Practice English Speaking&Listening with: Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers

Cloud providers are concerned that Rowhammer poses a critical threat to their servers.

Yet today they lack a systematic way to test whether the DRAM in their servers is vulnerable to these attacks.

Our work introduces an end-to-end methodology to determine if cloud servers are susceptible to Rowhammer attacks.

Our methodology must overcome two serious practical challenges:

First, it must hammer DRAM at an optimal rate.

We found that previous work hammers memory at suboptimal rates.

We develop an instruction sequence that leverages micro-architectural side-effects to hammer DRAM at an optimal rate on modern Intel server platforms.

Second, our methodology must hammer the DRAM rows physically adjacent to a victim row.

To determine adjacency, we build a hardware fault injector that lets us reverse engineer row adjacency for any DDR4 DIMM.

We successfully applied our methodology to three generations of servers from a major cloud provider.

Please watch our presentation at S&P 2020 to find out more!