Hello,
Any proposed method using SELinux to counter RowHammer attacks On Linux?
Unfortunately hardware based protection is no longer any use as the Row
Hammer attack evolved and bypassed hardware protection, and the
following paper defeats the protection mechanisms we took.
Any proposals?
Paper: Another Flip in the Wall of Rowhammer Defenses
https://arxiv.org/pdf/1710.00551.pdf
Note: Please consider sudo here is a sample, so just blocking sudo won't
help really.
QUOTE
XI. Conclusion
In this paper, we showed that even a combination of all state-of-the-art
Rowhammer defenses does not prevent Rowhammer attacks. Our novel attack
and exploitation primitives systematically undermine the assumptions of
all defenses. With one-location hammering, we showed that previous
assumptions on how the Rowhammer bug can be triggered are invalid and
keeping only one DRAM row constantly open is sufficient to induce bit
flips. With a slow-down factor of only 3.3, it is still on par with
previous (now mitigated) techniques. With opcode flipping, we bypass all
memory layout-based defenses by flipping bits in a predictable and
targeted way in the userspace sudo binary. We present 29 bit offsets,
each allowing an attacker to obtain root privileges in practice. With
memory waylaying, we present a reliable technique to replace conspicuous
and unstable memory spraying and grooming techniques. Coaxing the
operating system into relocating any binary page takes 2.68 s with our
stealth-optimized variant, and only 36.7 µs with our speed-optimized
variant. Finally, we leveraged Intel SGX to hide the full
privilege-escalation attack, making any inspection or detection of the
attack infeasible. Consequently, our attack evades all previously
proposed countermeasures for commodity systems
UNQUOTE
Best regards,
--
Patrick K.
