In recent years we observed a deepening integration between hardware and software; we now have dedicated hardware for all sorts of applications and software heavily optimized for the underlying hardware. And while this allowed modern systems to keep up with the increasing demand for performance, this new paradigm came at the cost of a more complex hardware-software stack.
Unfortunately, between the cracks of these two domains, we notice a new class of attacks gaining momentum: software-based hardware attacks. As the name suggests, these attacks target underlying hardware vulnerabilities while being leveraged from software—notorious examples being the Rowhammer bug, Spectre, and Meltdown.
In this thesis, we perform an in-depth attack surface analysis of different software-based hardware vulnerabilities while revisiting some of the assumptions upon which the current attacks and defenses are built. More specifically, we deepen the understanding of the DRAM Rowhammer bug from various perspectives: we show how it represents a serious threat to various targets such as mobile devices, web browsers, and Deep Neural Networks; and, we demonstrate that the silver-bullet defense introduced on DDR4 devices against the issue—in-DRAM Target Row Refresh—does not prevent an attacker from triggering bit-flips on millions of devices previously deemed safe.
On top of that, we investigate the effectiveness of hardware defenses introduced against the recent Spectre bug and show how those deployed to prevent cross-privilege Spectre attacks are incomplete, allowing attackers to build new exploits.