Rowhammer Exploit Threatens Cloud Virtual Machines

Row hammer / rowhammer can open the way to the memory cells to leak their charges and interact electrically within them. Each bit of stored data occupies a separate memory cell that is electrically implemented with one capacitor and one transistor in DRAM – charged or discharged of a capacitor determines whether a DRAM cell stores binary value as 1 or 0. So it is happening at hardware level. The circumvention of the isolation environment is possible in modern DRAM. Row hammer is an unintended side effect in DRAM. In This this article, We Will Discuss in Brief How This Rowhammer Exploit Threatens Cloud Virtual Machines. It can be used as hardware bug.

Background History of Rowhammer Exploit Before Entering the Area of Cloud Virtual Machines

Physically smaller memory cells is capable of storing smaller charges, resulting in increased rates of electromagnetic interactions between memory cells, creating greater possibility of data loss. The known errors dates back to the early 1970s. There are various analysis on commercially available DDR3 DRAM chips in different years which are susceptible to errors. It is named as row hammer to the associate side effect that led to observed bit flips. There is also a variant called double sided hammering. Since the 70’s, the DRAM manufacturers have employed various mitigation techniques to counteract. Like Intel Xeon processors with Ivy Bridge microarchitecture, support pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant DDR3 dual in-line memory modules (DIMMs) to mitigate the row hammer effect by refreshing the suspected victim rows.

It is not hugely important to understand the mechanism of creation to a common webmaster or server administrator. It is important to understand which hardwares the flaw is around.

How The Rowhammer Exploit Threatens Cloud Virtual Machines

A group of researchers managed to obtain private keys of some cloud Virtual Machines (VM) with minimal effort. We can rely on a VM for the encryption keys – second VM hosted within the same cloud is not authorized SSH access. The requirements for exploits may appear unrealistic, but researchers’ work shows that it is possible to implement the attack reliably today in the cloud using Rowhammer, a wide-spread DRAM glitch and memory reduplication. The last one is a popular memory management feature to reduce the physical memory footprint of virtual machine by merging memory pages with the same content.

The basic version of Rowhammer had proved to date little use to potential attackers – the technique worked to corrupt and move certain bits of data could not be properly controlled in fact. Researchers managed to improve the tool by going to achieve a more effective technique – called “Flip Feng Shui”. So it is possible to manipulate the deduplication operations, special processes used in cloud environments, in order to save memory resources, implement the sharing of the same bit data used by one or more VMs. Flip Feng Shui is able to send a message to the physical memory so that the cryptographic keys or the other sensitive data is moved.

The encryption software presently on the market are totally unprepared to face bit flipping. The attack can begin with the preliminary obtaining the public keys. Public keys per se are not able to reveal any useful matter for the private keys. Using the Flip Feng Shui to create a new variant can be used to fetch information on the corresponding private key. The experiment was carried out successfully on RSA keys. Flip Feng Shui fortunately needs certain conditions.