BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Drammer: Deterministic Rowhammer Attacks on Mobile Platforms - Kav
 eh Razavi\, Vrije Universiteit Amsterdam
DTSTART:20161104T131500Z
DTEND:20161104T141500Z
UID:TALK69034@talks.cam.ac.uk
CONTACT:Laurent Simon
DESCRIPTION:*Abstract*:\nRecent work shows that the Rowhammer hardware bug
  can be used\nto craft powerful attacks and completely subvert a system. H
 owever\,\nexisting efforts either describe probabilistic (and thus unrelia
 ble)\nattacks or rely on special (and often unavailable) memory management
 \nfeatures to place victim objects in vulnerable physical memory\nlocation
 s. Moreover\, prior work only targets x86 and researchers have\nopenly won
 dered whether Rowhammer attacks on other architectures\, such\nas ARM\, ar
 e even possible.\n\nWe show that deterministic Rowhammer attacks are feasi
 ble on commodity\nmobile platforms and that they cannot be mitigated by cu
 rrent defenses.\nRather than assuming special memory management features\,
  our attack\,\nDrammer\, solely relies on the predictable memory reuse pat
 terns of\nstandard physical memory allocators. We implement Drammer on\nAn
 droid/ARM\, demonstrating the practicability of our attack\, but also\ndis
 cuss a generalization of our approach to other Linux-based platforms.\nFur
 thermore\, we show that traditional x86-based Rowhammer exploitation\ntech
 niques no longer work on mobile platforms and address the resulting\nchall
 enges towards practical mobile Rowhammer attacks.\n\nTo support our claims
 \, we present the first Rowhammerbased Android root\nexploit relying on no
  software vulnerability\, and requiring no user\npermissions. In addition\
 , we present an analysis of several popular\nsmartphones and find that man
 y of them are susceptible to our Drammer\nattack. We conclude by discussin
 g potential mitigation strategies and\nurging our community to address the
  concrete threat of faulty DRAM chips\nin widespread commodity platforms.\
 n\n*Bio*:\nKaveh Razavi is a security researcher at the Vrije Universiteit
  Amsterdam in the Netherlands. He is currently mostly interested in reliab
 le exploitation and mitigation of hardware vulnerabilities and side-channe
 l attacks on OS/hardware interfaces. He has previously been part of a CERT
  team specializing on operating system security\, has worked on authentica
 tion systems of a Swiss bank\, and has spent two summers in Microsoft Rese
 arch building large-scale system prototypes. He holds a BSc from Sharif Un
 iversity of Technology\, Tehran\, an MSc from ETH Zurich and a PhD from Vr
 ije Universiteit Amsterdam.
LOCATION:Room SS03\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR