As DRAM has been scaling to increase in density, the cells are less isolated
from each other. Recent studies have found that repeated accesses to DRAM rows
can cause random bit flips in an adjacent row, resulting in the so called
Rowhammer bug. This bug has already been exploited to gain root privileges and
to evade a sandbox, showing the severity of faulting single bits for security.
However, these exploits are written in native code and use special instructions
to flush data from the cache.
the Rowhammer attack. Our attack uses an eviction strategy found by a generic
algorithm that improves the eviction rate compared to existing eviction
strategies from 95.2% to 99.99%. Rowhammer.js is the first remote
software-induced hardware-fault attack. In contrast to other fault attacks it
does not require physical access to the machine, or the execution of native
be performed on millions of users stealthily and simultaneously, we propose
countermeasures that can be implemented immediately.