Kaveh Razavi's research while affiliated with ETH Zurich and other places

Publications (36)

Preprint
Full-text available
The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but...
Preprint
Full-text available
DRAM is the dominant main memory technology used in modern computing systems. Computing systems implement a memory controller that interfaces with DRAM via DRAM commands. DRAM executes the given commands using internal components (e.g., access transistors, sense amplifiers) that are orchestrated by DRAM internal timings, which are fixed foreach DRA...
Conference Paper
Full-text available
To enable app interoperability, the Android platform exposes installed application methods (IAMs), i.e., APIs that allow developers to query for the list of apps installed on a user's device. It is known that information collected through IAMs can be used to precisely deduce end-users interests and personal traits, thus raising privacy concerns. In...
Preprint
After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the RowHammer problem: Target Row Refresh (TRR). A common belief among practitioners is that, for the latest generation of DDR4 systems that are protected by TRR, RowHammer is no longer an issue...
Conference Paper
Full-text available
We present Rogue In-flight Data Load (RIDL) 1 , a new class of unprivileged speculative execution attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations perv...
Preprint
Full-text available
DRAM manufacturers have been prioritizing memory capacity, yield, and bandwidth for years, while trying to keep the design complexity as simple as possible. DRAM chips are passive elements that store data, but they do not carry out any computation or other important function in the system, such as security. Processors implement and execute most of...
Preprint
Full-text available
Synchronous Mirroring (SM) is a standard approach to building highly-available and fault-tolerant enterprise storage systems. SM ensures strong data consistency by maintaining multiple exact data replicas and synchronously propagating every update to all of them. Such strong consistency provides fault tolerance guarantees and a simple programming m...
Chapter
Full-text available
With software becoming harder to compromise due to modern defenses, attackers are increasingly looking at exploiting hardware vulnerabilities such as Rowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software d...
Chapter
Full-text available
Over the last two years, the Rowhammer bug transformed from a hard-to-exploit DRAM disturbance error into a fully weaponized attack vector. Researchers demonstrated exploits not only against desktop computers, but also used single bit flips to compromise the cloud and mobile devices, all without relying on any software vulnerability.
Conference Paper
Full-text available
To reduce memory pressure, modern operating systems and hypervisors such as Linux/KVM deploy page-level memory fusion to merge physical memory pages with the same content (i.e., page fusion). A write to a fused memory page triggers a copy-on-write event that unmerges the page to preserve correct semantics. While page fusion is crucial in saving mem...
Conference Paper
Recent hardware-based attacks that compromise systems with Rowhammer or bypass address-space layout randomization rely on how the processor's memory management unit (MMU) interacts with page tables. These attacks often need to reload page tables repeatedly in order to observe changes in the target system's behavior. To speed up the MMU's page table...
Conference Paper
With increasing concerns about the security and trustworthiness of embedded devices, the importance of research on their firmware is growing. Unfortunately, researchers with new ideas for improving the security of these devices (e.g., fuzzing) or studying adversarial scenarios (e.g., malware) face massive hurdles when applying them to actual hardwa...
Conference Paper
Full-text available
Recent work shows that the Rowhammer hardware bug can be used to craft powerful attacks and completely subvert a system. However, existing efforts either describe probabilistic (and thus unreliable) attacks or rely on special (and often unavailable) memory management features to place victim objects in vulnerable physical memory locations. Moreover...
Conference Paper
Full-text available
We introduce Flip Feng Shui (FFS), a new exploitation vector which allows an attacker to induce bit flips over arbitrary physical memory in a fully controlled way. FFS relies on hardware bugs to induce bit flips over memory and on the ability to surgically control the physical memory layout to corrupt attacker-targeted data anywhere in the software...
Conference Paper
Memory deduplication, a well-known technique to reduce the memory footprint across virtual machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 operating systems. Deduplication maps multiple identical copies of a physical page onto a single shared copy with copy-on-write semantics. As a result, a write to such a shared p...
Conference Paper
Rack-scale computers, comprising a large number of micro-servers connected by a direct-connect topology, are expected to replace servers as the building block in data centers. We focus on the problem of routing and congestion control across the rack's network, and find that high path diversity in rack topologies, in combination with workload divers...
Conference Paper
Rack-scale computers, comprising a large number of micro-servers connected by a direct-connect topology, are expected to replace servers as the building block in data centers. We focus on the problem of routing and congestion control across the rack's network, and find that high path diversity in rack topologies, in combination with workload divers...
Article
IaaS clouds promise instantaneously available resources to elastic applications. In practice, however, virtual machine (VM) start up times are in the order of several minutes, or at best, several tens of seconds, negatively impacting the elasticity of applications like Web servers that need to scale out to handle dynamically increasing load. VM sta...
Conference Paper
Interactive High Performance Computing (HPC) workloads take advantage of the elasticity of clouds to scale their computation based on user demand by dynamically provisioning virtual machines during their runtime. As in this case users require the results of their computation in a short time, the time to start the provisioned virtual instances becom...
Article
In IaaS clouds, virtual machines are booted on demand from user-provided disk images. Both the number of virtual machine images (VMIs) and their large size(GBs), challenge storage and network transfer solutions, and lead to perceivably slow VM startup times. In previous work, we proposed using small VMI caches (O(100MB)) that contain those parts of...
Conference Paper
Elastic cloud applications rely on fast virtual machine (VM) startup, e.g. when scaling out for handling increased workload. While there have been recent studies into the VM startup time in clouds, the effects of the VM image (VMI) disk size and its contents are little understood. To fill this gap, we present a detailed study of these factors on Am...
Article
In IaaS clouds, VM startup times are frequently perceived as slow, negatively impacting both dynamic scaling of web applications and the startup of high-performance computing applications consisting of many VM nodes. A significant part of the startup time is due to the large transfers of VM image content from a storage node to the actual compute no...

Citations

... Tesseract, proposed by Bentov et al., is an exchange preventing front-running attacks by leveraging a trusted execution environment [3]. However, this approach brings an unreliable centralized component subject to a single point of failure and compromise [38,48]. ...
... Many works [3,4, demonstrate that RowHammer is a serious security vulnerability that can be exploited to mount system-level attacks, such as escalating privilege or leaking private data. To make matters worse, recent experimental studies on real DRAM chips [3,8,9,11,12,36,37,43] find that the RowHammer vulnerability is more severe in newer DRAM chip generations. For example, 1) the minimum aggressor row activation count necessary to cause a RowHammer bit flip (HC f irst ) is only 4.8K and 10K for some newer LPDDR4 and DDR4 DRAM chips (manufactured in 2019-2020), which is 14.4× and 6.9× lower than the HC f irst of 69.2K for some older DRAM chips (manufactured in 2010-2013) [11]; and 2) the fraction of DRAM cells that experience a bit flip in a DRAM row (BER) after hammering two aggressor rows for 30K times is 2 × 10 −6 for some newer DRAM chips from 2019-2020, which is 500× larger than that for some other older chips manufactured in 2016-2017 (4 × 10 −9 ) [11]. ...
... CLR-DRAM allows switching between the two states on the order of nanoseconds, providing a new and highly recon gurable substrate for future research to build upon. Next, I worked with Lois Orosa to develop CODIC [454] a substrate that exposes ne-grained internal DRAM access timings to the programmer. Using these access timings, the programmer can implement a wide range of features, such as a physically unclonable function and a cold boot attack prevention mechanism. ...
... Jang et al. [20] used hardware transactional memory to observe the same effect. Other software-based side channel attacks exploited predictors [13], [28], side channels introduced by mitigations against other attacks [9], the power consumption of the processor [29], and other microarchitectural properties [17], [25], [14], even from JavaScript [15], [8]. As a consequence of these local attacks on KASLR, operating system vendors but also parts of the academic community considered KASLR only as a defense against remote attackers. ...
... Jang et al. [20] used hardware transactional memory to observe the same effect. Other software-based side channel attacks exploited predictors [13], [28], side channels introduced by mitigations against other attacks [9], the power consumption of the processor [29], and other microarchitectural properties [17], [25], [14], even from JavaScript [15], [8]. As a consequence of these local attacks on KASLR, operating system vendors but also parts of the academic community considered KASLR only as a defense against remote attackers. ...
... Most schemes are susceptible to malware attacks and some popular forms, like OTP, are also vulnerable to real-time phishing, in which an adversary arXiv:2206.13358v1 [cs.CR] 27 Jun 2022 relays authentication details from a fake website to a legitimate one [7], [8]. ...
... A rowhammer can be caused intentionally using software, and escalation [5], fault [6], and denial-of-service attacks [7] based on this phenomenon have been demonstrated. The target row refresh (TRR) function was developed as a countermeasure to provide resilience against rowhammer attacks; however, attacks such as SMASH [8], TRRespass [9], and Blacksmith [10] have since been devised to circumvent TRR and trigger the rowhammer effect. As rowhammer is a hardware-dependent vulnerability, it will persist until the vulnerable DRAM is replaced with a new DRAM featuring countermeasures, making it a significant problem that threatens computer-system security. ...
... Another attack vectors are network side-channel attacks, such as NetCAT [49], and rowhammer attacks over the network [73]. In these attacks, an adversary does not have to run malware on the computer but instead sends malicious network packages that modern network cards place directly in the main memory. ...
... Third-party applications Privacy issues can also be caused by side-channel leakages from legitimate applications. For example, it is common for Android applications to silently request the list of other installed applications [26]. This is usually done by the advertisement libraries by using an official Android API. ...
... While most existing transient execution attacks rely on stateful covert channels, such as cache-based ones (Flush+ Reload [44], Prime+Probe [34]), recently researchers have investigated contention-based channels among the hardware threads within a single physical core [6,11,15]. These contention-based channels exploit the fact that use of the shared hardware resources (ports, functional units) from one thread will affect the performance of the other thread that tries to use the same shared hardware resources. ...