Academics Announce New Protections Against Spectre and Rowhammer Attacks

Rowhammer

Rowhammer is an unintended side effect in dynamic random-access memory (DRAM) that causes memory cells to leak their charges and interact electrically between themselves, possibly leaking the contents of nearby memory rows that were not addressed in the original memory access. This circumvention of the isolation between DRAM memory cells results from the high cell density in modern DRAM, and can be triggered by specially crafted memory access patterns that rapidly activate the same memory rows numerous times.

The row hammer effect has been used in some privilege escalation computer security exploits, and network-based attacks are also theoretically possible in a fast network connection between the attacker and victim.

 

Rowhammer

 

 

Academics Announce New Protections Against Spectre and Rowhammer Attacks

Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer.

Both these fixes are at the software level, meaning they don’t require CPU or RAM vendors to alter products, and could, in theory, be applied as basic software patches.

 

Attack

 

Spectre v1 fix for Linux

The first of these new mitigation mechanisms was announces on Thursday, last week. A research team from Dartmouth College in New Hampshire says it created a fix for Spectre Variant 1 (CVE-2017-5753), a vulnerability discovered at the start of the year affecting modern CPUs.

Their fix uses ELFbac, an in-house-developed Linux kernel patch that brings access control policies to runtime virtual memory accesses of Linux processes, at the level of ELF binary executables.

In an email to Bleeping Computer, a Dartmouth College spokesperson said the team is currently working on a paper to describe the research in more depth, and a dedicated website that will feature more details will be completed over the next couple of days.

 

Linux

 

Rowhammer software-level fix

The second fix for a major flaw announced last week came on Saturday from the Systems and Network Security Group at VU Amsterdam.

Researchers announced a new technique called ZebRAM that they said is a comprehensive software protection against Rowhammer attacks. No details are currently available about this new technique outside the tweet below and the name of an upcoming research paper.

Rowhammer attacks have been a problem since 2014. Researchers have discovered a wide range of methods for launching Rowhammer attacks, and defenses put in place between 2014 and 2016 have been proven to be incomplete in October 2017.

 

Network

 

Red Hat releases Spectre v1 scanning tool

The tool was developed by engineers from Red Hat, and hence, like the ELFBac tool, is only meant for Linux systems.

The tool currently only supports the x86_64 and AArch64 architectures, according to a Red Hat blog post that also includes a small tutorial on how software devs can use it to detect areas of their code that could be exploited via Spectre v1.

 

Red Hat

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 


Show Buttons
Hide Buttons