COMSM0049

Week 6 Homework

As always, skim the lot of the reading, and go into more detail if there are things you’re particularly interested in or which I didn’t explain well in the lecture. Whilst the required reading isn’t going to necessarily appear directly in the exam, being able to illustrate any points you make from the core lectures with examples from the reading or using it to give wider context is always going to be worth a mark or two.

• Go watch Mark Seaborn and Halvar Flake’s Blackhat talk about Rowhammer: Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges (because primary sources are always better than secondary ones ;-))

• Go skim Google’s Project Zero disclosure of the Spectre and Meltdown vulnerabilities: Reading privileged memory with a side-channel (primary sources are cool and all but there is far more information here than you need, especially about branch prediction)

Exercises

1. Why do you need to flush the cache in order to exploit the Rowhammer vulnerability? (5 marks)

2. One approach to mitigating the Spectre and Meltdown attacks is to disable symmetric multithreading. The OpenBSD operating system does this by default, and most other operating systems now provide a mechanism to do so too. Alice has their own laptop which only they use. They would rather have the performance boost over the increased security. Are they right? (15 marks)

Answers (do not check this before you try to answer the exercices alone)

1. Rowhammer works by repeatedly discharging the capacitors implementing RAM by reading and writing repeatedly (2). If there is a cache in the way then the first read will go to the RAM but subsequent ones will go to the cache (2) Consequently you need to flush between writes to ensure the write goes to the cache (1)

2. There are a lot of arguments you could make here. You could say:

• Alice is the only user on there laptop so its unlikely another user may be able to leak her keys specifically. If they’re running servers though off their laptop then they might rethink that as the server process could be manipulated.

• Alice is a grown up. If they would prefer speed over security then they can make their own choice—if the laptop is just used for junk projects then maybe its fine? But how much performance do they really need? Is not an awful lot more security against an exploit path we know gets exploited. Does word and a webbrowser really need 100% raw power?

• Alice may not be a security expert and may not fully understand the implications of a fairly complicated attack; but given the number of crypto papers they’re in they probably are, and who are we to judge them?

Ultimately, I have re-enabled SMT before, but it is a decision that depends on what your workflow is. If there is any doubt then it should be off and remain off (security by default).

Though as Greg Kroah-Hartman said:

https://youtu.be/jI3YE3Jlgw8