PC security facing another “heavy hammer”, Baidu Security discovers a new Rowhammer attack
Since the first appearance of the Rowhammer vulnerability, researchers and defenders have staged an arms race, demonstrating the technical strength against the other side. Recently, Dr. Yueqiang Cheng, a senior researcher at Baidu Security X-Lab, and Dr. Zhi Zhang from the University of New South Wales, have discovered a new type of Rowhammer attack that can effectively break through various advanced defenses. As a result, the entire PC security mechanism is at risk of collapse.
This research is selected into this year’s Black Hat Asia, and with two other topics selected, Baidu Security becomes the “triple crown winner” of this conference. On March 26th, Dr. Yueqiang Cheng and Dr. Zhi Zhang attended the conference and gave a detailed introduction to the new attack and potential defenses.
Black Hat is one of the top conferences in the international security industry with very wide influence. Each year, it organizes three summits in the United States, Europe, and Asia. The conference focuses on advanced security R&D, and leads the future direction of security with its strong technical, authoritative, and objective topics. In order to ensure the technical advancement and objectivity of the content of the meeting, Black Hat has a strict review process for submissions, and the selection rate is less than 20%. In recent years, Baidu Security has repeatedly appeared on the stage of Black Hat to share research and achievement in the fields of AI security and mobile security.
Baidu Security Discovers A New Rowhammer Attack
In recent years, the hardware memory capacity has increased substantially, which requires the storage capacity on each individual DRAM chip to be larger, and the density of the memory unit to be higher. When multiple DRAM memory cells are frequently bombarded, the charges of adjacent rows interfere with each other, triggering the interaction between the DRAM cell poles, causing the permanent flipping of the bit values in the DRAM, which means that the attackers can create data error in the target memory area without accessing it. This is the Rowhammer bit flip attack.
Attackers can use it to destroy the memory protection enforced by the MMU and obtain higher privilege. It is worth noting that in this process, attackers can break the sandbox, attack the kernel or even the virtual machine monitor without relying on any software vulnerabilities. Once they obtain unauthorized privilege, it can cause serious leakage of user privacy or theft of account information.
This vulnerability exists in the hardware of the device and exceeds the capability of the traditional software security. It cannot be solved simply by upgrading the operating system. In order to defend against this attack, the industry has proposed a number of protective countermeasures. Hardware-based protections require hardware manufacturers to modify hardware standards and upgrade hardware, but the existing hardware are left out. Therefore, the practical software protection schemes are the current mainstream.
Among these software protection schemes, kernel-based memory isolation is the most effective and practical solution (CATT Usenix Security 2017). It divides physical memory into several isolated physical partitions and ensures that each partition can only be used by one software domain. Therefore, any bit flip trigger by software can only occur in the partition where the domain is assigned, thus it prevents the software domain from escaping and causing the privilege escalation.
In the talk, Dr. Yueqiang Cheng demonstrated a new attack method that could effectively break through the above-mentioned memory isolation mechanisms, making it possible for attackers to attack the kernel. This method proves that physical isolation has limited role in solving such problems under modern operating systems.
In the past, the kernel-based memory isolation mechanism adopted static ownership. For example, the memory requested by the kernel belongs to the kernel domain, and the memory requested by the user belongs to the user domain. However, Dr. Yueqiang Cheng found that in modern kernels, the ownership of memory is often dynamically changed, and there can be multiple owners. For instance, a lot of mmap kernel memories have two owners at the same time. Through such memory, an attacker can launch Rowhammer and gain kernel privileges. The attack has the following steps:
1. Find the memory that meets the requirements. The demo attack uses SCSI driver memory and Video driver memory. They all have two owners.
2. Baidu Security has introduced a new memory ambush technology that stealthily places its table pages around the target. Unlike the previous Rowhammer technologies, which often require a large amount of memories and sometimes even cause instability or system crash, the memory ambush technology is craftily built on the Linux Buddy Allocator and can effectively and accurately control the target memory. In our experimental environment, we can use only 88MB of memory to launch an attack.
3. Use single-sided Rowhammer technology to attack target memory (such as table pages), make it bit flips
4. Control the page table to arbitrarily modify the kernel data and other program code/data
5. Modify the uid, or root to get the privilege.
Note that the memory ambush technique here has similar advantage (consume very little memory) as the memory waylaying mentioned in “Another Flip” (S&P2018), but there are major differences between the two. The memory ambush technology is based on Linux Buddy Allocator, and the memory waylaying is based on page cache. In addition, “Another Flip” uses a non-root process to attack the root process in the same user isolation, and the memory ambush is to attack a separate isolated domain (e.g. from the user isolation domain to attack the kernel isolation domain). If the CATT does fine-grained isolation partitioning, such as dividing the user isolation domain into a root-user isolation domain and a non-root-user isolation domain, “Another Flip” method does not work, but our attack is still effective.
This new attack allows users to stealthily obtain root/kernel permissions of Linux systems (Linux 4.x). This poses a major threat to the integrity and privacy of the entire system. After getting the unauthorized privilege, the attacker can obtain user privacy, tamper with important data, monitor user behavior and run other malicious attacks.
Defense Against Rowhammer Still A Long Way to Go
Rowhammer is still alive, and the risk of bit flipping still exists. In response to the new attack method, Baidu Security also introduced some defense proposals. Hopefully these researches will give new ideas to memory chip manufacturers and improve the defense capability against Rowhammer.
First, put the shared memory area between the software domains into the low-privilege domain. Therefore, the shared memory and high-privileged physical partition are isolated to block the Rowhammer. This requires a lot of modifications on the memory allocation subsystem of the system kernel, to ensure the shared memory area is no longer used for the allocation of security-sensitive data structures, so this solution is impractical.
Second way, isolate vertically all the DRAM unit rows containing data (and codes), that is, any two data unit rows are separated by an invalid unit row, so that the bit flipping only occurs onto the invalid row, and the data unit rows cannot be affected. The flaw with this method is that it does not consider that bit flipping can occur on consecutive multiple rows, and one data unit row can trigger adjacent invalid unit rows and data unit rows beyond to be flipped, causing privilege elevating.
Third option, place all page table pages on the true cells of DRAM module and only at the top of the physical address area. That ensures when flipping occurs it only points to the low-level physical address area, (the bit only flips from 1 to 0) and does not point to the high-end page table pages, preventing the attacker from obtaining a writable page table page. This method only protects the Rowhammer attack with the page table pages as the target. The defense scope is limited. When the attacker flips the page table page to a non-page table page, such as the cred structure of the current process or the permission check of the root process, the defense will not be effective. Also, it relies on a large probability event, that is, the true cell bit flips from 1 to 0, but the flip direction varies with the DRAM modules and does not stay permanent. Once true cell flips from 0 to 1, the method will also fail.
In general, the existing software protection schemes can only undermine the Rowhammer attack to a certain extent. We need a new software protection mechanism to defend the existing computer system and increase the attack cost of the hacker.
Under the trend of the Internet of Everything, only those dare to face the problem can solve the problem. Baidu Security always advocates the rapid response and effective confrontation of security issues through the development and open source of next-generation technologies. In this year’s Black Hat Asia, three innovative research reports from Baidu Security X-Lab are selected, covering Deep Neural Network (DNN) model algorithm security, Rowhammer’s new attack method, and Meltdown new variant. This highlights that Baidu Security is maintaining a leading technology reserves in critical security areas such as AI security, system security and software security. In the future, Baidu Security will continue to work with academia, industry and regulatory agencies to achieve win-win cooperation and create a security ecosystem for the AI era.