Automated verification of Rowhammer mitigations (available)

Starting Date: June 2022
Prerequisites: Good knowledge of C
Will results be assigned to University: No

Rowhammer [1], first introduced in [2], is a security exploit that relies on electromagnetic side-effects happening in DRAM memories due to repeated accesses to the same row(s) in a short period of time. In fact, accessing the same row in the DRAM many times in a short span of time may cause electromagnetic interactions with adjacent rows, which in turn might cause unwanted changes in those rows. Researchers at Google have studied the problem and found that it can be exploited in practice by users to gain kernel privileges [3].

A number of mitigations have been devised, ranging from Error-Correction Codes to refreshing the memory more often. However, mitigations used by specific DRAM models or manufacturers are not known. Moreover, mitigations may happen at different levels: Software level such as the OS or Hardware level such as the MMU and the DRAM.

The goal of this project is to develop techniques to automatically test whether certain mitigations happen in the memory under investigation and how effective they are. Concretely, the student will implement a toy model of a DRAM mitigation and devise suitable tests to reverse-engineer the mitigation.

This work will be carried out in the context of the CLeVer (“Verification of Hardware Concurrency via Model Learning”) project, which aims to use AI to reverse-engineer hardware components in order to automatically check their correctness. The CLeVer project is in collaboration with ARM, world-leader in multi-core CPUs design.

[1] https://en.wikipedia.org/wiki/Row_hammer
[2] Flipping Bits in Memory Without Accessing Them:
An Experimental Study of DRAM Disturbance Errors
(https://dl.acm.org/doi/pdf/10.1145/2678373.2665726)
[3] https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html