ExplFrame: Exploiting Page Frame Cache for Fault Analysis of Block Ciphers
Anirban Chakraborty1,a, Sarani Bhattacharya2, Sayandeep Saha1,b and Debdeep Mukhopadhyay1,c
1Dept. of Computer Science IIT Kharagpur, India
aanirban.chakraborty@iitkgp.ac.in
bsahasayandeep@cse.iitkgp.ac.in
cdebdeep@cse.iitkgp.ac.in
2COSIC, ESAT KU Leuven, Belgium
Sarani.Bhattacharya@esat.kuleuven.be
ABSTRACT
Page Frame Cache (PFC) is a purely software cache, present in modern Linux based operating systems (OS), which stores the page frames that were recently released by the processes running on a particular CPU. In this paper, we show that the page frame cache can be maliciously exploited by an adversary to steer the pages of a victim process to some pre-decided attacker-chosen locations in the memory. We practically demonstrate an end-to-end attack, ExplFrame, where an attacker having only user-level privilege is able to force a victim process's memory pages to vulnerable locations in DRAM and deterministically conduct Rowhammer to induce faults. As a case study, we induce single bit faults in the T-tables on OpenSSL (v1.1.1) AES using our proposed attack ExplFrame. We also propose an improvised fault analysis technique which can exploit any Rowhammer-induced bit-flips in the AES T-tables.
Keywords: Page Frame Cache, Buddy Allocator, OpenSSL, Rowhammer, DRAM, Fault Injection