NSF-BSF: SaTC: CORE: Small: Rowhammering Peripherals

This project studies an emerging, potential attack vector against modern computer systems: vulnerable peripheral devices, such as flash storage or network devices. Many modern computer memory (Random Access Memory, or RAM) designs are vulnerable to a rowhammering attack, where some regions of memory can be corrupted by repeated accesses from application code. This project observes that peripheral devices are no longer purely hardware, but instead have their own internal CPU and RAM, which can also be attacked---indirectly---through heavy input/output (I/O) operations. The novelties of this project are demonstrating a proof-of-concept that one can potentially deny service or gain administrative privilege on a system through vulnerable peripheral devices, as well as creating strategies to mitigate these attacks. The project's broader significance and importance is hardening the security of modern computing systems, especially cloud computing, where different users may share vulnerable hardware.

This project studies rowhammering the internal RAM in modern peripherals, using only standard, unprivileged I/O operations at the high bandwidths offered by these peripherals. The project studies practical attacks on Solid State Drives (SSDs), traditional Network Interface Cards (NICs), and emerging SmartNICs, launched by unprivileged users, such as a guest virtual machine in a multi-tenant cloud system, and using only standard I/O patterns. The work studies the impact on vulnerability to this attack of design choices in both device firmware and operating system device drivers, using both open and closed devices, and, in the case of SmartNICs, using both custom and standard network offload functions. Because it is difficult to defend against rowhammering entirely in hardware, the proposed work innovates in efficient, software/hardware cooperative defenses, which can potentially improve future peripheral hardware designs.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.