Prof. Dr. Florian Adamsky, Professor of IT Security at Hof University of Applied Sciences, Prof. Dr. Daniel Gruss from Graz University of Technology and Martin Heckel, research associate at the Institute for Information Systems (iisys) at Hof University of Applied Sciences were recently guests at the 38th Chaos Communication Congress (38c3) in Hamburg, where they reported to an expert audience on the well-known Rowhammer security vulnerability in the IT sector (“campuls-digital” reported). Volunteers are now being sought for a research project on the topic.
The Chaos Communication Congress (CCC) is an annual conference organized by the Chaos Computer Club, one of the best-known and oldest hacker associations in Europe. The event provides a platform for the exchange of knowledge and ideas on topics such as technology, IT security, data protection, net politics, science, culture and society. The congress attracts a broad audience of hackers, technology enthusiasts, researchers and artists.
“Rowhammer – the story of a security vulnerability”
In their presentation “Ten Years of Rowhammer: A Retrospect and Path to the Future” , the three researchers offered a comprehensive review of the discovery, development and significance of the Rowhammer vulnerability in the field of computer security. Rowhammer was discovered about a decade ago and describes a cyber attack that exploits the physical properties of DRAM.
Nowadays, gigabytes of information are stored on DRAM chips according to the motto “more and more memory data in less and less space”. However, due to the associated increase in the integration density of the chips, memory systems can be attacked. By repeatedly writing to certain memory cells, neighboring cells can be unintentionally modified, which can lead to data corruption and potential security vulnerabilities.”
Prof. Dr. Florian Adamsky
Adamsky, Gruss and Heckel first explained the technical basics of Rowhammer and highlighted how advances in memory technology – in particular the miniaturization of DRAM cells – have increased the vulnerability to attack. They then showed the development of various Rowhammer attack variants, including advanced techniques that take advantage of specific hardware or software constellations.
Countermeasures and prospects
Another focus was on the countermeasures that have been developed over the years, such as ECC memory, special protection mechanisms at hardware level or software-based solutions. Finally, the limitations of these approaches were also discussed.
Finally, the presentation offered a perspective on the future: What challenges will the further development of storage technologies bring? What security strategies could protect against rowhammers and similar attacks in the long term? Overall, the presentation provided valuable insights into the interaction between hardware security and innovation, as well as the ongoing need to address physical and digital vulnerabilities together.
Participants wanted for research project
Meanwhile, the Hof University of Applied Sciences is looking for volunteers for a research project on the topic of Rowhammer: The FLIPPYR.AM project is investigating the spread of the Rowhammer vulnerability in real systems. “Participants can either download an ISO image via the website or receive a pre-installed USB stick and should boot the operating system on it and carry out a test. This test takes at least 3 hours, but 8 hours is recommended,” says Prof. Dr. Florian Adamsky.
To participate, simply contact Prof. Dr. Florian Adamsky. All information on participating in the project can be found here. There are T-shirts and shopping vouchers to be won.
The FLIPPYR.AM research project is funded by the German Research Foundation (DFG) and is scheduled to run for a total of three years.