[RAMBleed] Reading Bits in Memory Without Accessing Them - Overclock.net - An Overclocking Community

Forum Jump: 

[RAMBleed] Reading Bits in Memory Without Accessing Them

Reply
 
Thread Tools
post #1 of 16 (permalink) Old 06-12-2019, 05:56 AM - Thread Starter
New to Overclock.net
 
ibb27's Avatar
 
Join Date: Oct 2016
Posts: 222
Rep: 14 (Unique: 11)
[RAMBleed] Reading Bits in Memory Without Accessing Them

RAMBleed - New Rowhammer side-channel attack

https://rambleed.com

Quote:
RAMBleed is a side-channel attack that enables an attacker to read out physical memory belonging to other processes. The implications of violating arbitrary privilege boundaries are numerous, and vary in severity based on the other software running on the target machine. As an example, in our paper we demonstrate an attack against OpenSSH in which we use RAMBleed to leak a 2048 bit RSA key. However, RAMBleed can be used for reading other data as well.

RAMBleed is based on a previous side channel called Rowhammer, which enables an attacker to flip bits in the memory space of other processes. We show in our paper that an attacker, by observing Rowhammer-induced bit flips in her own memory, can deduce the values in nearby DRAM rows. Thus, RAMBleed shifts Rowhammer from being a threat not only to integrity, but confidentiality as well. Furthermore, unlike Rowhammer, RAMBleed does not require persistent bit flips, and is thus effective against ECC memory commonly used by server computers.
https://rambleed.com/docs/20190603-rambleed-web.pdf paper
ibb27 is offline  
Sponsored Links
Advertisement
 
post #2 of 16 (permalink) Old 06-12-2019, 06:06 AM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,266
Rep: 84 (Unique: 65)
Did some initial reading on it and it looks legit.

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *
Offler is offline  
post #3 of 16 (permalink) Old 06-12-2019, 06:22 AM
Top kek
 
Join Date: Oct 2013
Location: Bulgaria , Sofia
Posts: 3,353
Rep: 110 (Unique: 65)
Now, this is interesting. A RAM vulnerability. Wonder if the IMC of the CPUs has any say on this.

Previous Hardware:
Spoiler!
Desktop PC
(19 items)
CPU
AMD FX-8320
Motherboard
ASRock Fatal1ty 990FX Killer
GPU
Sapphire Nitro+ RX480
GPU
XFX RX470 Singlefan
GPU
MSI RX580 GamingX 4GB
RAM
Mushkin Redline 996996 2x4GB 2133Mhz
Hard Drive
Western Digital 160GB 7200RPM 8MB
Hard Drive
Maxtor 250GB 7200RPM 8MB
Hard Drive
Corsair Force LS
Hard Drive
WesternDigital Blue 500GB 7200RPM 16MB
Power Supply
Corsair TX850M
Cooling
ThermalTake Frio Silent 14
Case
ThermalTake View 27
Operating System
Windows 10 Enterprise 1607
Operating System
Linux Mint 17.3 Rosa
Monitor
AOC i2267FWH
Keyboard
Logitech K120
Mouse
Bloody V5
Audio
Corsair HS30 Raptor
▲ hide details ▲
ku4eto is offline  
Sponsored Links
Advertisement
 
post #4 of 16 (permalink) Old 06-12-2019, 06:25 AM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,266
Rep: 84 (Unique: 65)
Quote: Originally Posted by ku4eto View Post
Now, this is interesting. A RAM vulnerability. Wonder if the IMC of the CPUs has any say on this.
Different methods of memory scrambling... different metods of encryption... But apparently both major manufacturers are affected.

Funny thing is that when its performed on system with ECC memory, those will recognize the "flip" as a bug in data integrity and repair it, hiding any traces of the attack.

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *
Offler is offline  
post #5 of 16 (permalink) Old 06-12-2019, 06:32 AM
professional curmudgeon
 
looniam's Avatar
 
Join Date: Apr 2009
Posts: 9,452
Rep: 775 (Unique: 445)
bejesus whats next?

case fans?

Remember the golden rule of statistics: A personal sample size of one is a sufficient basis upon which to draw universal conclusions.
Upload the computer to Dropbox and provide a link to it so others may download it to examine and give advice for repairs.
loon 3.2
(18 items)
CPU
i7-3770K
Motherboard
Asus P8Z77-V Pro
GPU
EVGA 980TI SC+
RAM
16Gb PNY ddr3 1866
Hard Drive
PNY 1311 240Gb
Hard Drive
1 TB Seagate
Hard Drive
3 TB WD Blue
Optical Drive
DVD DVDRW+/-
Power Supply
EVGA SuperNova 750 G2
Cooling
EKWB P280 kit
Cooling
EK-VGA supremacy
Case
Stryker M [hammered and drilled]
Operating System
Win X
Monitor
LG 24MC57HQ-P
Keyboard
Ducky Zero [blues]
Mouse
corsair M65
Audio
SB Recon3D
Audio
Klipsch ProMedia 2.1
▲ hide details ▲


looniam is offline  
post #6 of 16 (permalink) Old 06-12-2019, 06:33 AM
News Fiend
 
ryan92084's Avatar
 
Join Date: Oct 2015
Location: 'merica
Posts: 1,936
Rowhammer the gift that keeps on giving since 2014. This should mainly an issue for mobile now since most desktops have decent mitigations.

Meh '12
(13 items)
CPU
Ryzen 2600x
Motherboard
ASUS Crosshair VII Hero
GPU
XFX Fury X
RAM
G.SKILL TridentZ Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 3200 F4-3200C14D-16GTZSW
Hard Drive
SAMSUNG 970 PRO M.2 2280 512GB PCIe Gen3. X4, NVMe
Hard Drive
Samsung 850 Pro-Series
Hard Drive
Seagate 4TB Enterprise NAS SATA (ST4000VN0001)
Hard Drive
WD Black 1TB Performance Desktop Hard Drive WD1003FZEX
Power Supply
SEASONIC PLATINUM-860 860W RT
Cooling
Black Ice Nemesis 360GTS Radiator x2
Cooling
Monsoon MMRS Reservoir + D5 pump + mountings
Cooling
XSPC Raystorm Neo Metal
Cooling
EKWB Fury X
Cooling
Monsoon Free Center 1/2ID 3/4OD fittings + Rotaries + plug + Temp probe
Cooling
BeQuiet SilentWings 3 High Speed PWM x 9
Case
Lian Li PC-O11 Dynamic
Operating System
Windows 10 Pro
Monitor
LG 27" IPS 27UK650
Keyboard
Massdrop CTRL
Mouse
Logitech g403
Mousepad
HAYATE KOU FX SOFT NINJA Black L
Audio
Blue Yeti Black
Audio
Massdrop x AKG K7XX
Other
LIAN LI O11D-1X ,Riser Cable and cover bracket for PC-O11D
CPU
i5 3570k
Motherboard
Z77x-UD5H
GPU
Zotac 670 GTX AMP!
RAM
G.Skill f3-2400c10D-16gtx
Hard Drive
Samsung 850 Pro 128GB
Optical Drive
Some old thing
Power Supply
Seasonic platinum 860w
Cooling
Custom water
Case
Customized Thermaltake Armor
Operating System
Win 10 pro
Monitor
Dell U2413
Keyboard
Ducky Shine
Mouse
Logi G502
▲ hide details ▲


ryan92084 is offline  
post #7 of 16 (permalink) Old 06-12-2019, 06:39 AM
Tank destroyer and a god
 
Offler's Avatar
 
Join Date: Dec 2012
Posts: 2,266
Rep: 84 (Unique: 65)
Quote: Originally Posted by ryan92084 View Post
Rowhammer the gift that keeps on giving since 2014. This should mainly an issue for mobile now since most desktops have decent mitigations.
Apparently they realized few vulnerabilities in the mitigations, such as single random seed on boot. But anyway the old method is still a threat for the data integrity.

--- Building in progress * AMD Threadripper 1900x * Asrock X399M Taichi * Radeon VII * Gskill Xflare / Samsung B-die 3200 14-14-14-32 * Samsung 970 PRO 512gb * Fractal Design Node 804 * Seasonic Prime Ultra 850 Titanium *
--- Desktop * AMD Phenom II x6 1090t @ 3,8GHz * ASUS M5A99FX PRO R2.0 * Gigabyte R9 FuryX * A-Data XPG 2.0 / Elpida Hyper MNH 1866 @ 1600 6-6-6-18 * LSI 9211-8i / Raid 0 / 5x Corsair Force 3 GS * Creative Xfi Fatal1ty * Intel I210-T1 * Steelseries 6Gv2 * Logitech MX518 * Samsung U28E590D *
Offler is offline  
post #8 of 16 (permalink) Old 06-12-2019, 06:40 AM - Thread Starter
New to Overclock.net
 
ibb27's Avatar
 
Join Date: Oct 2016
Posts: 222
Rep: 14 (Unique: 11)
More dense RAM, bigger chance to bleed:
Type Probability
Double-sided RAMBleed 68.89%
Single-sided RAMBleed 28.22%

All RAM manufacturers have to implement Targeted Row Refresh tech in the DDR4 modules to mitigate it.
ibb27 is offline  
post #9 of 16 (permalink) Old 06-12-2019, 06:46 AM
News Fiend
 
ryan92084's Avatar
 
Join Date: Oct 2015
Location: 'merica
Posts: 1,936
Quote: Originally Posted by Offler View Post
Apparently they realized few vulnerabilities in the mitigations, such as single random seed on boot. But anyway the old method is still a threat for the data integrity.
I was referring to increasing the refresh speed which is effective but uses too much power to be practical on mobile devices.
Quote: Originally Posted by ibb27 View Post
More dense RAM, bigger chance to bleed:
Type Probability
Double-sided RAMBleed 68.89%
Single-sided RAMBleed 28.22%

All RAM manufacturers have to implement Targeted Row Refresh tech in the DDR4 modules to mitigate it.
TRR is only a partial mitigation according to the paper.

Meh '12
(13 items)
CPU
Ryzen 2600x
Motherboard
ASUS Crosshair VII Hero
GPU
XFX Fury X
RAM
G.SKILL TridentZ Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM DDR4 3200 F4-3200C14D-16GTZSW
Hard Drive
SAMSUNG 970 PRO M.2 2280 512GB PCIe Gen3. X4, NVMe
Hard Drive
Samsung 850 Pro-Series
Hard Drive
Seagate 4TB Enterprise NAS SATA (ST4000VN0001)
Hard Drive
WD Black 1TB Performance Desktop Hard Drive WD1003FZEX
Power Supply
SEASONIC PLATINUM-860 860W RT
Cooling
Black Ice Nemesis 360GTS Radiator x2
Cooling
Monsoon MMRS Reservoir + D5 pump + mountings
Cooling
XSPC Raystorm Neo Metal
Cooling
EKWB Fury X
Cooling
Monsoon Free Center 1/2ID 3/4OD fittings + Rotaries + plug + Temp probe
Cooling
BeQuiet SilentWings 3 High Speed PWM x 9
Case
Lian Li PC-O11 Dynamic
Operating System
Windows 10 Pro
Monitor
LG 27" IPS 27UK650
Keyboard
Massdrop CTRL
Mouse
Logitech g403
Mousepad
HAYATE KOU FX SOFT NINJA Black L
Audio
Blue Yeti Black
Audio
Massdrop x AKG K7XX
Other
LIAN LI O11D-1X ,Riser Cable and cover bracket for PC-O11D
CPU
i5 3570k
Motherboard
Z77x-UD5H
GPU
Zotac 670 GTX AMP!
RAM
G.Skill f3-2400c10D-16gtx
Hard Drive
Samsung 850 Pro 128GB
Optical Drive
Some old thing
Power Supply
Seasonic platinum 860w
Cooling
Custom water
Case
Customized Thermaltake Armor
Operating System
Win 10 pro
Monitor
Dell U2413
Keyboard
Ducky Shine
Mouse
Logi G502
▲ hide details ▲


ryan92084 is offline  
post #10 of 16 (permalink) Old 06-12-2019, 03:21 PM
New to Overclock.net
 
EniGma1987's Avatar
 
Join Date: Sep 2011
Posts: 6,214
Rep: 335 (Unique: 245)
Quote: Originally Posted by Offler View Post
Funny thing is that when its performed on system with ECC memory, those will recognize the "flip" as a bug in data integrity and repair it, hiding any traces of the attack.

EniGma1987 is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off