Nytro Posted August 15, 2017 Report Share Posted August 15, 2017 From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks Anil Kurmus Nikolas Ioannou Matthias Neugschwandtner Nikolaos Papandreou Thomas Parnell IBM Research – Zurich Abstract Rowhammer demonstrated that non-physical hardware- weakness-based attacks can be devastating. In a recent paper, Cai et al. [2] propose that similar attacks can be performed on MLC NAND flash. In this paper, we dis- cuss the requirements for a successful, full-system, lo- cal privilege escalation attack on such media, and show a filesystem based attack vector. We demonstrate the filesystem layer of this attack, showing that a random block corruption of a carefully chosen block is sufficient to achieve privilege escalation. In particular, to motivate the assumptions of this filesystem-level attack, we show the attack primitive that an attacker can obtain by making use of cell-to-cell interference is quite weak, and there- fore requires a carefully crafted attack at the OS layer for successful exploitation. Download: https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf Quote Link to comment Share on other sites More sharing options...
