Single Sided Rowhammer Attack Part 2


In the last blog, I posted about the probabilistic nature of the single sided Rowhammer attack due to its random address selection. This week, I found that allocating more heap increases the frequency of bit flips. From my experiment, allocating 14GB memory instead of 1GB increased the chance of successful bit flips by more than 20 times. Google’s single sided row hammer test source code initializes 1GB of memory.

My prediction is that the OS randomizes the virtual memory mapping to multiple areas of physical memory address. Therefore, when relatively small amount of memory is allocated, for example 1GB out of 16 GB, the memory will likely spread over multiple banks. Therefore, when a pair of addresses are accessed and flushed, they won’t meet the requirement that the addresses are in the same bank and different row. Furthermore, when the row hammer attack does successfully flip a bit, it can be outside the allocated space. In this case, we won’t able to check the result, unless the flipped location is in the critical area in the kernel and crashes the OS. With the increased heap, we make sure that we have most of addresses check after hammering a set of addresses.

Still, increasing the heap for the row hammer program will not guarantee that. However, for RAMs that is known to show a row hammer vulnerability, it will increase the frequency of bit flips dramatically.

Comments

Post a Comment

Popular posts from this blog

Single Sided Rowhammer Attack

Image
Today, I would like to run through the Rowhammer test code that Google Project Zero posted in its Github repository . This blog post will focus on the single sided Rowhammer using random address selection because it is simple and can be understood without knowledge in the LINUX system side of things. Rowhammering is an exploit in modern DRAMS due to high density of cells that reside in the memory device. More can be read in the Google Project Zero’s blogpost . The intention of this blog post isn’t to analyze the single-sided row hammer attack, but to explain briefly how the program works. So how does this code work? The program first allocates 1GB of memory. Then, in a tight loop, random eight addresses are chosen from the heap. At one address at a time, the program reads data (should be zero) from the chosen addresses. Google chose to read from a memory to a variable to replicate accessing a memory address. While not as fast as using x86 ‘mov’ assembly, the C instruction is st
Read more

Let’s Build 5V Solar Charger Part 2

Image
Let’s Build 5V Solar Charger Part 2 Last week, I assembled step-up boost converter kit and put 6V solar panel to power up the chip. I did a final assembly inside a metal casing and taped the solar panel around the case to make the kit tidy as shown in the photo below. This week, I measured the output of the solar charger. I measured the open circuit voltage and short circuit current to calculate the power output. The voltage was measured at around 6V and current was measured at around 0.03Amp. This translates to around 200mW of energy. This is 1/5 of what the solar panel was advertised at. The product page advertised at 1W of output. I expected that the tiny circuit wouldn’t able to charge a power hungry smartphone. However, this might be sufficient enough to charge a small LED light for my bike. Considering that normal USB port’s maximum current output is 500mW, the solar panel’s output is decent.  For curiosity, I calculated how much energy I could save using
Read more

Roborace Showcase at MCity

Image
On last Friday, which was May 21st, Roborace visited Mcity in the University of Michigan to show case its autonomous race car, Robocar. Robocar's first impression was astounding. Previous self-driving cars involved regular cars with regular seats. However, this race car was designed so that there is no seat. It looked like Formula 1 race cars with a higher cool factor. To achieve the autonomy, the race car uses a combination of Lidars, Radars, Sonars, and computer vision cameras. Unlike traditional self driving cars which has a roof mounted Lidar, Robo race has a couple of Lidar in the front wheel wells. I wonder the benefits of the side mounted Lidars over top mounted Lidars. I predict that due to its low height, top-mounted Lidar might cause a line of sight issue. As a consequence of side mounted Lidar in the front, the car introduces a blind spot due to large back wheel wells. Therefore, the back wheel is mounted with Sonars to compensate. In the top of the car seats the c
Read more