Abstract
Industrial-scale reverse engineering affects the majority of companies in the mechanical and plant engineering sector and imposes significant economic damages. Although reverse engineering mitigations exist, economic damage has not been impacted, indicating that they have failed to address the problem. A closer investigation shows that industrial-scale reverse engineering typically only expends efforts on replicating hardware, since software can often be copied verbatim—no reverse engineering effort required.
We present GlueZilla, a system that binds software to hardware through user-space rowhammer PUFs. GlueZilla transforms programs such that they only exhibit their intended behavior on the single machine they are bound to at compile time. When run on any other machine, the programs will exhibit a different functionality. GlueZilla relies on unclonable machine features and thereby forces counterfeiters to not clone just the hardware but also the software. Cloning both hard- and software drives up reverse engineering costs, thereby also decreasing the economic viability of industrial-scale reverse engineering.
GlueZilla works on commodity hardware and does not rely on expensive hardware components. Our evaluation shows that GlueZilla is effective and incurs 16% run-time performance overhead in a practical case.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Average size overhead for 100 junction instructions in SPEC CPU 2017 (see Sect. 9).
References
Aga, M.T., Aweke, Z.B., Austin, T.: When good protections go bad: exploiting anti-DoS measures to accelerate Rowhammer attacks. In: HOST (2017)
Aweke, Z.B., Yitbarek, S.F., Qiao, R., Das, R., Hicks, M., et al.: ANVIL: software-based protection against next-generation Rowhammer attacks. In: ASPLOS (2016)
Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1
Bepary, M.K., Talukder, B.M.S.B., Rahman, M.T.: DRAM retention behavior with accelerated aging in commercial chips. Appl. Sci. 12(9), 4332 (2022)
Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup est machina: memory deduplication as an advanced exploitation vector. In: S &P 2016 (2016)
Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)
Cojocar, L., Razavi, K., Giuffrida, C., Bos, H.: Exploiting correcting codes: on the effectiveness of ECC memory against Rowhammer attacks. In: S &P (2019)
Frigo, P., Giuffrida, C., Bos, H., Razavi, K.: Grand pwning unit: accelerating microarchitectural attacks with the GPU. In: S &P (2018)
Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S &P (2020)
Godbolt, M.: The BTB in contemporary Intel chips—Matt Godbolt’s blog (2016). https://xania.org/201602/bpu-part-three. Accessed 18 Apr 2024
Gruss, D., et al.: Another flip in the wall of Rowhammer defenses. In: S &P (2018)
Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15
Herder, C., Yu, M.D., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)
Jattke, P., van der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: S &P (2022)
Jattke, P., Wipfli, M., Solt, F., Marazzi, M., Bölcskei, M., Razavi, K.: ZenHammer: Rowhammer attacks on AMD Zen-based platforms. In: USENIX Security (2024)
Kim, J.S., Patel, M., Yağlıkçı, A.G., Hassan, H., et al.: Revisiting RowHammer: an experimental analysis of modern DRAM devices and mitigation techniques. In: ISCA (2020)
Kim, Y., et al.: Flip** bits in memory without accessing them: an experimental study of DRAM disturbance errors. ACM SIGARCH Comput. Archit. News 42(3), 361–372 (2014)
Kogler, A., et al.: Half-double: hammering from the next row over. In: USENIX Security (2022)
Kohnhäuser, F., Schaller, A., Katzenbeisser, S.: PUF-based software protection for low-end embedded devices. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 3–21. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_1
Kwong, A., Genkin, D., Gruss, D., Yarom, Y.: RAMBleed: reading bits in memory without accessing them. In: S &P (2020)
Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: S &P (2014)
Lim, D., Lee, J.W., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. VLSI 13(10), 1200–1205 (2005)
Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education (2009)
Orosa, L., et al.: A deeper look into RowHammer‘s sensitivities: experimental analysis of real DRAM chips and implications on future attacks and defenses. In: MICRO (2021)
Piazzalunga, U., Salvaneschi, P., Balducci, F., Jacomuzzi, P., Moroncelli, C.: Security strength measurement for dongle-protected software. Secur. Priv. 5(6), 32–40 (2007)
Qiao, R., Seaborn, M.: A new approach for rowhammer attacks. In: HOST (2016)
Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip Feng Shui: hammering a needle in the software stack. In: USENIX Security (2016)
de Ridder, F., Frigo, P., Vannacci, E., Bos, H., Giuffrida, C., Razavi, K.: SMASH: synchronized many-sided Rowhammer attacks from JavaScript. In: USENIX Security (2021)
Schaller, A., **ong, W., Anagnostopoulos, N.A., et al.: Intrinsic Rowhammer PUFs: leveraging the Rowhammer effect for improved security. In: HOST (2017)
Seaborn, M., Dullien, T.: Exploiting the DRAM rowhammer bug to gain kernel privileges (2015). https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 30 Apr 2024
Škorić, B., Tuyls, P., Ophey, W.: Robust key extraction from physical uncloneable functions. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 407–422. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_28
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC (2007)
Tehranipoor, F., Karimian, N., Yan, W., Chandy, J.A.: DRAM-based intrinsic physically unclonable functions for system-level security and authentication. VLSI 25(3), 1085–1097 (2017)
VDMA: VDMA study product piracy 2022 (2022). https://www.vdma.org/documents/34570/51629660/VDMA+Study+Product+Piracy+2022_final.pdf
van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., et al.: Drammer: deterministic Rowhammer attacks on mobile platforms. In: CCS (2016)
**ong, W., Schaller, A., Katzenbeisser, S., Szefer, J.: Software protection using dynamic PUFs. IEEE Trans. Inf. Forensics Secur. 15, 2053–2068 (2019)
Zhang, Z., Cheng, Y., Liu, D., Nepal, S., Wang, Z., Yarom, Y.: PThammer: cross-user-kernel-boundary rowhammer through implicit accesses. In: MICRO (2020)
Zhang, Z., et al.: Implicit hammer: cross-privilege-boundary rowhammer through implicit accesses. IEEE Trans. Dependable Secure Comput. 20(5), 3716–3733 (2023)
Acknowledgements
The research was supported by the Austrian ministries BMK and BMAW and the State of Upper Austria in the frame of the COMET Module DEPS (FFG 888338) and the SCCH COMET competence center INTEGRATE (FFG 892418).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Mechelinck, R., Dorfmeister, D., Fischer, B., Volckaert, S., Brunthaler, S. (2024). GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer. In: Maggi, F., Egele, M., Payer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science, vol 14828. Springer, Cham. https://doi.org/10.1007/978-3-031-64171-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-64171-8_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-64170-1
Online ISBN: 978-3-031-64171-8
eBook Packages: Computer ScienceComputer Science (R0)