JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms

12/24/2019
by   Zane Weissman, et al.
0

After years of development, FPGAs are finally making an appearance on multi-tenant cloud servers. These heterogeneous FPGA-CPU architectures break common assumptions about isolation and security boundaries. Since the FPGA and CPU architectures share hardware resources, a new class of vulnerabilities requires us to reassess the security and dependability of these platforms. In this work, we analyze the memory and cache subsystem and study Rowhammer and cache attacks enabled on two proposed heterogeneous FPGA-CPU platforms by Intel: the Arria 10 GX with an integrated FPGA-CPU platform, and the Arria 10 GX PAC expansion card which connects the FPGA to the CPU via the PCIe interface. We show that while Intel PACs currently are immune to cache attacks from FPGA to CPU, the integrated platform is indeed vulnerable to Prime and Probe style attacks from the FPGA to the CPU's last level cache. Further, we demonstrate JackHammer, a novel and efficient Rowhammer from the FPGA to the host's main memory. Our results indicate that a malicious FPGA can perform twice as fast as a typical Rowhammer attack from the CPU on the same system and causes around four times as many bit flips as the CPU attack. We demonstrate the efficacy of JackHammer from the FPGA through a realistic fault attack on the WolfSSL RSA signing implementation that reliably causes a fault after an average of fifty-eight RSA signatures, 25 In some scenarios our JackHammer attack produces faulty signatures more than three times more often and almost three times faster than a conventional CPU rowhammer attack.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
02/09/2018

Parallelizing Workload Execution in Embedded and High-Performance Heterogeneous Systems

In this paper, we introduce a software-defined framework that enables th...
research
06/23/2020

CacheOut: Leaking Data on Intel CPUs via Cache Evictions

Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoa...
research
08/15/2022

ECI: a Customizable Cache Coherency Stack for Hybrid FPGA-CPU Architectures

Unlike other accelerators, FPGAs are capable of supporting cache coheren...
research
11/21/2022

A Tale of Frozen Clouds: Quantifying the Impact of Algorithmic Complexity Vulnerabilities in Popular Web Servers

Algorithmic complexity vulnerabilities are a class of security problems ...
research
02/08/2022

CVA6's Data cache: Structure and Behavior

Since Spectre and Meltdown's disclosure in 2018, a new category of attac...
research
10/01/2019

Interdiction in Practice – Hardware Trojan Against a High-Security USB Flash Drive

As part of the revelations about the NSA activities, the notion of inter...
research
05/22/2018

You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass

A recent discovery of a new class of microarchitectural attacks called S...

Please sign up or login with your details

Forgot password? Click here to reset