Version 1.5b Castle in the Sky
lecture: Rowhammer.js: Root privileges for web apps?
A tale of fault attacks on DRAM and attacks on CPU caches
"Insanity: doing the same thing over and over again and expecting different results."
Albert Einstein - Who did not live long enough to see Rowhammer
Last year, studies demonstrated Rowhammer, a fault attack that can cause random bit flips by repeatedly accessing DRAM rows. This vulnerability has already been exploited to gain root privileges and to evade a sandbox, showing the severity of faulting single bits for security. However, these exploits are written in native code and use special instructions that flush data from the cache.
In the last part, we extend our presentation with an overview of cache attacks, bridging the gap between hardware-fault attacks and side channels. In side-channel attacks, the attacker doesn't rely on a direct software compromise, but rather on passive observation of hardware characteristics when a victim process runs. In common with Rowhammer.js, these attacks use techniques to evict data from the last-level cache.
Start time: 18:15
Room: Hall 1