Cloud providers are concerned that Rowhammer poses a critical threat to their servers.
Yet today they lack a systematic way to test whether the DRAM in their servers is vulnerable to these attacks.
Our work introduces an end-to-end methodology to determine if cloud servers are susceptible to Rowhammer attacks.
Our methodology must overcome two serious practical challenges:
First, it must hammer DRAM at an optimal rate.
We found that previous work hammers memory at suboptimal rates.
We develop an instruction sequence that leverages micro-architectural side-effects to hammer DRAM at an optimal rate on modern Intel server platforms.
Second, our methodology must hammer the DRAM rows physically adjacent to a victim row.
To determine adjacency, we build a hardware fault injector that lets us reverse engineer row adjacency for any DDR4 DIMM.
We successfully applied our methodology to three generations of servers from a major cloud provider.
Please watch our presentation at S&P 2020 to find out more!