Word of the day: Rowhammer


Rowhammer is a vulnerability in commodity dynamic random access memory (DRAM) chips that allows an attacker to exploit devices with DRAM memory by repeatedly accessing (hammering) a row of memory until it causes bit flips and transistors in adjacent rows of memory reverse their binary state: ones turn into zeros and vice versa.

The flaw, first reported in the paper "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors," detailed how, as DRAM processes continues to scale to smaller sizes, it becomes more difficult to prevent individual memory cells from interacting with neighboring cells.
The Rowhammer flaw allows memory manipulation to be used by malicious actors to extract data such as passwords from vulnerable systems. The flaw has been detected in DDR3 and DDR4 DRAM chips and, when combined with other attacks, can be used to access the contents of memory on systems using vulnerable chips. The Google Project Zero team published details of its proof of concept code for exploits of Rowhammer on x86-64 Linux machines, but they wrote that the exploit was likely not specific to Linux systems.
Rowhammer accomplishes this manipulation by forcing the repeated reading and recharging of a row of capacitors in a DRAM chip. The repeated reading and recharging of a row happens when an attacker uses the machine code instruction Cache Line Flush (CLFLUSH) to clear the cache, as shown in the 2014 research paper from Carnegie Mellon University and Intel Labs researchers. Caching limits prevent bit flipping from occurring normally, so the repeated CLFLUSH overloads the system. When the bit flipping happens too often and in capacitor rows too close together, neighboring capacitors begin to interact electrically, and this opens up the opportunity to exploit the Rowhammer flaw.
Researchers at Intel became aware of Rowhammer in 2012 and filed patent applications that were publically disclosed, but the vulnerability didn't garner much attention until 2014 when the research paper was published. DRAM chips are an important part of most electronic devices, including those that are essential to computers. As such, DRAM vulnerabilities like Rowhammer cannot be fixed with basic security software or operating system (OS) updates. Rowhammer continues to be used in new attacks. Posted by: Margaret Rouse  Contributor(s): Madelyn Bacon Techtarget

Comments

Post a Comment

Popular posts from this blog

SAP ABAP: Capturing CHECK BOX event in FM REUSE_ALV_GRID_DISPLAY / Cell Editing

Image
Requirement: Show total number of rows selected as message whenever a user     click on a check box column in REUSE_ALV_GRID_DISPLAY. To accomplish this, we have to use EVENTS in REUSE_ALV_GRID_DISPLAY to capture changes made by the user. In data declaration: Data: gt_events  TYPE slis_t_event,         wa_events  TYPE slis_alv_event. */------------------------------------------------------------------------  FORM display_alv_report. */------------------------------------------------------------------------ gd_repid = sy-repid. Refresh: gt_events. wa_events-name = 'CALLER_EXIT'. wa_events-form = 'CALLER_EXIT'. APPEND wa_events TO gt_events. wa_events-name = 'DATA_CHANGED'. wa_events-form = 'DATA_CHANGED'. APPEND wa_events TO gt_events. CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'      EXPORTING           i_callback_program       = l_repid           I_CALLBACK_PF_STATUS_SET = 'SET_PF_STATUS'           I_CALLBACK_USER_CO
Read more

SAP ABAP: Smartforms/SAPscript formatting

Image
SAP Smartforms/SAPscript Smartforms Formatting Following are the few useful formatting options: Offset: N left-most characters of the symbol value will not be displayed. If symbol has the value 123456789, the following will be displayed: &symbol& -> 123456789 &symbol+3& -> 456789 &symbol+7& -> 89 &symbol+12& -> &symbol+0& -> 123456789   Output Length To define how many character positions should be copied from the value. If symbol has the value 123456789. &symbol(3)& -> 123 &symbol(7)& -> 1234567  The SYST-UNAME field contains the logon name of a user called Einstein. The Dictionary entry for this field contains an output length of 12. &SYST-UNAME&… -> Einstein… &SYST-UNAME(9)&… -> Einstein … &SYST-UNAME(*)&… -> Einstein … Omitting the Leading Sign The S option can be used to ensure that the value is formatted without the sign. The ITCDP-TDULPOS
Read more

SAP ABAP: Adding leading zero to char or string.

Here are the three ways to add leading zeros to a char or string. 1). Using numeric and character field with the same length. DATA: lv_Belnr(10) TYPE C VALUE '48',             lv_Num(10)   TYPE N. lv_Num =  lv_Belnr. ADD 1 TO  lv_Num. lv_Belnr  = lv_Num . WRITE  lv_Belnr. 2). Using FM CONVERSION_EXIT_ALPHA_INPUT. DATA: lv_Belnr(10) TYPE C VALUE '48'.   ADD 1 TO lv_Belnr.   CALL FUNCTION 'CONVERSION_EXIT_ALPHA_INPUT'            EXPORTING                    INPUT  = lv_Belnr                      IMPORTING                    OUTPUT = lv_Belnr.  3). Using UNPACK.  DATA: lv_Belnr(10) TYPE C VALUE '48'. ADD 1 TO lv_Belnr. UNPACK lv_Belnr TO lv_Belnr. That's all. Mabuhay!
Read more