Modern cloud environments offer cheap access to virtual private servers (VPS) by sharing a server’s hardware to run multiple operating system instances on a single machine using virtualization software. One role of the virtualization software is to ensure the separation of resources between VPS instances to ensure each VPS acts as if it had its own physical hardware. While this separation is adequately maintained under normal operating conditions, hardware vulnerabilities in RAM such as Rowhammer can be exploited to allow one attacker VPS to manipulate data on another VPS hosted on the same server without explicit permission from the virtualization software.
Intro to RAM
Random access memory (RAM) is one of the fundamental components of a computer. It is used to store a computer’s programs and data that have been recently used or will be used in the near-future. The internal structure of RAM consists of several rows of memory cells where each cell comprises either a 1 or a 0. These cells can be constructed in two different ways. In static random access memory (SRAM), each cell is made of a simple flip-flop circuit that maintains its binary value as long as it has power, whereas in dynamic random access memory (DRAM), each cell is made of a single transistor and capacitor. Because of the simplicity of DRAM memory cells, DRAM modules can have higher memory cell density and lower price than SRAM, but at the cost of having to periodically refresh the capacitors to maintain data. Because of these benefits, DRAM is a popular choice for many consumers and service providers.
Rowhammer is a vulnerability derived from the increasingly small manufacturing processes used to create DRAM memory cells. DRAM cells are so manufactured so physically close together that the electrical charge from an operation on one row of cells in memory can affect nearby memory cells rows that were not originally addressed.
Carnegie Mellon University and Intel Labs analyzed this phenomena and published a paper that highlighted how an attacker could exploit the confined nature of DRAM cells to their advantage. “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors,” explained that an attacker could intentionally execute bit flips in vulnerable memory cells changing their value from a 0 to 1 or 1 to 0, by repeatedly reading rows nearby. The flip is caused by the repeated electrical interaction between rows due to their close physical proximity and is exacerbated by the relatively long time it takes for the memory controller to refresh the memory cells .
Flip Feng Shui Attack
The Flip Feng Shui attack is introduced by the paper “Flip Feng Shui: Hammering a Needle in the Software Stack”, by Kaveh Razavi and Ben Gras. Razavi and Gras identified how the Rowhammer vulnerability can be used in a cloud environment to attack virtual machines (VMs) hosted on the same server. The attack relies on the Rowhammer vulnerability and kernel same-page merging (KSM), which is a technology that seeks to use RAM efficiently by eliminating duplications of data held in memory . This is especially useful in cloud environments, where a server hosts many VMs running the same operating system because it is likely that each VM will load the same programs or data into RAM. KSM consolidates these copies of the same data into one copy, sets access permissions on the new consolidated copy to read-only, and the VM manager simply points each VM to this new data.
The paper goes on to explain that KSM can be invoked to give an attacker a reference to data shared with a victim VM simply by creating a copy of a file known to be on the victim’s VM. Should the attacker create this copy in a section of RAM vulnerable to Rowhammer, KSM could point the victim VM to use this copy of data, which will allow the attacker to manipulate its contents through a Rowhammer exploitation. One example of a file that can be recreated on an attacker’s VM is the authorized_keys file found in OpenSSH installations that contains a known public SSH key. By knowing the public SSH key, the file can be recreated on an attacker’s VM, which KSM will then be remap to point to the same section of RAM holding the victim’s version of the file. After the attacker’s VM has a reference to data being used by the victim VM, it can be bit flipped using Rowhammer. The bit flipped copy of the authorized_keys file weakens the security of the public key it contains and can then be used to create a private key, which can then be used to log in to the victim VM .
Proposed Flip Feng Shui Mitigations
Mitigating Flip Feng Shui would require disabling the use of Rowhammer to manipulate restricted data or disabling KSM to remove references of other VMs’ memory. Several solutions have been proposed to reduce or eliminate the effectiveness of Rowhammer .
- Using Error Correcting Code (ECC) memory
- Targeted row refreshes (TRR)
- Reducing the periodic row refresh time
- Making better physical chips
Using ECC memory would allow the detection of single bit flips by checking the parity bit, but at the cost of some CPU performance, a higher price, and limited hardware compatibility. TRR is a method that refreshes a row and its neighbors based on the amount of accesses it has had within a given time period . Reducing the periodic refresh of DRAM of 64ms would give attackers a shorter timeframe for the electrical interactions between rows to induce a bit flip at the cost of mildly increased performance overhead. Lastly, making better physical designs that space memory cells further apart to eliminate Rowhammer’s effectiveness is always an option, but due to the nature of competition, few manufactures are likely to reduce their DRAM module’s capacity for an exploit that will only directly affect a select group of customers.
Instead of trying to solve a prevalent hardware problem, a user could just reconfigure the VM manager to eliminate the vulnerabilities associated with shared memory instances between separate VMs. This could be as simple as disabling KSM, which would create distinct instances of each VM in RAM. However, this is a prohibitive and wasteful option as the duplicate data in RAM would drastically reduce the available memory. The Flip Feng Shui paper proposed that instead of a VM being pointed to another VM’s duplicate data during KSM’s duplicate consolidation, both machines with the duplicate data would be pointed to a new copy would be created in a random section of memory . This would prevent the attacker from having access to the shared instance of the data in a section of memory known to the attacker known to be exploitable by Rowhammer .
While this attack requires exact knowledge of files on the victim to be exploited, it still provides an insight into how a simple memory error can be further analyzed to develop an exploit. Some virtualization software have already implemented solutions to disable the merging of data shared by separate VMs such as VMWare, which only allows memory owned by the same VM to be merged . In a large cloud environment offering VMs hosted the same server, it is imperative that the hardware employed be sufficiently vetted against Rowhammer and that the virtual machine manager not provide shared memory between VMs to ensure a safe environment for users.
This post was written by: Joshua Lyle
 “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors” https://users.ece.cmu.edu/~yoonguk/papers/kim-isca14.pdf
 “Flip Feng Shui: Hammering a Needle in the Software Stack” https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
 Target Row Refresh Mode https://www.micron.com/products/datasheets/3d323c4d-6bc7-4193-908d-e99ad746aa4e?page=13
 “Additional Transparent Page Sharing management capabilities and new default settings (2097593)”