toplogo
Log på
indsigt - Computer Security - # Rowhammer Attacks

Rowhammer Instruction Skip Attack: Bypassing Security Checks and Encryption in Real-World Applications

Kernekoncepter
The LeapFrog attack leverages Rowhammer-induced bit flips in the Program Counter (PC) value stored in the stack to subvert the control flow of victim processes, enabling the bypass of security-critical code sections such as authentication checks and encryption routines.
Resumé
The paper introduces a novel Rowhammer attack vector called LeapFrog gadgets, which target the Program Counter (PC) value stored in the user or kernel stack during function calls and context switches. By strategically flipping bits in the PC, an attacker can redirect the execution flow to bypass security-critical code sections, such as authentication checks and encryption routines. The authors present a systematic methodology to identify LeapFrog gadgets, implemented in a tool called MFS (Multidimensional Fault Simulator). MFS uses dynamic binary instrumentation and analysis to detect potential LeapFrog gadgets in target binaries. It simulates bit flips in the PC value and observes the resulting changes in program behavior, such as authentication bypass or encryption skipping. The paper demonstrates the feasibility of the LeapFrog attack through practical experiments on three real-world applications: OpenSSL, sudo, and a TLS handshake scenario. In the OpenSSL case, the attack was able to bypass encryption for 36 different ciphers, revealing the plaintext. For sudo, the attack enabled privilege escalation by bypassing the password authentication check. In the TLS handshake scenario, the attack successfully induced an instruction skip, allowing the client to bypass the server's authentication. The findings in this paper extend the impact of Rowhammer attacks on control flow and contribute to the development of more robust defenses against these increasingly sophisticated threats.
Statistik
None.
Citater
"We introduce the concept of LeapFrog gadgets, which allows an attacker to bypass security critical areas of code by faulting the PC value stored in stack." "We validate the feasibility of this attack in practical scenarios by successfully bypassing a TLS handshake in standard OpenSSL implementations." "We introduce the first simulation tool designed to identify LeapFrog gadgets. This tool represents an improvement over existing methodologies by systematically analyzing binaries with our Intel Pin-based tool called MFS and incorporating time-domain analysis in simulations."

Vigtigste indsigter udtrukket fra

LeapFrog

by Andrew Adile... kl. arxiv.org 04-12-2024

https://arxiv.org/pdf/2404.07878.pdf
LeapFrog

Dybere Forespørgsler

How can the proposed LeapFrog attack be mitigated in a generic and comprehensive manner, considering the diverse attack surfaces and the role of third-party libraries?

The LeapFrog attack, which leverages Rowhammer-induced bit flips to manipulate the Program Counter (PC) and control flow in a program, presents a significant security challenge. Mitigating this attack requires a multi-faceted approach: Memory Protections: Implementing robust memory protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) can help in reducing the impact of memory-based attacks like Rowhammer. By randomizing memory layouts and preventing the execution of data, the attack surface can be minimized. Hardware Mitigations: Hardware-level mitigations like TRR (Target Row Refresh) can help in detecting and preventing Rowhammer attacks by refreshing rows more frequently. Additionally, advancements in memory technologies that are less susceptible to Rowhammer effects can be explored. Software Hardening: Ensuring secure coding practices, regular code audits, and using secure libraries can help in reducing vulnerabilities that can be exploited by Rowhammer attacks. Third-party libraries should be regularly updated and validated for security vulnerabilities. Behavioral Analysis: Implementing behavior-based anomaly detection mechanisms can help in identifying unusual patterns in program execution that might indicate a potential attack. Monitoring system behavior for unexpected control flow changes can aid in detecting and mitigating such attacks. Privilege Separation: Limiting the privileges of different components within a system can help in containing the impact of an attack. By segregating critical components and enforcing the principle of least privilege, the attack surface can be minimized. Continuous Monitoring: Regularly monitoring system behavior, memory access patterns, and control flow can help in detecting and responding to potential attacks in real-time. Intrusion detection systems and security monitoring tools play a crucial role in identifying and mitigating such threats. By combining these strategies and adopting a holistic approach to security, organizations can enhance their resilience against LeapFrog attacks and similar control flow manipulation techniques.
0
visual_icon
generate_icon
translate_icon
scholar_search_icon
star
Om
Produkter | Ressourcer
Indsigter
DiscordYoutubeXMedium

© 2024 by Linnk AI