CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY
Hakan AYDIN
hakanaydin@topkapi.edu.trIstanbul Topkapı University, Faculty of Engineering, Istanbul (Turkey)
Ahmet SERTBAŞ
Istanbul University-Cerrahpasa, Faculty of Engineering, Istanbul, (Turkey)
Abstract
Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns. The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS.
Keywords:
RowHammer, Cyber Security, DRAMReferences
Ackerman, P. (2017). Industrial Cybersecurity: Efficiently secure critical infrastructure systems. Packt Publishing Ltd.
Google Scholar
Aga, M. T., Aweke, Z. B., & Austin, T. (2017). When good protections go bad: Exploiting anti-DoS measures to accelerate Rowhammer attacks. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (pp. 8–13). IEEE. https://doi.org/10.1109/HST.2017.7951730
DOI: https://doi.org/10.1109/HST.2017.7951730
Google Scholar
Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security is-sues. Computers in Industry, 100, 212-223. https://doi.org/10.1016/j.compind.2018.04.017
DOI: https://doi.org/10.1016/j.compind.2018.04.017
Google Scholar
Aweke, Z. B., Yitbarek, S. F., Qiao, R., Das, R., Hicks, M., Oren, Y., & Austin, T. (2016). ANVIL: Soft-warebased protection against next-generation Rowhammer attacks. ACM SIGPLAN Notices, 51(4), 743–755. https://doi.org/10.1145/2954679.2872390
DOI: https://doi.org/10.1145/2954679.2872390
Google Scholar
Barenghi, A., Breveglieri, L., Izzo, N., & Pelosi, G. (2018). Software-only reverse engineering of physical DRAM mappings for RowHammer attacks. In 2018 IEEE 3rd International Verification and Security Workshop (IVSW) (pp. 19–24). IEEE. https://doi.org/10.1109/IVSW.2018.8494868
DOI: https://doi.org/10.1109/IVSW.2018.8494868
Google Scholar
Barrère, M., Hankin, C., Nicolaou, N., Eliades, D. G., & Parisini, T. (2020). Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. Journal of information security and applications, 52, 102471. https://doi.org/10.1016/j.jisa.2020.102471
DOI: https://doi.org/10.1016/j.jisa.2020.102471
Google Scholar
Bhattacharya, S., & Mukhopadhyay, D. (2018). Advanced fault attacks in software: Exploiting the RowHammer bug. In Fault Tolerant Architectures for Cryptography and Hardware Security (pp. 111–135). Springer. https://doi.org/10.1007/978-981-10-1387-4_6
DOI: https://doi.org/10.1007/978-981-10-1387-4_6
Google Scholar
Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). IEEE. https://doi.org/10.1109/SP.2016.63
DOI: https://doi.org/10.1109/SP.2016.63
Google Scholar
Carvajal, J. H., Rojas, O. A., & Chacón, E. (2018). Cyber-physical system for industrial control automation based on the holonic approach and the IEC 61499 standard. In 2018 Forum on Specification & Design Languages (FDL) (pp. 5–16). IEEE. https://doi.org/10.1109/FDL.2018.8524082
DOI: https://doi.org/10.1109/FDL.2018.8524082
Google Scholar
Chekole, E. G., Castellanos, J. H., Ochoa, M., & Yau, D. K. (2017). Enforcing memory safety in cyber-physical systems. In Computer security (pp. 127–144). Springer. https://doi.org/10.1007/978-3-319-72817-9_18
DOI: https://doi.org/10.1007/978-3-319-72817-9_9
Google Scholar
Cojocar, L., Kim, J., Patel, M., Tsai, L., Saroiu, S., Wolman, A., & Mutlu, O. (2020). Are we susceptible to Rowhammer? An end-to-end methodology for cloud providers. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 712–728). IEEE. https://doi.org/10.1109/SP40000.2020.00085
DOI: https://doi.org/10.1109/SP40000.2020.00085
Google Scholar
Ding, D., Han, Q. L., Xiang, Y., Ge, X., & Zhang, X. M. (2018). A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, 275, 1674–1683. https://doi.org/10.1016/j.neucom.2017.10.009
DOI: https://doi.org/10.1016/j.neucom.2017.10.009
Google Scholar
Farmani, M., Tehranipoor, M., & Rahman, F. (2021). RHAT: Efficient RowHammer-Aware Test for Modern DRAM Modules. In 2021 IEEE European Test Symposium (ETS) (pp. 1–6). IEEE. https://doi.org/10.1109/ETS50041.2021.9465436
DOI: https://doi.org/10.1109/ETS50041.2021.9465436
Google Scholar
Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., & Sezer, S. (2017). STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of information security and applications, 34, 183–196. https://doi.org/10.1016/j.jisa.2016.05.008
DOI: https://doi.org/10.1016/j.jisa.2016.05.008
Google Scholar
Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pawning unit: Accelerating microarchitectural attacks with the GPU. In 2018 IEEE Symposium on Security and Privacy (sp) (pp. 195–210). IEEE. https://doi.org/10.1109/SP.2018.00022
DOI: https://doi.org/10.1109/SP.2018.00022
Google Scholar
Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Yarom, Y. (2018). An-other flip in the wall of Rowhammer defenses. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 245–261). IEEE. https://doi.org/10.1109/SP.2018.00031
DOI: https://doi.org/10.1109/SP.2018.00031
Google Scholar
Gruss, D., Maurice, C., & Mangard, S. (2016). Rowhammer. js: A remote software-induced fault attack in JavaScript. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 300–321). Springer. https://doi.org/10.1007/978-3-319-40667-1_15
DOI: https://doi.org/10.1007/978-3-319-40667-1_15
Google Scholar
Hassan, H., Tugrul, Y. C., Kim, J. S., Van der Veen, V., Razavi, K., & Mutlu, O. (2021). Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1198–1213). https://doi.org/10.1145/3466752.3480110
DOI: https://doi.org/10.1145/3466752.3480110
Google Scholar
Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498–506. https://doi.org/10.1016/j.cose.2006.03.001
DOI: https://doi.org/10.1016/j.cose.2006.03.001
Google Scholar
Industrial control systems threat medley: spyware and malicious scripts on the rise in H1 2021. (2021). Kaspersky. Retrieved April 8, 2022 from https://www.kaspersky.com/about/press-releases/2021_industrial-controlsystems-threat-medley-spyware-and-malicious-scripts-on-the-rise-in-h1-2021
Google Scholar
Jang, Y., Lee, J., Lee, S., & Kim, T. (2017). SGX-Bomb: Locking down the processor via Row-hammer attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (pp. 1–6). https://doi.org/10.1145/3152701.3152709
DOI: https://doi.org/10.1145/3152701.3152709
Google Scholar
Johari, R., Kaur, A., Hashim, M., Rai, P. K., & Gupta, K. (2022). SEVA: Secure E-Voting Application in Cyber Physical System. Cyber-Physical Systems, 8(1), 1–31. https://doi.org/10.1080/23335777.2020.1837250
DOI: https://doi.org/10.1080/23335777.2020.1837250
Google Scholar
Khaitan, S. K., & McCalley, J. D. (2014). Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal, 9(2), 350-365. https://doi.org/10.1109/JSYST.2014.2322503
DOI: https://doi.org/10.1109/JSYST.2014.2322503
Google Scholar
Kim, J. S., Patel, M., Yağlıkçı, A. G., Hassan, H., Azizi, R., Orosa, L., & Mutlu, O. (2020). Revisiting Rowhammer: An experimental analysis of modern dram devices and mitigation techniques. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA) (pp. 638–651). IEEE. https://doi.org/10.1109/ISCA45697.2020.00059
DOI: https://doi.org/10.1109/ISCA45697.2020.00059
Google Scholar
Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News, 42(3), 361–372. https://doi.org/10.1145/2678373.2665726
DOI: https://doi.org/10.1145/2678373.2665726
Google Scholar
Lee, M., & Kwak, J. (2021). Detection Technique of Software-Induced Rowhammer Attacks. CMC-Computers Materials & Continua, 67(1), 349–367.
DOI: https://doi.org/10.32604/cmc.2021.014700
Google Scholar
Lieu Tran, T. B., Törngren, M., Nguyen, H. D., Paulen, R., Gleason, N. W., & Duong, T. H. (2019). Trends in preparing cyber-physical systems engineers. Cyber-Physical Systems, 5(2), 65–91. https://doi.org/10.1080/23335777.2019.1600034
DOI: https://doi.org/10.1080/23335777.2019.1600034
Google Scholar
Lipp, M., Schwarz, M., Raab, L., Lamster, L., Aga, M. T., Maurice, C., & Gruss, D. (2020). Nethammer: Inducing Rowhammer faults through network requests. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 710–719). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00102
DOI: https://doi.org/10.1109/EuroSPW51379.2020.00102
Google Scholar
Loukas, G. (2015). Cyber-physical attacks on industrial control systems. In Cyber-Physical Attacks (pp. 105–144). Elsevier.
DOI: https://doi.org/10.1016/B978-0-12-801290-1.00004-7
Google Scholar
Lu, T., Guo, X., Li, Y., Peng, Y., Zhang, X., Xie, F., & Gao, Y. (2014). Cyberphysical security for industrial control systems based on wireless sensor networks. International Journal of Distributed Sensor Networks, 10(6), 438350. https://doi.org/10.1155/2014/438350
DOI: https://doi.org/10.1155/2014/438350
Google Scholar
Mahmoud, M. S., & Hamdan, M. M. (2019). Improved control of cyber-physical systems subject to cyber and physical attacks. Cyber-Physical Systems, 5(3), 173–190. https://doi.org/10.1080/23335777.2019.1631889
DOI: https://doi.org/10.1080/23335777.2019.1631889
Google Scholar
Mutlu, O. (2015). Main memory scaling: Challenges and solution directions. In More than Moore technologies for next generation computer design (pp. 127–153). Springer. https://doi.org/10.1007/978-1-4939-2163-8_6
DOI: https://doi.org/10.1007/978-1-4939-2163-8_6
Google Scholar
Mutlu, O., & Kim, J. S. (2019). Rowhammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(8), 1555–1571. https://doi.org/10.1109/TCAD.2019.2915318
DOI: https://doi.org/10.1109/TCAD.2019.2915318
Google Scholar
Mutlu, O., & Subramanian, L. (2014). Research problems and opportunities in memory systems. Supercomputing frontiers and innovations, 1(3), 19–55.
DOI: https://doi.org/10.14529/jsfi140302
Google Scholar
Orosa, L., Yaglikci, A. G., Luo, H., Olgun, A., Park, J., Hassan, H., & Mutlu, O. (2021). A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1182–1197). https://doi.org/10.1145/3466752.3480069
DOI: https://doi.org/10.1145/3466752.3480069
Google Scholar
Peng, Y., Wang, Y., Xiang, C., Liu, X., Wen, Z., Chen, D., & Zhang, C. (2015). Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment. In 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) (pp. 322–326). IEEE. https://doi.org/10.1109/IIH-MSP.2015.110
DOI: https://doi.org/10.1109/IIH-MSP.2015.110
Google Scholar
Qiao, R., & Seaborn, M. (2016). A new approach for Rowhammer attacks. In 2016 IEEE international symposium on hardware oriented security and trust (HOST) (pp. 161–166). IEEE. https://doi.org/10.1109/HST.2016.7495576
DOI: https://doi.org/10.1109/HST.2016.7495576
Google Scholar
Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. (2016). Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16) (pp. 1–18). USENIX Association.
Google Scholar
Seaborn, M., & Dullien, T. (2015). Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat, 15, 71.
Google Scholar
Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16–16.
Google Scholar
Tatar, A., Konoth, R. K., Athanasopoulos, E., Giuffrida, C., Bos, H., & Razavi, K. (2018). Throwhammer: Rowhammer attacks over the network and defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (pp. 213–226). USENIX Association.
Google Scholar
Teixeira, M. A., Salman, T., Zolanvari, M., Jain, R., Meskin, N., & Samaka, M. (2018). SCADA system testbed for cybersecurity research using machine learning approach. Future Internet, 10(8), 76. https://doi.org/10.3390/fi10080076
DOI: https://doi.org/10.3390/fi10080076
Google Scholar
Van Der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G.& Giuffrida, C. (2016). Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1675–1689). https://doi.org/10.1145/2976749.2978406
DOI: https://doi.org/10.1145/2976749.2978406
Google Scholar
Yağlikçi, A. G., Patel, M., Kim, J. S., Azizi, R., Olgun, A., Orosa, L., & Mutlu, O. (2021). Blockhammer: Preventing Rowhammer at low cost by blacklisting rapidly-accessed dram rows. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA) (pp. 345–358). IEEE. https://doi.org/10.1109/HPCA51647.2021.00037
DOI: https://doi.org/10.1109/HPCA51647.2021.00037
Google Scholar
Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2013). Taxonomy for description of cross-domain attacks on CPS. In Proceedings of the 2nd ACM international conference on High confidence networked systems (pp. 135-142). ACM Digital Library https://doi.org/10.1145/2461446.2461465
DOI: https://doi.org/10.1145/2461446.2461465
Google Scholar
Zhang, Z., Qi, J., Cheng, Y., Jiang, S., Lin, Y., Gao, Y., & Zou, Y. (2022). A Retrospective and Future-spective of Rowhammer Attacks and Defenses on DRAM. arXiv preprint arXiv:2201.02986. https://doi.org/10.48550/arXiv.2201.02986
Google Scholar
Zimba, A., Wang, Z., & Chen, H. (2018). Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express, 4(1), 14–18. https://doi.org/10.1016/j.icte.2017.12.007
DOI: https://doi.org/10.1016/j.icte.2017.12.007
Google Scholar
Authors
Hakan AYDINhakanaydin@topkapi.edu.tr
Istanbul Topkapı University, Faculty of Engineering, Istanbul Turkey
Authors
Ahmet SERTBAŞIstanbul University-Cerrahpasa, Faculty of Engineering, Istanbul, Turkey
Statistics
Abstract views: 131PDF downloads: 121
License
All articles published in Applied Computer Science are open-access and distributed under the terms of the Creative Commons Attribution 4.0 International License.
Similar Articles
- Hanan M. SHUKUR, Shavan ASKAR, Subhi R.M. ZEEBAREE, THE UTILIZATION OF 6G IN INDUSTRY 4.0 , Applied Computer Science: Vol. 20 No. 2 (2024)
- Raphael Olufemi AKINYEDE, Sulaiman Omolade ADEGBENRO, Babatola Moses OMILODI, A SECURITY MODEL FOR PREVENTING E-COMMERCE RELATED CRIMES , Applied Computer Science: Vol. 16 No. 3 (2020)
- Md. Torikur RAHMAN, Mohammad ALAUDDIN, Uttam Kumar DEY, Dr. A.H.M. Saifullah SADI, ADAPTIVE SECURE AND EFFICIENT ROUTING PROTOCOL FOR ENHANCE THE PERFORMANCE OF MOBILE AD HOC NETWORK , Applied Computer Science: Vol. 19 No. 3 (2023)
- Ziadeddine MAKHLOUF, Abdallah MERAOUMIA , Laimeche LAKHDAR, Mohamed Yassine HAOUAM , ENHANCING MEDICAL DATA SECURITY IN E-HEALTH SYSTEMS USING BIOMETRIC-BASED WATERMARKING , Applied Computer Science: Vol. 20 No. 1 (2024)
- Esraa Alaa MAHAREEK, Doaa Rizk FATHY, Eman Karm ELSAYED, Nahed ELDESOUKY, Kamal Abdelraouf ELDAHSHAN, VIOLENCE PREDICTION IN SURVEILLANCE VIDEOS , Applied Computer Science: Vol. 20 No. 3 (2024)
- Monika KULISZ, Aigerim DUISENBEKOVA, Justyna KUJAWSKA, Danira KALDYBAYEVA, Bibigul ISSAYEVA, Piotr LICHOGRAJ, Wojciech CEL, IMPLICATIONS OF NEURAL NETWORK AS A DECISION-MAKING TOOL IN MANAGING KAZAKHSTAN’S AGRICULTURAL ECONOMY , Applied Computer Science: Vol. 19 No. 4 (2023)
- Eduardo Sánchez-García, Javier Martínez-Falcó, Bartolomé Marco-Lajara, Jolanta Słoniec, ANALYZING THE ROLE OF COMPUTER SCIENCE IN SHAPING MODERN ECONOMIC AND MANAGEMENT PRACTICES. BIBLIOMETRIC ANALYSIS , Applied Computer Science: Vol. 20 No. 1 (2024)
- Katarzyna BARAN, APPLICATION OF THERMAL IMAGING CAMERAS FOR SMARTPHONE: SEEK THERMAL COMPACT PRO AND FLIR ONE PRO FOR HUMAN STRESS DETECTION – COMPARISON AND STUDY , Applied Computer Science: Vol. 20 No. 1 (2024)
- Sahar ZAMANI KHANGHAH, Keivan MAGHOOLI, EMOTION RECOGNITION FROM HEART RATE VARIABILITY WITH A HYBRID SYSTEM COMBINED HIDDEN MARKOV MODEL AND POINCARE PLOT , Applied Computer Science: Vol. 20 No. 1 (2024)
- Shadan Mohammed Jihad ABDALWAHID, Raghad Zuhair YOUSIF, Shahab Wahhab KAREEM, ENHANCING APPROACH USING HYBRID PAILLER AND RSA FOR INFORMATION SECURITY IN BIGDATA , Applied Computer Science: Vol. 15 No. 4 (2019)
You may also start an advanced similarity search for this article.