NSF-BSF: SaTC: Core: Small: row-hammering peripherals

The goal of this research proposal is to demonstrate that memory used by input/output (IO) devices such as computer network and storage hardware can be corrupted using standard unprivileged operations. Such devices, including solid state drives (SSD), network interface cards, and various “smart” devices, are effectively small computers themselves, consisting of processors and memory essential for correct device operation. In particular, device memory is accessed multiple times as part of handling each IO operation.

In research and industry, it is well known that memory chips consist of bits that require periodic data refresh (reading the data, and then writing it) to maintain their correct state. But if memory is accessed too quickly between refresh cycles then the stored state might become corrupted. In the past, only high—end processors had been capable of delivering sufficient memory access rates to cause the problem. However, recent advances in IO device speeds suggest that on—device memory might be vulnerable as well.

This proposal builds on our study that emulates the inner working of mi SSD in software and demon» strates that the proposed attack might be feasible. We propose to investigate whether full attacks on real high—end devices launched by unprivileged users can be successfully executed. The work will study the impact of system design choices, both on the central processor and the device processor, using both open and closed devices. Because it is difficult to protect memory entirely in hardware, this work proposes efficient defenses that incorporate both software and hardware.

Intellectual Merit:

The proposed work will demonstrate a new class of attacks against IO devices. This work will challenge common wisdom in system security, which typically assumes hardware is more trustworthy than software; yet in practice, much hardware is actually firmware that follows development practices that might be no better than other software in the trusted computing base. Further, this work will demonstrate that emerging high»speed software interfaces that bypass the operating system also create a new attack surface: It is cha.l» lenging to address these vulnerabilities, because hardware—only solutions have prohibitive performance and energy costs. The proposed work innovates in using defenses that incorporate both software and hardware.

Broader Impacts:

If successful, the proposed work will strengthen defense in depth of modern computing systems. High-end computer hardware devices are quickly becoming more common in cloud systems, and they can be challenging to program. The project will contribute teaching materials for programming these devices, which will be suitable for use at other institutions and made available to instructors upon request. The Pls have a strong track record of successful collaboration, including two prior NSF/BSF grants, multiple coau» thored top—tier publications, and leadership in SYSTOR, a conference regularly held in Israel that focuses on systems and storage: The project will train multiple students to work at the intersection of hardware security and OS design. The PIs will continue recruiting and involving undergraduates and students from under—represented groups. The PIs have a substantial history of successful technology transfer, with prior research results deployed in production cloud systems and over a hundred accepted commits to the Linux kernel. One graduate student and one perspective student are also NVIDIA/Mellanox employees, and their teams’ leadership intends to collaborate on the project (see included letter).