At the end of last year, Prof. Dr. Florian Adamsky from the Institute of Information Systems (iisys) was awarded the contract for a research project involving the protection of RAM in laptops and PCs. According to the motto “more and more memory data in less and less space”, gigabytes of information are nowadays stored on DRAM chips. However, due to the associated increase in integration density of the chips, memory systems can be attacked. This attack, known as “Rowhammer”, has been known for more than ten years, but little research has been done on it. This is where the System and Network Security (SNS) research group at iisys comes in.
Professor Adamsky, first of all, congratulations on receiving the grant of 300,000 euros! The extraordinary thing about this is that it is a grant from the German Research Association, and it looks like only about one percent of the decided applications are assigned to universities of applied sciences – so that’s a great achievement! You submitted the application together with the Graz University of Technology – how did it come about?
“Thank you very much! In the course of a bachelor’s and master’s thesis by Martin Heckel, we dealt intensively with Rowhammer. However, the scope of such theses is limited and we really wanted to continue with our research. We had found mechanisms to amplify Rowhammer on DDR 3 (a somewhat older type of RAM) and wanted to check whether this also works with more modern RAM and how to fend off such attacks.”
We are talking about the Rowhammer attack, which has been known for some time. What is it about?
“In order to store data on RAM, a voltage must be constantly present. That’s why RAM is volatile, because when there’s no more voltage, the data is gone, for example, when the computer is off. Working memory is structured a bit like an Excel spreadsheet – in rows and columns. If you now cleverly read certain rows on the software side, it can happen that the voltage jumps from one row to the other, purely by reading the neighboring rows. This in turn can cause bits that are stored there to be changed. So a 0 becomes a 1 or vice versa. This sounds trivial at first, but it can have far-reaching consequences, for example if the bit determines whether the user has entered the right or the wrong password. Security researchers have shown that it is possible to get more privileges on a computer system than actually intended. Example: a normal user on a system can suddenly become an administrator.”
Also explain the name of the project “Neram”?
“NeRAM stands for “Next-Generation Rowhammer Attacks and Mitigations.” That is, we want to investigate where else Rowhammer occurs and how to effectively defend against such attacks, even if the hardware is vulnerable to Rowhammer. The underlying problem is the high integration density of DRAM’s memory chips, which decreases the distance between each memory cell compared to older systems. A hardware solution to this problem would mean a reduction in integration density, which would greatly reduce the memory capacity of the chips. Accordingly, it is not possible to solve the actual problem while providing the storage capacities that are common today.”
How many devices, i.e. laptops and PCs, do you estimate are potentially affected by the Rowhammer effect today?
“That’s hard to estimate because most studies so far had only ever looked at a small selection of memory. The study that had examined the most modules so far was in 2014 by Kim et. al. This had examined 129 main memories and of these, 110 were susceptible to Rowhammer. Whereby this study also dealt with the outdated DDR3 memory. Newer RAMs like DDR4 or DDR5 have partially integrated defenses, but security researchers have already bypassed them. This issue is indeed part of our research project.”
And what will your research contribution be?
The main goal of NeRAM is a deeper and more comprehensive understanding of the Rowhammer vulnerability.”
Prof. Dr. Florian Adamsky, IT Security Officer
“It is known that this effect can be exploited on DDR3 and DDR4. What about the new type of DDR5 memory? Modern graphics cards use a similar type of memory called GDDR6x. Can this effect also be exploited there? In addition, it is also not yet known which physical circumstances intensify this effect, such as temperature, electromagnetic radiation or simple aging? Think here of the smart home devices such as the smart refrigerator or a smart oven. In addition, we have a few ideas on how to prevent exploitation from leading to privilege escalation.”
The project is scheduled to run for three years. As the project begins now, what do you think will be the particular challenge over those three years?
“We have a lot planned and we hope the time will be enough to investigate everything.”
Is there anything we can do today as users to prevent attacks on our working memories?
“So far, this effect has not yet been found in malware. The operating system manufacturers have also already partially implemented measures to make it more difficult for attackers. The best advice is to keep the software on your computer up to date, including the BIOS firmware.”
Professor Adamsky, thank you very much for the interview.