Cyber security in industrial control systems (ICS):a survey of rowhammer vulnerability

• Autorzy: Aydin Hakan , Sertbaş Ahmet

Identyfikatory

DOI

10.35784/acs-2022-15

• Języki publikacji: EN

Abstrakty

EN

Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns. The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS.

Słowa kluczowe

EN

RowHammer; Cyber Security; DRAM

• Wydawca: Polskie Towarzystwo Promocji Wiedzy ; Lublin University of Technology
• Czasopismo: Applied Computer Science
• Rocznik: 2022
• Tom: Vol. 18, no 2
• Strony: 86--100
• Opis fizyczny: Bibliogr. 47 poz., fig., tab.

Twórcy

autor

Aydin Hakan

• Istanbul Topkapı University, Faculty of Engineering, Istanbul, Turkey

• https://orcid.org/0000-0002-0122-8512

autor

Sertbaş Ahmet

• Istanbul Topkapı University, Faculty of Engineering, Istanbul, Turkey

• https://orcid.org/0000-0001-8166-1211

Bibliografia

• [1] Ackerman, P. (2017). Industrial Cybersecurity: Efficiently secure critical infrastructure systems. Packt Publishing Ltd.
• [2] Aga, M. T., Aweke, Z. B., & Austin, T. (2017). When good protections go bad: Exploiting anti-DoS measures to accelerate Rowhammer attacks. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (pp. 8–13). IEEE. https://doi.org/10.1109/HST.2017.7951730
• [3] Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security is-sues. Computers in Industry, 100, 212-223. https://doi.org/10.1016/j.compind.2018.04.017
• [4] Aweke, Z. B., Yitbarek, S. F., Qiao, R., Das, R., Hicks, M., Oren, Y., & Austin, T. (2016). ANVIL: Soft-ware-based protection against next-generation Rowhammer attacks. ACM SIGPLAN Notices, 51(4), 743–755. https://doi.org/10.1145/2954679.2872390
• [5] Barenghi, A., Breveglieri, L., Izzo, N., & Pelosi, G. (2018). Software-only reverse engineering of physical DRAM mappings for RowHammer attacks. In 2018 IEEE 3rd International Verification and Security Workshop (IVSW) (pp. 19–24). IEEE. https://doi.org/10.1109/IVSW.2018.8494868
• [6] Barrère, M., Hankin, C., Nicolaou, N., Eliades, D. G., & Parisini, T. (2020). Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. Journal of information security and applications, 52, 102471. https://doi.org/10.1016/j.jisa.2020.102471
• [7] Bhattacharya, S., & Mukhopadhyay, D. (2018). Advanced fault attacks in software: Exploiting the RowHammer bug. In Fault Tolerant Architectures for Cryptography and Hardware Security (pp. 111–135). Springer. https://doi.org/10.1007/978-981-10-1387-4_6
• [8] Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). IEEE. https://doi.org/10.1109/SP.2016.63
• [9] Carvajal, J. H., Rojas, O. A., & Chacón, E. (2018). Cyber-physical system for industrial control automation based on the holonic approach and the IEC 61499 standard. In 2018 Forum on Specification & Design Languages (FDL) (pp. 5–16). IEEE. https://doi.org/10.1109/FDL.2018.8524082
• [10] Chekole, E. G., Castellanos, J. H., Ochoa, M., & Yau, D. K. (2017). Enforcing memory safety in cyber-physical systems. In Computer security (pp. 127–144). Springer. https://doi.org/10.1007/978-3-319-72817-9_18
• [11] Cojocar, L., Kim, J., Patel, M., Tsai, L., Saroiu, S., Wolman, A., & Mutlu, O. (2020). Are we susceptible to Rowhammer? An end-to-end methodology for cloud providers. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 712–728). IEEE. https://doi.org/10.1109/SP40000.2020.00085
• [12] Ding, D., Han, Q. L., Xiang, Y., Ge, X., & Zhang, X. M. (2018). A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, 275, 1674–1683. https://doi.org/10.1016/j.neucom.2017.10.009
• [13] Farmani, M., Tehranipoor, M., & Rahman, F. (2021). RHAT: Efficient RowHammer-Aware Test for Modern DRAM Modules. In 2021 IEEE European Test Symposium (ETS) (pp. 1–6). IEEE. https://doi.org/10.1109/ETS50041.2021.9465436
• [14] Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., & Sezer, S. (2017). STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of information security and applications, 34, 183–196. https://doi.org/10.1016/j.jisa.2016.05.008
• [15] Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pawning unit: Accelerating microarchitectural attacks with the GPU. In 2018 IEEE Symposium on Security and Privacy (sp) (pp. 195–210). IEEE. https://doi.org/10.1109/SP.2018.00022
• [16] Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Yarom, Y. (2018). An-other flip in the wall of Rowhammer defenses. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 245–261). IEEE. https://doi.org/10.1109/SP.2018.00031
• [17] Gruss, D., Maurice, C., & Mangard, S. (2016). Rowhammer. js: A remote software-induced fault attack in JavaScript. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 300–321). Springer. https://doi.org/10.1007/978-3-319-40667-1_15
• [18] Hassan, H., Tugrul, Y. C., Kim, J. S., Van der Veen, V., Razavi, K., & Mutlu, O. (2021). Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1198–1213). https://doi.org/10.1145/3466752.3480110
• [19] Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498–506. https://doi.org/10.1016/j.cose.2006.03.001
• [20] Industrial control systems threat medley: spyware and malicious scripts on the rise in H1 2021. (2021). Kaspersky. Retrieved April 8, 2022 from https://www.kaspersky.com/about/press-releases/2021_industrial-control-systems-threat-medley-spyware-and-malicious-scripts-on-the-rise-in-h1-2021
• [21] Jang, Y., Lee, J., Lee, S., & Kim, T. (2017). SGX-Bomb: Locking down the processor via Row-hammer attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (pp. 1–6). https://doi.org/10.1145/3152701.3152709
• [22] Johari, R., Kaur, A., Hashim, M., Rai, P. K., & Gupta, K. (2022). SEVA: Secure E-Voting Application in Cyber Physical System. Cyber-Physical Systems, 8(1), 1–31. https://doi.org/10.1080/23335777.2020.1837250
• [23] Khaitan, S. K., & McCalley, J. D. (2014). Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal, 9(2), 350-365. https://doi.org/10.1109/JSYST.2014.2322503
• [24] Kim, J. S., Patel, M., Yağlıkçı, A. G., Hassan, H., Azizi, R., Orosa, L., & Mutlu, O. (2020). Revisiting Rowhammer: An experimental analysis of modern dram devices and mitigation techniques. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA) (pp. 638–651). IEEE. https://doi.org/10.1109/ISCA45697.2020.00059
• [25] Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News, 42(3), 361–372. https://doi.org/10.1145/2678373.2665726
• [26] Lee, M., & Kwak, J. (2021). Detection Technique of Software-Induced Rowhammer Attacks. CMC-Computers Materials & Continua, 67(1), 349–367.
• [27] Lieu Tran, T. B., Törngren, M., Nguyen, H. D., Paulen, R., Gleason, N. W., & Duong, T. H. (2019). Trends in preparing cyber-physical systems engineers. Cyber-Physical Systems, 5(2), 65–91. https://doi.org/10.1080/23335777.2019.1600034
• [28] Lipp, M., Schwarz, M., Raab, L., Lamster, L., Aga, M. T., Maurice, C., & Gruss, D. (2020). Nethammer: Inducing Rowhammer faults through network requests. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 710–719). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00102
• [29] Loukas, G. (2015). Cyber-physical attacks on industrial control systems. In Cyber-Physical Attacks (pp. 105–144). Elsevier.
• [30] Lu, T., Guo, X., Li, Y., Peng, Y., Zhang, X., Xie, F., & Gao, Y. (2014). Cyberphysical security for industrial control systems based on wireless sensor networks. International Journal of Distributed Sensor Networks, 10(6), 438350. https://doi.org/10.1155/2014/438350
• [31] Mahmoud, M. S., & Hamdan, M. M. (2019). Improved control of cyber-physical systems subject to cyber and physical attacks. Cyber-Physical Systems, 5(3), 173–190. https://doi.org/10.1080/23335777.2019.1631889
• [32] Mutlu, O. (2015). Main memory scaling: Challenges and solution directions. In More than Moore technologies for next generation computer design (pp. 127–153). Springer. https://doi.org/10.1007/978-1-4939-2163-8_6
• [33] Mutlu, O., & Kim, J. S. (2019). Rowhammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(8), 1555–1571. https://doi.org/10.1109/TCAD.2019.2915318
• [34] Mutlu, O., & Subramanian, L. (2014). Research problems and opportunities in memory systems. Super-computing frontiers and innovations, 1(3), 19–55.
• [35] Orosa, L., Yaglikci, A. G., Luo, H., Olgun, A., Park, J., Hassan, H., & Mutlu, O. (2021). A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1182–1197). https://doi.org/10.1145/3466752.3480069
• [36] Peng, Y., Wang, Y., Xiang, C., Liu, X., Wen, Z., Chen, D., & Zhang, C. (2015). Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment. In 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) (pp. 322–326). IEEE. https://doi.org/10.1109/IIH-MSP.2015.110
• [37] Qiao, R., & Seaborn, M. (2016). A new approach for Rowhammer attacks. In 2016 IEEE international symposium on hardware oriented security and trust (HOST) (pp. 161–166). IEEE. https://doi.org/10.1109/HST.2016.7495576
• [38] Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. (2016). Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16) (pp. 1–18). USENIX Association.
• [39] Seaborn, M., & Dullien, T. (2015). Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat, 15, 71.
• [40] Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16–16.
• [41] Tatar, A., Konoth, R. K., Athanasopoulos, E., Giuffrida, C., Bos, H., & Razavi, K. (2018). Throwhammer: Rowhammer attacks over the network and defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (pp. 213–226). USENIX Association.
• [42] Teixeira, M. A., Salman, T., Zolanvari, M., Jain, R., Meskin, N., & Samaka, M. (2018). SCADA system testbed for cybersecurity research using machine learning approach. Future Internet, 10(8), 76. https://doi.org/10.3390/fi10080076
• [43] Van Der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G.& Giuffrida, C. (2016). Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1675–1689). https://doi.org/10.1145/2976749.2978406
• [44] Yağlikçi, A. G., Patel, M., Kim, J. S., Azizi, R., Olgun, A., Orosa, L., & Mutlu, O. (2021). Blockhammer: Preventing Rowhammer at low cost by blacklisting rapidly-accessed dram rows. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA) (pp. 345–358). IEEE. https://doi.org/10.1109/HPCA51647.2021.00037
• [45] Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2013). Taxonomy for description of cross-domain attacks on CPS. In Proceedings of the 2nd ACM international conference on High confidence networked systems (pp. 135-142). ACM Digital Library https://doi.org/10.1145/2461446.2461465
• [46] Zhang, Z., Qi, J., Cheng, Y., Jiang, S., Lin, Y., Gao, Y., & Zou, Y. (2022). A Retrospective and Future-spective of Rowhammer Attacks and Defenses on DRAM. arXiv preprint arXiv:2201.02986. https://doi.org/10.48550/arXiv.2201.02986
• [47] Zimba, A., Wang, Z., & Chen, H. (2018). Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express, 4(1), 14–18. https://doi.org/10.1016/j.icte.2017.12.007

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).