even if we could build perfect software...
Your takeaway message of today Even if we could build perfect software... Without any security bugs whatsoever... A single hardware bit flip can compromise it. Flip Feng NCSC – May 17, 2017 Introduction

6 Flip Feng Shui in 2016 The art of turning bit flips into a reliable compromise…
… of the cloud Hammering a Needle in the Software USENIX Security … of the browser Dedup Est IEEE Security & Privacy … of the mobile ACM CCS We will explain all three attacks in detail Dutch high quality research at top venues in computer security Best research group in the world in 2016 (better than MIT!) Flip Feng NCSC – May 17, 2017 Introduction

7 Flip Feng Shui Worldwide impact
ArsTechnica, WIRED, The Register, Infoworld, Slashdot, The Stack, Softpedia, Science Daily, CORDIS, Security Now!, Daily Mail, Tech Times, Fossbytes, The Inquirer, Hack Read, Threatpost Argentina (Segu-info), Austria (Der Standard), Belgium (DeMorgen), China (Freebuff, Sohu, EEPW), Czech Republic (Svět Androida), Denmark (Version2), France (Silicon, Le Monde Informatique, Informanews), Germany (Der Spiegel, Golem.de, Pro-Linux, Crn.de, JAXenter, Computer Bild, t3n Magazine, Netzwelt.de), Hungary (HWSW), Italy (Repubblica.it, Punto Informatico, Gadgetblog.it, Tutto Android), Mexico (PCWorld Mexico), The Netherlands (NU.nl, Tweakers.net, Crimesite), Norway (Digi.no), Poland (eGospodarka, Softonet, PCLab.pl, Dobreprogramy, PC Format, Telix.pl), Russia (Хакер, Securitylab.ru), Slovakia (Živé.sk), Spain (López Dóriga, CSO, El Android libre), Switzerland (Neue Zürcher Zeitung), Taiwan (iThome), Turkey (Teknokulis, CHIP, Webtekno), and Ukraine (KO). Powerful Bit-Flipping Attack Bruce Schneier This is a significant finding, thanks for Researching it Mark Seaborn, Google This is an issue that will affect almost any modern computer system Hugo Vincent, ARM Research We appreciate your assistance in helping to maintain and improve the security of our products. Cristina Formaini, Apple Flip Feng NCSC – May 17, 2017 Introduction

8 INTRODUCTION Flip Feng NCSC – May 17, 2017 Introduction

9 Flip Feng Shui Requirements
A reproducible hardware bit flip Rowhammer – a widespread DRAM issue Ability to target the bit flip Predictable memory management behavior Flip Feng NCSC – May 17, 2017 Introduction

10 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

11 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

12 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

13 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

14 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

15 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

16 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

17 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

18 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch 1 1 1 1 1 1 1
1 1 1 1 1 1 1 1 1 1 1 1 Flip Feng NCSC – May 17, 2017 Introduction

19 Rowhammer Single-Sided Rowhammer A DRAM hardware glitch Aggressor row
1 1 1 1 Aggressor row 1 1 1 Victim row 1 1 1 1 1 1 Not every bit may flip Once a bit flips, we can often reproduce it Flip Feng NCSC – May 17, 2017 Introduction

20 Rowhammer SingleDouble-Sided Rowhammer A DRAM hardware glitch
1 1 1 1 Aggressor row 1 1 1 1 Victim row 1 Aggressor row 2 1 1 1 1 1 Sandwich the victim row by alternating accesses Increased chance of flipping a bit Flip Feng NCSC – May 17, 2017 Introduction

21 CPU Bypass the CPU cache DRAM Solution: cache flush
Tell the CPU to remove data from the cache Solution: cache eviction Read more data until the cache is full 1 1 1 1 CPU Cache 1 1 1 1 1 1 1 1 1 1 DRAM Flip Feng NCSC – May 17, 2017 Introduction

22 Flip Feng Shui Mechanics
Memory templating Scan memory for useful bit flips Land sensitive data Store sensitive data on a vulnerable location Reproduce the bit flip Modify the sensitive data to compromise the system We will use these three mechanics when describing the attacks Flip Feng NCSC – May 17, 2017 Introduction

23 HAMMERING A NEEDLE IN THE SOFTWARE STACK
SCENARIO 1 Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos HAMMERING A NEEDLE IN THE SOFTWARE STACK USENIX Security August 2016 Flip Feng NCSC – May 17, 2017 Scenario 1: Breaking the Cloud

24 Hammering a Needle in the Software Stack
Malicious VM in the cloud compromising neighbors Rowhammer + Memory Deduplication You can flip a bit in another VM What would YOU flip? Flip Feng NCSC – May 17, 2017 Scenario 1: Breaking the Cloud

25 Memory templating Hardware Layer Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor Hardware Layer CPU – DRAM – Caches - …

26 Memory templating Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor g

27 Memory templating Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor

28 Memory templating Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor

29 Memory templating Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor

30 Bit Flip Memory templating Hypervisor Victim VM Attacker VM
Victim and Attacker share hardware Attacker has access to the same physical memory as the victim Attacker is root on his own VM: use cache flush to Rowhammer Victim VM Attacker VM Hypervisor Bit Flip

31 Land sensitive data Memory Deduplication Hypervisor Victim VM
Given a bit flip in the Attacker VM How do we force the Victim VM to store sensitive data here? Memory Deduplication Victim VM Attacker VM Hypervisor

32 Land sensitive data Memory deduplication
Operating System / Hypervisor searches for duplicate pages buf = malloc(...) xbff00000 0xbff40000 Victim VM xbff80000 buf = malloc(...) xbf610000 0xbf650000 Attacker VM xbf690000 Hypervisor 10100 10111 11100

33 Land sensitive data Memory deduplication
Operating System / Hypervisor searches for duplicate pages buf = malloc(...) xbff00000 0xbff40000 Victim VM xbff80000 buf = malloc(...) xbf610000 0xbf650000 Attacker VM xbf690000 Hypervisor 10100 10111 11100

34 Land sensitive data Memory deduplication
Operating System / Hypervisor searches for duplicate pages Frees the duplicated bytes from physical memory Updates the virtual address mapping But what should we flip? buf = malloc(...) xbff00000 0xbff40000 Victim VM xbff80000 buf = malloc(...) xbf610000 0xbf650000 Attacker VM xbf690000 Hypervisor 10111 10100 11100

35 Land sensitive data What should we land?
Cryptographic keys + Domain names Scenario 1: Breaking the Cloud

36 Reproduce the bit flip Cryptographic keys
Public RSA key from .ssh/authorized_keys Victim VM Attacker VM Hypervisor ssh-rsa AAAAB3NzaC1yc2EAAAADAQABl8h0VfRbC7naVs...

37 Reproduce the bit flip Cryptographic keys
Public RSA key from .ssh/authorized_keys Flipping a bit changes the public/private key pair Victim VM Attacker VM Hypervisor ssh-rsa AAAAB4NzaC1yc2EAAAADAQABl8h0VfRbC7naVs...

38 Reproduce the bit flip Cryptographic keys
Public RSA key from .ssh/authorized_keys Flipping a bit changes the public/private key pair New public key is easy to factorize Victim VM Attacker VM P = ... Q = ... Hypervisor ssh-rsa AAAAB4NzaC1yc2EAAAADAQABl8h0VfRbC7naVs...

39 Reproduce the bit flip Cryptographic keys
Public RSA key from .ssh/authorized_keys Flipping a bit changes the public/private key pair New public key is easy to factorize Attacker computes the new private key and gets SSH access Victim VM id_rsa = ... Attacker VM Hypervisor ssh-rsa AAAAB4NzaC1yc2EAAAADAQABl8h0VfRbC7naVs...

40 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Victim VM Attacker VM Hypervisor security.ubuntu.com/ubuntu

41 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Victim VM Attacker VM Hypervisor security.ubunvu.com/ubuntu

42 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Packages are signed: also flip a bit in the GPG keychain Victim VM Attacker VM Hypervisor security.ubunvu.com/ubuntu

43 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Packages are signed: also flip a bit in the GPG keychain Victim VM Attacker VM Hypervisor /etc/apt/trusted.gpg: mQGiBEFEnz8RBAC7Ls... security.ubunvu.com/ubuntu

44 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Packages are signed: also flip a bit in the GPG keychain Victim VM Attacker VM Hypervisor /etc/apt/trusted.gpg: mQGiBDFEnz8RBAC7Ls... security.ubunvu.com/ubuntu

45 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Packages are signed: also flip a bit in the GPG keychain Attacker computes the new GPG key and signs his backdoored ls Victim VM Attacker VM Hypervisor /etc/apt/trusted.gpg: mQGiBDFEnz8RBAC7Ls... security.ubunvu.com/ubuntu

46 Reproduce the bit flip Cryptographic keys + domain names
Domain name used for apt-get upgrade Flipping a bit changes the domain name used to pull updates Attacker hosts malicious ls command at ubunvu.com Packages are signed: also flip a bit in the GPG keychain Attacker computes the new GPG key and signs his backdoored ls Wait for victim to apt-get upgrade Victim VM Attacker VM Hypervisor /etc/apt/trusted.gpg: mQGiBDFEnz8RBAC7Ls... security.ubunvu.com/ubuntu

47 Scenario 1: Breaking the Cloud
Disclosure Contacted NCSC on June 9, 2016 Good job on contacting vendors and affected parties! GPG Patch so that self-signed keys are no longer valid Bought some domains for ubuntu/debian ubunvu.com ubuftu.com ubunte.com ubuntt.com ubuntw.com ubun4u.com ubunuu.com dabian.org ddbian.org debiaf.org debicn.org debial.org debiqn.org debien.org And more... Flip Feng Surf – May 17, 2017 Scenario 1: Breaking the Cloud

48 DEDUP EST MACHINA SCENARIO 2 IEEE Security & Privacy (Oakland)
Erik Bosman, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida DEDUP EST MACHINA IEEE Security & Privacy (Oakland) May 2016 Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

49 Aim: compromise the browser process from JavaScript
Dedup Est Machina Compromise Microsoft Edge with all defenses up without a software vulnerability Use memory deduplication as a side channel to leak pointers The leaked pointers are useful in the Flip Feng Shui attack Aim: compromise the browser process from JavaScript Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

50 Scenario 2: Breaking the Browser
Memory templating Use cache eviction buffers to read from memory JavaScript Array JavaScript Typed Array Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

51 Scenario 2: Breaking the Browser
Memory templating Hammering Strategy JavaScript Array JavaScript: no physical addresses Single-sided Rowhammer Javascript bit flips! Rowbuffer: find bank conflicts Cache coloring: find cache sets probablistic double-sided Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

52 Land sensitive data JavaScript References JavaScript Array
Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

53 Land sensitive data JavaScript References JavaScript Array Typed Array
Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

54 Land sensitive data JavaScript References JavaScript Array Typed Array
vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

55 Land sensitive data JavaScript References JavaScript Array Typed Array
Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

56 Land sensitive data JavaScript References JavaScript Array Typed Array
Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

57 Scenario 2: Breaking the Browser
Reproduce the bit flip JavaScript Array Typed Array Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

58 Scenario 2: Breaking the Browser
Reproduce the bit flip JavaScript Array Typed Array Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

59 Scenario 2: Breaking the Browser
Reproduce the bit flip JavaScript Array Typed Array Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

60 Scenario 2: Breaking the Browser
Reproduce the bit flip JavaScript Array Typed Array Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

61 Scenario 2: Breaking the Browser
Reproduce the bit flip JavaScript Array Typed Array Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

62 Scenario 2: Breaking the Browser
Reproduce the bit flip Counterfeit Object vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

63 Scenario 2: Breaking the Browser
Reproduce the bit flip Counterfeit Object Arbitrary read/write over memory Take over Edge without a software bug vtable pointer size Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

64 Scenario 2: Breaking the Browser
Disclosure Talked to Microsoft on March 7, 2016 Memory deduplication was disabled on July 18, 2016 Most innovative research! Black Hat USA 2016 Flip Feng Surf – May 17, 2017 Scenario 2: Breaking the Browser

65 Scenario 3: Breaking the Mobile
Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovani Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida DRAMMER ACM CCS October 2016 Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

66 Scenario 3: Breaking the Mobile
Drammer Can we use Rowhammer to root Android phones? Targeting ARM instead of x86 Android devices do not have memory deduplication Exploit behavior of underlying memory allocator Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

67 Scenario 3: Breaking the Mobile
Memory Templating Bypassing the CPU cache Cache eviction Explicit cache flush (clflush instruction) Does this work on ARM? Too slow Privileged Of course not Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

68 Memory templating Bypass the CPU cache
Sometimes CPU caches are detrimental Offload specific tasks to dedicated hardware Devices for graphics / audio / … CPU gets to do other tasks in parallel GPU DMA: Direct Memory Access 1 1 1 1 CPU Cache 1 1 1 1 1 1 1 1 1 1 DRAM Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

69 Scenario 3: Breaking the Mobile
Land sensitive data Threat-Model Recent Android OS without memory deduplication (too costly) Unprivileged app wants to get root access Goal: read/write access to anywhere in memory Find administrative kernel data structures for our process Overwrite our own uid to get root access Approach Land a Page Table at the vulnerable location Flip a bit in a Page Table Entry! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

70 Land sensitive data Page tables
Mapping virtual addresses to physical addresses 1 0x080000 0x040000 0x0c0000 0x100000 0x140000 Hello World 0xb6a57000 buf = malloc(8196); sprintf(buf, “Hello World”); 0xb6a58000 Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b Page table Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b Where are page tables stored? In memory! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

71 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b What if we flip a bit in a page table? Modify mappings! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

72 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x140000 0b 0xb6a58000 0x0c0000 0b What if we flip a bit in a page table? Modify mappings! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

73 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b What if we flip a bit in a page table? Modify mappings! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

74 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b What if we flip a bit in a page table? Modify mappings! Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

75 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x0c0000 0b Page tables give us read/write access to anywhere in memory Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

76 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b By modifying existing entries… Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

77 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b 0xb6a59000 0x080000 0b 0xb6a59000 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b 0xb6a59000 0x080000 0b By modifying existing entries… or by adding new ones Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

78 Land sensitive data Page tables
Mapping virtual addresses to physical addresses buf = malloc(8196); sprintf(buf, “Hello World”); 0x040000 1 1 1 0x080000 0xb6a57000 1 1 1 0x0c0000 0xb6a58000 World 1 1 0x100000 Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b 0xb6a59000 0x080000 0b 0xb6a59000 1 1 1 0x140000 Hello 1 Page table Virtual Address Physical Address (binary) 0xb6a57000 0x100000 0b 0xb6a58000 0x040000 0b 0xb6a59000 0x080000 0b By modifying existing entries… or by adding new ones Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

79 Land sensitive data Phys Feng Shui (intuition)
Physical memory Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

80 Land sensitive data Phys Feng Shui (intuition)
Running applications before Drammer Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

81 Land sensitive data Phys Feng Shui (intuition)
Step 1. Allocate large chunks of memory Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

82 Land sensitive data Phys Feng Shui (intuition)
Step 2. Search for bit flips Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

83 Land sensitive data Phys Feng Shui (intuition)
Step 2. Search for bit flips Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

84 Land sensitive data Phys Feng Shui (intuition)
Step 2. Search for bit flips (got one!) Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

85 Land sensitive data Phys Feng Shui (intuition)
Step 3. Allocate small chunks Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

86 Land sensitive data Phys Feng Shui (intuition)
Step 3. Allocate small chunks Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

87 Land sensitive data Phys Feng Shui (intuition)
Step 3. Allocate small chunks Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

88 Land sensitive data Phys Feng Shui (intuition)
Step 4. Release vulnerable chunk Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

89 Land sensitive data Phys Feng Shui (intuition)
Step 5. Generate a new page table Virtual Address Physical Address 0xb6a57000 0x100000 0xb6a58000 0x040000 0xb6a59000 0x080000 Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

90 Scenario 3: Breaking the Mobile
Reproduce the bit flip Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

91 Scenario 3: Breaking the Mobile
Reproduce the bit flip Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

92 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s Bit flips on 18 out of 27 tested devices Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

93 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

94 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

95 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

96 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s After the 1st exploitable flip, exploitation takes at most 22 seconds Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

97 Scenario 3: Breaking the Mobile
Evaluation Device #flips 1st exploitable flip after LG Nexus 51 1058 116s LG Nexus 54 - LG Nexus 55 747,013 1s LG Nexus 4 1,328 7s OnePlus One 3,981 942s Motorola Moto G (2013) 429 441s LG G4 (ARMv8 – 64-bit) 117,496 5s After the 1st exploitable flip, exploitation takes at most 22 seconds Drammer test app reported bit flips on: Google Pixel, OnePlus 3, Galaxy Note 7, … Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

98 Scenario 3: Breaking the Mobile
Disclosure Contacted Google with suggested mitigations on July 25, 2016 (91 days before #CCS16) “Can you publish at another conference, later this year?” “What if we support you financially?” Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

99 Disclosure (best) DUTCH CYBER SECURITY RESEARCH PAPER AWARD
Contacted Google with suggested mitigations on July 25, 2016 (91 days before #CCS16) “Ok, could you then perhaps obfuscate some parts of the paper?” Rewarded $4000 Partial hardening in November’s updates “We will continue to work on a longer term solution” (best) DUTCH CYBER SECURITY RESEARCH PAPER AWARD Flip Feng Surf – May 17, 2017 Scenario 3: Breaking the Mobile

100 CONCLUSION Now what? Flip Feng Surf – May 17, 2017 Conclusion

101 Flip Feng Shui Deterministic Rowhammer exploitation by VUSec
We break your cloud We break your browser We break your mobile Yes, we are also working on software defenses… Software was never designed to deal with bit flips Software defenses are in early stages and easily bypassed Even hardware mitigations are currently still optional You cannot fix Rowhammer Flip Feng Surf – May 17, 2017 Conclusion

102 Implications Rowhammer, the silent killer since 2010
A lot of DRAM chips have been manufactured since With 83% affected DDR3 modules, this is a widespread issue More research is necessary to understand the impact Rowhammer is not going away Bit flips reported on both DDR4 and the latest smartphones What is next? Do you still trust hardware? Will there be a Rowhammer 2.0? Flip Feng Surf – May 17, 2017 Conclusion

103 More details, demos, statistics, and Drammer test app https://vusec
@vvdveen @gober Flip Feng Surf – May 17, 2017 Conclusion

104 Did you not have enough yet?
BACKUP SLIDES Did you not have enough yet? Flip Feng Surf – May 17, 2017 Backup

105 Rowhammer Rowhammer Disturbance error! A DRAM hardware glitch
Memory cells (capacitors) have a natural discharge rate refresh every 64ms Activating neighboring cells increases the discharge rate Rowhammer Victim cell is charged to represent 1 Neighboring cells are accessed frequently Victim cell leaks charge below a certain threshold When read, victim cell is interpreted 0 Disturbance error! Flip Feng Surf – May 17, 2017 Backup

106 Memory templating Select the aggressor rows
Dedicated hardware devices might be stupid Simple devices cannot translate virtual to physical mappings Shared memory must be contiguous DMA can behave very much like Huge Pages buf = gralloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup

107 Select the Aggressor Rows
DRAM works with physical memory addresses Software works with virtual addresses Unpredictable mapping of virtual to physical addresses How do we select the addresses to read from? buf = malloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup

108 Select the Aggressor Rows
DRAM works with physical memory addresses Software works with virtual addresses Unpredictable mapping of virtual to physical addresses How do we select the addresses to read from? buf = malloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup

109 Select the Aggressor Rows
Solution: single sided Rowhammer Pick any two addresses and ‘just’ hammer Less interference between rows, so less bit flips Still good enough with buggy DRAM buf = malloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup

110 Select the Aggressor Rows
Solution: pagemap Special file that holds the mapping of virtual to physical addresses /proc/self/pagemap buf = malloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup

111 Select the Aggressor Rows
Solution: pagemap Special file that holds the mapping of virtual to physical addresses Solution: huge pages Virtual allocations mapped to physically contiguous memory buf = malloc(…) 0xbff00000 0x040000 1 1 1 0xbff40000 0x080000 1 1 1 0xbff80000 0x0c0000 1 1 0xbffc0000 0x100000 1 1 1 0xc 0x140000 1 Flip Feng Surf – May 17, 2017 Backup


Download ppt "Victor van der Veen and Kaveh Razavi"

Similar presentations


Ads by Google