
Combining SGX and Rowhammer for undetectable malware - lvh
https://arxiv.org/abs/1710.00551
======
lvh
This is bananas.

We've known for about 2 years now that Rowhammer is nominally possible. This
research is interesting, because it blows away all of our assumptions about
mitigations to Rowhammer: it even defeats all of them _at the same time_.

For example: it turns out it's not necessary to hammer multiple DRAM rows to
trigger the bug, you can just go after a single location. This makes the
attack more stealthy but also faster. They've developed new techniques for
deterministically modifying userspace binaries without exhausting memory.
Preventing exhaustion-based page placement was thought to prevent Rowhammer
attacks, but it turns that's not necessary either. The new technique is crazy
clever, exploiting specific performance tweaks in the Linux page cache to
place a page right where they want it (in physical RAM). They also made the
techniques for memory pattern mapping (spraying and grooming) much, much more
subtle, making it harder to track the attack from stats. And, in a final coup
de grace, they shoved all of this into Intel SGX, which does a mostly-good job
of hiding this from the rest of the system (including the kernel), by design.
In particular, you can't look at performance counters anymore to know that
something is banging the heck out of something, because SGX bypasses those.

The "obvious" attack is to go after sudo to get root. They do that. Another
cool one is that SGX, when it detects tampering, will _halt the entire damn
box_ until you power cycle it. So turns out you can cause some pretty serious
havoc :)

