Using Memory Errors to Attack a Virtual Machine

gillus writes "A very cool scientific paper from Appel and Govindavajhala that explains how virtual machines like java or .Net can be exploited. How? Quite simple, bomb your DRAM chip with X-rays... or more simply with 50-watt spotlight, as the authors demonstrate. Definitively worth a read!"

Re:seriously

Fascinating. That is... fascinating that people actually modded you up. Before too many moderators mod you up... tell us why ECC is not sufficient for single bit errors as shown in the attacks in this presentation. Also what does BIST have to do with recovering from bit flips in otherwise perfectly functional chips?

I'm not going too worry to much about this even though all of /. knows now because if someone has physical access to your system and is shining a 50W spotlight directly on your RAM, you've got other serious issues.

Re:This just in!

[Com2Kid]

• Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physical access (to the outside of the computer) and can use various means to induce faults; we have successfully used heat.

If somebody intent on breaking through the smart card's security has access to the smart card, then sooner or later the security WILL be broken. Encrypting data is NOT a foolproof way to keep things safe, though having the security measures last a dozen or so years IS a rather safe second bet. :)

Re:This just in!

What this could lead to, if it works and ends up working well, is running other processes in a machine that do end up causing memory errors. far fetched? probably, but all exploits involve a range of small weaknesses (except Windows ones, as Windows is one large weakness).

Take a look at core memory. Memory access there, when random, was fine. Go looking continually at one row of cores and bam - your wire heats up. Go continually looking at the one single core (read or write) and it was possible to effectively destroy your memory plane.

One commodore 64 demo program (just a few POKE statements) would lock up a machine after being run, and the computer would only turn on again after sitting without power for hours. A small bug in a chip is all that took. It may not be an exploit but perhaps one of the consumer-computing worlds first 'denial of service' hacks.

This just looks harmless when taken on its own. You can't know what other ways to exploit hardware will appear in the future, if the problems here aren't addressed.

I'm reminded of Knuth's quote

[arvindn]

"Beware of bugs in the above code; I have only proved it correct, not tried it."

Apparently, the security of the JVM type system has been subject to machine-checked proofs. Yet, a single bit error in memory can be exploited with 70% probability.

Simple countermeasure?

[The+Clockwork+Troll]

Whenever your code has occasion to store a boolean value (for later test/comparison), store multiple copies of it at predictable but "geographically" disparate locations in RAM.

Then, when doing the test/comparison, if there is not consensus in the bits (they should be all 1 or all 0), you know some memory error has occurred. The confidence level in the boolean test could be made arbitrarily high by storing increasing numbers of redundant bits.

This would slow things down considerably but it seems cheaper than lead cases.

This countermeasure is obviously not foolproof because most branches ultimately come down to a single register test but perhaps it's an improvement? Comments?

Re:This just in!

[mentin]

Well, there are already many error-induction attacks agains smart cards (some references in the article), that don't involve JVM running untrusted code.

So if I can break smart card event if is does not run any my [untrusted] code, who cares about attack to smart card that allows to run untrusted code? Besides, I've never seen any smartcard that actually does this stupid thing.

A better target for attack may be a server at a nuclear reactor facility that has natural high rate of memory failures :)

a side note about developement of ecc

[bloodbob]

I Believe I could be mistaken but the guy who made up the finite state machine for ECC had a mental break down. Making something like that is very complex I wonder how long parity checks which offer no correction where thought to be state of the art.

ECC for making machines .... **cheaper** !

[Morgaine]

This (excellent) paper alludes to the usual situation that cheaper machines tend not to use ECC in memory modules and in other parts of their architecture in order to save on manufacturing costs.

Note however that this common perception is not strictly speaking entirely accurate or necessary, because if a system is designed to meet a given level of reliability then a machine with ECC may end up being cheaper than one without ECC, because the error detection and correction can make up for reduced reliability in the rest of the hardware.

As an example, some components may be run closer to their operating limits, possibly partially overclocked, or power supplies may be less well regulated and hence electronic noise margins may be slightly compromised, or the system may be designed with substandard cooling, and so on. ECC could help mitigate some of the effects of such presumably cheaper designs, while still maintaining the reliability of better implementions.

So, there's slightly more to the "ECC only found in better systems" argument than at first meets the eye. As usual, caveat emptor. :-)

Brute force

[Xner]

Any encryption can still be broken through though brute force.

And any literary work can be obtained with an infinite number of monkeys sitting at an infinite number of typewriters for an infinitely long period of time.

Most serious ciphers attacked using brute force with contemporary technology will probably hold out until the universe's heat death. Not to mention the fact that some experts claim that there simply is not enough energy in the universe to cycle a 128 bit counter through all its states, let alone perform any computations.

palladium

[astrashe]

One use for this sort of thing might be to get a palladium system to do something it's not supposed to. In that case you'd have access to your own machine.

Palladium is just a specialized VM that runs on tamper proof hardware, that's designed to let other people trust the results of some computations performed on your machine.

Nothing new in the article...

[Alwin+Henseler]

Let me conclude from reading the article:
-Memory errors can allow a system running a virtual machine to be compromised/corrupted
-Such memory errors are most likely to occur when an attacker has physical access to the machine
-One way to make it less likely, is to use error correction (ECC) on the memory.

Rewritten:
-If a computer's memory is not 100% reliable, you can't fully trust software running on it, to perform as expected
-Physical access to a machine gives an attacker more chance of compromising it
-Having error correction enabled, would make a system more reliable.

So what's new here? Nothing.
I have to give the researchers credit though, for the nice way they worked out how to exploit such hardware errors.

Re:This just in!

[omnirealm]

Any encryption can still be broken through though brute force.

This is simply not true. One-time pads are 100% unbreakable, and they will always be unbreakable (at least mathematically speaking), no matter how sophisticated technology gets in the future. For those who are unfamiliar with the concept, a one-time pad is a cryptographically random string of 1's and 0's, which is at least of the same length of the message itself. Two parties have a secure channel in which to exchange these pads; for example, if Alice and Bob wish to use one-time pads, Alice can generate a list of 10,000 cryptographically random strings, put them in a suitcase that is handcuffed to her wrist, and deliver them to Bob in person. Bob and Alice then have a set of one-time pads that they can use for all future communication. Each time they encrypt a message with one of the pads, they discard the pad and never use it again. Because the pad is at least the length of any messages they might pass back and forth, there is no way to analyze the encrypted message for patterns. It is mathematically impossible. You could easily come up strings of 1's and 0's that would ``decrypt'' the message into anything, be it passages from the Bible, or Ogg Vorbis encoded music. You would have no idea which set of 1's and 0's produced the actual original message. This is truly unbreakable encryption on a mathematical level.

Most companies claiming that their encryption is ``unbreakable'' are using one-time pads; the problem is reduced to finding a secure channel of communications in which to transmit those pads. This is usually not a feasible assumption, which is why we all prefer using, for example, Diffie-Hellman key exchange, which depends on the difficulty of math involving discrete logarithms. The encryption we now use is breakable, but it is hard enough to break that it is generally considered secure.

Re:This just in!

[exp(pi*sqrt(163))]

Sure you can protect yourself from differential power analysis, or whatever it's called. You can design logic gates that draw the same power whatever. Or you can add extra logic that masks other activity. You can design algorithms that draw power in exactly the same power whatever the input, possibly performing unnecessary dummy steps. There are lots of defenses.

Re:This just in!

[xiitone]

>Most companies claiming that their encryption is >``unbreakable'' are using one-time pads;
and most of these snake oil salesman are using algorithmic "random" number generation. There's two delicate parts of one time pads-distributing the pad , and your pad generation.