SpringerLink
Log in

GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer

  • Conference paper
  • First Online:
Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14828))

  • 12 Accesses

Abstract

Industrial-scale reverse engineering affects the majority of companies in the mechanical and plant engineering sector and imposes significant economic damages. Although reverse engineering mitigations exist, economic damage has not been impacted, indicating that they have failed to address the problem. A closer investigation shows that industrial-scale reverse engineering typically only expends efforts on replicating hardware, since software can often be copied verbatim—no reverse engineering effort required.

We present GlueZilla, a system that binds software to hardware through user-space rowhammer PUFs. GlueZilla transforms programs such that they only exhibit their intended behavior on the single machine they are bound to at compile time. When run on any other machine, the programs will exhibit a different functionality. GlueZilla relies on unclonable machine features and thereby forces counterfeiters to not clone just the hardware but also the software. Cloning both hard- and software drives up reverse engineering costs, thereby also decreasing the economic viability of industrial-scale reverse engineering.

GlueZilla works on commodity hardware and does not rely on expensive hardware components. Our evaluation shows that GlueZilla is effective and incurs 16% run-time performance overhead in a practical case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 94.15
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 87.73
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/COMET-DEPS.

  2. 2.

    Average size overhead for 100 junction instructions in SPEC CPU 2017 (see Sect. 9).

References

  1. Aga, M.T., Aweke, Z.B., Austin, T.: When good protections go bad: exploiting anti-DoS measures to accelerate Rowhammer attacks. In: HOST (2017)

    Google Scholar 

  2. Aweke, Z.B., Yitbarek, S.F., Qiao, R., Das, R., Hicks, M., et al.: ANVIL: software-based protection against next-generation Rowhammer attacks. In: ASPLOS (2016)

    Google Scholar 

  3. Barak, B., et al.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_1

    Chapter  Google Scholar 

  4. Bepary, M.K., Talukder, B.M.S.B., Rahman, M.T.: DRAM retention behavior with accelerated aging in commercial chips. Appl. Sci. 12(9), 4332 (2022)

    Article  Google Scholar 

  5. Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup est machina: memory deduplication as an advanced exploitation vector. In: S &P 2016 (2016)

    Google Scholar 

  6. Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12(6), 565–584 (1993)

    Article  Google Scholar 

  7. Cojocar, L., Razavi, K., Giuffrida, C., Bos, H.: Exploiting correcting codes: on the effectiveness of ECC memory against Rowhammer attacks. In: S &P (2019)

    Google Scholar 

  8. Frigo, P., Giuffrida, C., Bos, H., Razavi, K.: Grand pwning unit: accelerating microarchitectural attacks with the GPU. In: S &P (2018)

    Google Scholar 

  9. Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S &P (2020)

    Google Scholar 

  10. Godbolt, M.: The BTB in contemporary Intel chips—Matt Godbolt’s blog (2016). https://xania.org/201602/bpu-part-three. Accessed 18 Apr 2024

  11. Gruss, D., et al.: Another flip in the wall of Rowhammer defenses. In: S &P (2018)

    Google Scholar 

  12. Gruss, D., Maurice, C., Mangard, S.: Rowhammer.js: a remote software-induced fault attack in JavaScript. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 300–321. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_15

    Chapter  Google Scholar 

  13. Herder, C., Yu, M.D., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)

    Article  Google Scholar 

  14. Jattke, P., van der Veen, V., Frigo, P., Gunter, S., Razavi, K.: Blacksmith: scalable rowhammering in the frequency domain. In: S &P (2022)

    Google Scholar 

  15. Jattke, P., Wipfli, M., Solt, F., Marazzi, M., Bölcskei, M., Razavi, K.: ZenHammer: Rowhammer attacks on AMD Zen-based platforms. In: USENIX Security (2024)

    Google Scholar 

  16. Kim, J.S., Patel, M., Yağlıkçı, A.G., Hassan, H., et al.: Revisiting RowHammer: an experimental analysis of modern DRAM devices and mitigation techniques. In: ISCA (2020)

    Google Scholar 

  17. Kim, Y., et al.: Flip** bits in memory without accessing them: an experimental study of DRAM disturbance errors. ACM SIGARCH Comput. Archit. News 42(3), 361–372 (2014)

    Article  Google Scholar 

  18. Kogler, A., et al.: Half-double: hammering from the next row over. In: USENIX Security (2022)

    Google Scholar 

  19. Kohnhäuser, F., Schaller, A., Katzenbeisser, S.: PUF-based software protection for low-end embedded devices. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 3–21. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_1

    Chapter  Google Scholar 

  20. Kwong, A., Genkin, D., Gruss, D., Yarom, Y.: RAMBleed: reading bits in memory without accessing them. In: S &P (2020)

    Google Scholar 

  21. Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: S &P (2014)

    Google Scholar 

  22. Lim, D., Lee, J.W., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. VLSI 13(10), 1200–1205 (2005)

    Google Scholar 

  23. Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education (2009)

    Google Scholar 

  24. Orosa, L., et al.: A deeper look into RowHammer‘s sensitivities: experimental analysis of real DRAM chips and implications on future attacks and defenses. In: MICRO (2021)

    Google Scholar 

  25. Piazzalunga, U., Salvaneschi, P., Balducci, F., Jacomuzzi, P., Moroncelli, C.: Security strength measurement for dongle-protected software. Secur. Priv. 5(6), 32–40 (2007)

    Article  Google Scholar 

  26. Qiao, R., Seaborn, M.: A new approach for rowhammer attacks. In: HOST (2016)

    Google Scholar 

  27. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip Feng Shui: hammering a needle in the software stack. In: USENIX Security (2016)

    Google Scholar 

  28. de Ridder, F., Frigo, P., Vannacci, E., Bos, H., Giuffrida, C., Razavi, K.: SMASH: synchronized many-sided Rowhammer attacks from JavaScript. In: USENIX Security (2021)

    Google Scholar 

  29. Schaller, A., **ong, W., Anagnostopoulos, N.A., et al.: Intrinsic Rowhammer PUFs: leveraging the Rowhammer effect for improved security. In: HOST (2017)

    Google Scholar 

  30. Seaborn, M., Dullien, T.: Exploiting the DRAM rowhammer bug to gain kernel privileges (2015). https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. Accessed 30 Apr 2024

  31. Škorić, B., Tuyls, P., Ophey, W.: Robust key extraction from physical uncloneable functions. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 407–422. Springer, Heidelberg (2005). https://doi.org/10.1007/11496137_28

    Chapter  Google Scholar 

  32. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC (2007)

    Google Scholar 

  33. Tehranipoor, F., Karimian, N., Yan, W., Chandy, J.A.: DRAM-based intrinsic physically unclonable functions for system-level security and authentication. VLSI 25(3), 1085–1097 (2017)

    Google Scholar 

  34. VDMA: VDMA study product piracy 2022 (2022). https://www.vdma.org/documents/34570/51629660/VDMA+Study+Product+Piracy+2022_final.pdf

  35. van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., et al.: Drammer: deterministic Rowhammer attacks on mobile platforms. In: CCS (2016)

    Google Scholar 

  36. **ong, W., Schaller, A., Katzenbeisser, S., Szefer, J.: Software protection using dynamic PUFs. IEEE Trans. Inf. Forensics Secur. 15, 2053–2068 (2019)

    Article  Google Scholar 

  37. Zhang, Z., Cheng, Y., Liu, D., Nepal, S., Wang, Z., Yarom, Y.: PThammer: cross-user-kernel-boundary rowhammer through implicit accesses. In: MICRO (2020)

    Google Scholar 

  38. Zhang, Z., et al.: Implicit hammer: cross-privilege-boundary rowhammer through implicit accesses. IEEE Trans. Dependable Secure Comput. 20(5), 3716–3733 (2023)

    Article  Google Scholar 

Download references

Acknowledgements

The research was supported by the Austrian ministries BMK and BMAW and the State of Upper Austria in the frame of the COMET Module DEPS (FFG 888338) and the SCCH COMET competence center INTEGRATE (FFG 892418).

Author information

Authors and Affiliations

  1. DistriNet, KU Leuven, Leuven, Belgium

    Ruben Mechelinck & Stijn Volckaert

  2. Software Competence Center Hagenberg, Hagenberg, Austria

    Daniel Dorfmeister & Bernhard Fischer

  3. μCSRL, CODE Research Institute, University of the Bundeswehr Munich, Munich, Germany

    Stefan Brunthaler

Authors
  1. Ruben Mechelinck
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Dorfmeister
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Fischer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stijn Volckaert
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Stefan Brunthaler
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ruben Mechelinck .

Editor information

Editors and Affiliations

  1. AWS, San Diego, CA, USA

    Federico Maggi

  2. Boston University, Boston, MA, USA

    Manuel Egele

  3. EPFL, Lausanne, Switzerland

    Mathias Payer

  4. Politecnico di Milano, Milan, Italy

    Michele Carminati

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mechelinck, R., Dorfmeister, D., Fischer, B., Volckaert, S., Brunthaler, S. (2024). GlueZilla: Efficient and Scalable Software to Hardware Binding using Rowhammer. In: Maggi, F., Egele, M., Payer, M., Carminati, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2024. Lecture Notes in Computer Science, vol 14828. Springer, Cham. https://doi.org/10.1007/978-3-031-64171-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-64171-8_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-64170-1

  • Online ISBN: 978-3-031-64171-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation