Hard-to-patch problems: Exploitability of the DRAM rowhammer bug and cache timing side channels
When is a sandbox safe to use? Hardware sometimes does unexpected things which break security. Even accessing memory can be fraught with peril.
Recent research has covered two memory-related issues: With the "rowhammer" bug, repeated accesses to one page in memory can cause bit flips in another page. While most people assumed this was only a reliability issue, we showed that it is practically exploitable. With cache side channel attacks, timing memory accesses reveals information about what other processes are doing and can be used to exfiltrate data.
As software-level sandboxes get better, attackers are likely to turn to exploiting more esoteric issues, such as where the hardware doesn't meet its spec, as with rowhammer -- or where the spec is silent, as with cache side channels.
In both of these cases, knowledge of microarchitectural details such as the CPU's cache eviction policy makes attacks easier. We look forward to seeing more of these details documented, since it will make it easier to evaluate systems' security.
Mark Seaborn usually works on sandboxing. He has worked on a couple of different Linux sandboxes, plus the Native Client (NaCl) sandbox used in Google Chrome for running native code on the web across multiple OSes and architectures. Mark has found various vulnerabilities in the NaCl sandbox, and, lately, has been writing proof-of-concept exploits for the bugs he finds. After learning about the rowhammer DRAM bug, Mark showed that it is exploitable. Further investigations have led Mark into the murky world of timing side channel vulnerabilities.
The top photo is provided by Kyoto Free Photo Materials .