ECC Memory Not Safe from Rowhammer Attack
Researchers have proven for the first that that error-correcting code (ECC) memory can be affected by the same bit-flipping attack known as Rowhammer that plagues regular DRAM memory.
Rowhammer is a memory defect first documented in 2014 that occurs when a physical memory location is subjected to a large number or successive and rapid reads or writes—also known as hammering. Due to the compact nature of modern DRAM memory cells, this action can cause electronic charges to leak to adjacent locations, flipping their stored bits from 0 to 1 or the other way around.
Researchers from Google’s Project Zero showed in 2015 that this behavior can have security implications and, if triggered in a controlled manner, can be exploited for privilege escalation. Since then, researchers have demonstrated Rowhammer attacks against computers, mobile devices, virtual machines and cloud environments. They also showed that such attacks can be executed in browsers through JavaScript or directly over the network.
However, it was believed until now that ECC memory, which is typically used in servers and high-end systems, is safe from this type of attack because of its error-correcting engine. The ECC mechanism in the memory controller stores control bits in a separate memory chip and uses that information to correct real data if it becomes corrupted.
The ECC engine is able to correct one bit-flip and will cause a program to crash if it detects two bit-flips. This means that to perform a Rowhammer attack, one must trigger three bit-flips in a way that doesn’t trigger a crash, which was considered very difficult, if not impossible.
Researchers from the Systems and Network Security Group at Vrije Universiteit (VU) Amsterdam have now proven that assumption incorrect and have devised a Rowhammer attack for ECC memory that they’ve dubbed ECCploit.
“What we found is that we can detect that a bit has been corrected by means of a timing side channel,” the researchers said in a blog post. “Simply put: it will typically take measurably longer to read from a memory location where a bitflips needs to be corrected, than it takes to read from an address where no correction was needed. Thus, we can try each bit in turn, until we find a word in which we could flip three bits that are vulnerable. The final step is then to make all three bits in the two locations different and hammer one final time, to flip all three bits in one go: mission accomplished.”
In other words, the goal of the attack is to find bit flip combinations that the ECC engine cannot detect and correct. When the bit flips are directly observable by the attacker, the attack can be executed in around 32 minutes, but in noisier environments, it can take up to one week.
The attack can be executed from an unprivileged shell but is dependent on the hardware combination. Because of this, an attacker would first need to duplicate the target environment in a lab and use physical access methods to first reverse engineer the ECC engine locally.
The researchers demonstrated their attack on DDR3 memory, but believe that DDR4 is also vulnerable to the side-channel analysis. This doesn’t mean, however, that users should stop using ECC memory.
“ECC is a reliability mechanism!” the researchers said. “However, ECC cannot stop Rowhammer attacks for all hardware combinations. If the number of bit flips is sufficiently high, ECC will only slow down the attack.”
As far as how vulnerable DDR3 DIMMs are, it’s hard to say because it varies between different manufacturers, memory controller versions and memory die revision. On one of the tested DIMMs, the researchers found that 0.06 percent of the row candidates could trigger silent memory corruptions and thus enable the attack.
“We lack any information whether or not server vendors actively test their systems against Rowhammer and if they do, how effective/accurate is the test?” the researchers said. “Nevertheless, they acknowledge the problem and push firmware updates that increase the refresh of RAM in order to defend against Rowhammer. Therefore, choosing hardware compliant with the CPU manufacturers’ and server vendors’ guidelines and performing extra testing, is a safe approach.”
The researchers plan to present their work at the Symposium on Security & Privacy (S&P 2019) and have published a technical research paper with more details.
