# Assignment 1: DRAMA

**Hardware Security** 

#### Why?

















#### DRAMA: Exploiting DRAM Addressing

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard, https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl

> This paper is included in the Proceedings of the 25th USENIX Security Symposium August 10-12, 2016 • Austin, TX

ISBN 978-1-931971-32-4

Open access to the Proceedings of the 25th USENIX Security Symposium is sponsored by USENIX

#### ware-only Reverse Engineering of Physical AM Mappings for Rowhammer Attacks ghi Luca Breveglieri Niccolò Izzo DEIB Politecnico di Milano - DEIB Polit

DEB Politecnico di Milano - DEB 20133, Milan, Italy 20134, Milan, Italy 20

20133, Milan, Italy gerardo.pelosi@polimi.it

ability to induce bit-flips in the charge depletion has been uthorized priliferion and have access and mobile computational exceeding the concerns a diacks, &s. concerns a diacks, and a di

implementation on silicon in 1966 by Robert Dennard, DRAM implementation on silicon in 1900 by Koreri Dennari, DikAM modules have been increasing their capacity and readwrite control of the capacity and readwrite control of the capacity and readwrite capacity and readwrite capacity and readwrite capacity. modules have been increasing their capacity and read/write speed as the result of a sleady shrinking in the cething calculations. One Low Advancements of FDAM resonances. speed as the result of a steady shirnking in the etching technology. One key characteristic of DRAM memories is that Auta memories of in them facts to the standard memories from the facts of the standard memories of the s technology. One key characteristic of DRAM memorizes is that data memorized in them fade over time naturally, say they consider the characteristic constitution. The constitution of the c that data memorized in them fate over time naturally, as they are represented by charge levels in non-ideal capacitors. The according to the control of the are represented by charge levels in non-ideal capacitors. House every DRAM must be periodically read and rewritten, an op-cration known as refresh, to avoid data complex Despite the contractions of the contraction of the eration known as refrest, to avoid data corruption. Lespite the fact that a periodic refresh is performed, electrical personnes as the second fact that a periodic refresh is performed, electrical phenomena such as sub-threshold leakage and gate-indiced drink leakage. such as sub-threshold leakage and gate-induced drain leakage, may still cause data alleration. Memory manufactures have home them, there are a sub-threshold being the sub-threshold leakage and gate-induced drain leakage. may Min Cause cata attention. Memory manufactures have for the phenomena, and always considered them as a manufacture for the control of the long known these phenomena, and aways considered them as reliability issues, introducing mechanisms relying on error control of the support of a cincle-bit error. as reliability issues, introducing mechanisms relying on error correcting codes, to allow the correction of a single-bit error and the Association of a true has according to the proofets.

convexing cours, to anow the consection or a single and the detection of a two-bit error in the module. efficiency ethicancy While accidental memory corruptions due to fading are respond-chiefly a reliability concern, the possibility of inducing such accidental control of the control o and the detection of a two-one error in the module.

While accidental memory computions due to fading are
the modulity of indusing which receptual. Chiefly a reliability concern, the possibility of inducing such that me value changes intentionally, via software-only slimidi has concern to he a similar sortative revolution frobod kin that are value changes intentionally via software-only slimit has carried proven to be a significant security problem. Indeed, Kim value changes of circumventing apparent and practically validated the control of circumventing apparent and practically validated the control of circumventing apparent and practically validated the control of circumventing apparent and control of circumventing and control of circumventing apparent and circumventing appar Youngu et al. [3] identified and practically validated the possibility of circumventing memory protection mechanisms and the control of the protection mechanisms. possibility of circumventing memory protection mechanisms exploiting software-induced bit-flips in DRAM modules to explaining software-induced nit-mps in DKAM modules to change the protection map of user-accessible memory pages. change me protection map of user-accessible memory pages.

This attack, known as Rowhammer relies on repeatedly per-Ints attack, known as knowhammer, relies on repeatedly per-forming read accesses to a row of a DRAM block, causing forming read accesses to a row of a DRAM block, causing charge depletion in the neighboring rows. The charge depletion are the stream of the s charge depletion in the neighboring rows. The charge depletion results in flip downs in the stored values, which escape fecuns in the downs in the stored values, which escape the common memory protection mechanisms enacted by the entire system and the CPU Circui in the documentaries that the common memory protection mechanisms enacted by the peraing system and the CPU. Since its first description, the adjacency of park-memory to adjacency the adjacency of the period of erating system and the CFU, since to his description, the life of Rowhimmer to circumvent the access control barbetween different process domains has been extensively retween unreven process nomains has oven extensively ligated to highlight and exploit security issues on various generato ingungia and exposi security issues on various so. Open literature reports attacks aimed at performing s. Open incrature reports attacks attack at performing ege escalation of the hosting operating system from ge escatation or the nosting operating system insur-prioring on desktop [6] and mobile [7] platforms sandboxes [8] and virtual machine environments sandboxes [6] and virtual machine environments third-party compute clouds [9]. In addition to privon, the faults induced in the stored data have also thwar the security of cryptographic primitives A strict requirement for a the effectiveness of a ack, is the knowledge of the mapping between esses and the actual data location within the ecture. Such a mapping depends on the memory

#### Assignment

#### 3 Tasks:

- #1 Detecting bank conflicts (Timing side channel)
- #2 Detecting number of banks
- #3 Automated threshold detection

#### Task 1

#### **Detecting bank conflicts**

#### Task 1

#### **Detecting bank conflicts**

#### #1 HugePages

```
#define SUPERPAGE GB(1)
```

Note: we have configured the cluster so that this gives 1 superpage

#### #1 HugePages



Virtual address space

Physical address space





char\*\* pool = [\*addr1,



char\*\* pool = [\*addr1, \*addr2,



char\*\* pool = [\*addr1, \*addr2, \*addr3,



```
char** pool = [*addr1, *addr2, *addr3, ..., *addrN];
```



```
char** pool = [*addr1, *addr2, *addr3, ..., *addrN];
char* base = pool[rand()%pool_size];
```



```
char** pool = [*addr1, *addr2, *addr3, ..., *addrN];
char* base = pool[rand()%pool_size];
for (addr in pool)
    time_access(base, addr);
```



```
char** pool = [*addr1, *addr2, *addr3, ..., *addrN];
char* base = pool[rand()%pool_size];
for (addr in pool)
    time_access(base, addr);

int time_access(char* a, char* b) {
    t0 = rdtscp();
    while (round--) { *addr1; *addr2; }
    t1 = rdtscp();
    return (t1-t0)/ROUNDS;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
}
```



```
while (round--) {
    *addr1;
    *addr2;
    clflushopt(addr1);
    clflushopt(addr2);
}
```



```
while (round--) {
    *addr1;
    *addr2;
    clflushopt(addr1);
    clflushopt(addr2);
}
```



```
while (round--) {
    *addr1;
    *addr2;
    clflushopt(addr1);
    clflushopt(addr2);
}
```



```
while (round--) {
    *addr1;
    *addr2;
    clflushopt(addr1);
    clflushopt(addr2);
}
```



```
while (round--) {
    *addr1;
    *addr2;
    clflushopt(addr1);
    clflushopt(addr2);
}
```

What about the order of the requests?



### #1 Tips

```
Core
Caches
DRAM
```

```
while (--r) {
    t0 = rdtscp();
    *addr1; *addr2;
    times[r] = rdtscp() - t0;
    fence();
    clflushopt(addr1);
    clflushopt(addr2);
    fence();
}
time = median(times);
```



#### Deliverable:

- 5 csv files with raw data in this format <base, addr, time>. Files named after five cluster nodes
- Your code that prints the contents of the csv file to stdout on a given node
- Plot showing conflicts on five nodes in the cluster



### Task 2

### **Detecting the number of banks**

### #2 Number of banks



<channel, dimm, rank, bank>

num\_banks = channel x dimm x rank x banks\_per\_chip

On the testbed: dimm = 1, channel = 1

### #2 Detecting the first bank



## #2 Bank clustering



num\_colors == num\_banks

# #2 Detecting the number of banks

#### Deliverable:

- Your code that performs a printf("%d\n", num\_banks)
   at the end
- Number of banks on five nodes in the cluster node\_name: num\_banks

### Task 3

#### **Automated threshold detection**

# #3 Automated threshold detection

Open: do something that works!



## #3 Automated threshold detection

#### Deliverable:

- Your code that performs a printf("%d %d\n", threshold, num\_banks)
   at the end
- A 1-paragraph description of how your algorithm works
- The thresholds detected on five nodes in the cluster node\_name: threshold (in cycles) num\_banks



### **Notes on the Deliverable**

- make should build ./{student\_number}
- Task 1:
  - ./{student\_number} should print the contents of the csv file to stdout on the current node
- Task 2:
  - ./{student\_number} -t THRESHOLD should print the number of banks to stdout given a THRESHOLD
- Task 3:
  - ./{student\_number} -b should print the calculated threshold, and the number of banks to stdout using the calculated threshold
- Each should finish execution < 60s</li>

### **Grading & Deadline**

- Deadline:
  - Deadline **Tuesday Sep 22, 23:59**Delays: -0.5pt per late day, max 3 late days.
- Grading:
  - **4** ⇒ Task #1
  - $5 \Rightarrow \text{Task } #2$
  - $6 \Rightarrow Task #3$

### **Questions?**

- Forum on Moodle
  - Help each other
  - Don't give away your solution

