CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY

Hakan  AYDIN; Ahmet  SERTBAŞ

doi:10.35784/acs-2022-15

CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY

Article Sidebar

Open full text

pdf

Published: Jun 30, 2022

DOI: https://doi.org/10.35784/acs-2022-15

Main Article Content

DOI

https://doi.org/10.35784/acs-2022-15

Authors

Hakan AYDIN

hakanaydin@topkapi.edu.tr

Istanbul Topkapı University, Faculty of Engineering, Istanbul

Ahmet SERTBAŞ

asertbas@iuc.edu.tr

Istanbul University-Cerrahpasa, Faculty of Engineering, Istanbul,

Abstract

Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns. The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS.

Keywords:

RowHammer, Cyber Security, DRAM

References

Ackerman, P. (2017). Industrial Cybersecurity: Efficiently secure critical infrastructure systems. Packt Publishing Ltd.

Aga, M. T., Aweke, Z. B., & Austin, T. (2017). When good protections go bad: Exploiting anti-DoS measures to accelerate Rowhammer attacks. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (pp. 8–13). IEEE. https://doi.org/10.1109/HST.2017.7951730 DOI: https://doi.org/10.1109/HST.2017.7951730

Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security is-sues. Computers in Industry, 100, 212-223. https://doi.org/10.1016/j.compind.2018.04.017 DOI: https://doi.org/10.1016/j.compind.2018.04.017

Aweke, Z. B., Yitbarek, S. F., Qiao, R., Das, R., Hicks, M., Oren, Y., & Austin, T. (2016). ANVIL: Soft-warebased protection against next-generation Rowhammer attacks. ACM SIGPLAN Notices, 51(4), 743–755. https://doi.org/10.1145/2954679.2872390 DOI: https://doi.org/10.1145/2954679.2872390

Barenghi, A., Breveglieri, L., Izzo, N., & Pelosi, G. (2018). Software-only reverse engineering of physical DRAM mappings for RowHammer attacks. In 2018 IEEE 3rd International Verification and Security Workshop (IVSW) (pp. 19–24). IEEE. https://doi.org/10.1109/IVSW.2018.8494868 DOI: https://doi.org/10.1109/IVSW.2018.8494868

Barrère, M., Hankin, C., Nicolaou, N., Eliades, D. G., & Parisini, T. (2020). Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. Journal of information security and applications, 52, 102471. https://doi.org/10.1016/j.jisa.2020.102471 DOI: https://doi.org/10.1016/j.jisa.2020.102471

Bhattacharya, S., & Mukhopadhyay, D. (2018). Advanced fault attacks in software: Exploiting the RowHammer bug. In Fault Tolerant Architectures for Cryptography and Hardware Security (pp. 111–135). Springer. https://doi.org/10.1007/978-981-10-1387-4_6 DOI: https://doi.org/10.1007/978-981-10-1387-4_6

Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). IEEE. https://doi.org/10.1109/SP.2016.63 DOI: https://doi.org/10.1109/SP.2016.63

Carvajal, J. H., Rojas, O. A., & Chacón, E. (2018). Cyber-physical system for industrial control automation based on the holonic approach and the IEC 61499 standard. In 2018 Forum on Specification & Design Languages (FDL) (pp. 5–16). IEEE. https://doi.org/10.1109/FDL.2018.8524082 DOI: https://doi.org/10.1109/FDL.2018.8524082

Chekole, E. G., Castellanos, J. H., Ochoa, M., & Yau, D. K. (2017). Enforcing memory safety in cyber-physical systems. In Computer security (pp. 127–144). Springer. https://doi.org/10.1007/978-3-319-72817-9_18 DOI: https://doi.org/10.1007/978-3-319-72817-9_9

Cojocar, L., Kim, J., Patel, M., Tsai, L., Saroiu, S., Wolman, A., & Mutlu, O. (2020). Are we susceptible to Rowhammer? An end-to-end methodology for cloud providers. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 712–728). IEEE. https://doi.org/10.1109/SP40000.2020.00085 DOI: https://doi.org/10.1109/SP40000.2020.00085

Ding, D., Han, Q. L., Xiang, Y., Ge, X., & Zhang, X. M. (2018). A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, 275, 1674–1683. https://doi.org/10.1016/j.neucom.2017.10.009 DOI: https://doi.org/10.1016/j.neucom.2017.10.009

Farmani, M., Tehranipoor, M., & Rahman, F. (2021). RHAT: Efficient RowHammer-Aware Test for Modern DRAM Modules. In 2021 IEEE European Test Symposium (ETS) (pp. 1–6). IEEE. https://doi.org/10.1109/ETS50041.2021.9465436 DOI: https://doi.org/10.1109/ETS50041.2021.9465436

Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., & Sezer, S. (2017). STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of information security and applications, 34, 183–196. https://doi.org/10.1016/j.jisa.2016.05.008 DOI: https://doi.org/10.1016/j.jisa.2016.05.008

Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pawning unit: Accelerating microarchitectural attacks with the GPU. In 2018 IEEE Symposium on Security and Privacy (sp) (pp. 195–210). IEEE. https://doi.org/10.1109/SP.2018.00022 DOI: https://doi.org/10.1109/SP.2018.00022

Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Yarom, Y. (2018). An-other flip in the wall of Rowhammer defenses. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 245–261). IEEE. https://doi.org/10.1109/SP.2018.00031 DOI: https://doi.org/10.1109/SP.2018.00031

Gruss, D., Maurice, C., & Mangard, S. (2016). Rowhammer. js: A remote software-induced fault attack in JavaScript. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 300–321). Springer. https://doi.org/10.1007/978-3-319-40667-1_15 DOI: https://doi.org/10.1007/978-3-319-40667-1_15

Hassan, H., Tugrul, Y. C., Kim, J. S., Van der Veen, V., Razavi, K., & Mutlu, O. (2021). Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1198–1213). https://doi.org/10.1145/3466752.3480110 DOI: https://doi.org/10.1145/3466752.3480110

Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498–506. https://doi.org/10.1016/j.cose.2006.03.001 DOI: https://doi.org/10.1016/j.cose.2006.03.001

Industrial control systems threat medley: spyware and malicious scripts on the rise in H1 2021. (2021). Kaspersky. Retrieved April 8, 2022 from https://www.kaspersky.com/about/press-releases/2021_industrial-controlsystems-threat-medley-spyware-and-malicious-scripts-on-the-rise-in-h1-2021

Jang, Y., Lee, J., Lee, S., & Kim, T. (2017). SGX-Bomb: Locking down the processor via Row-hammer attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (pp. 1–6). https://doi.org/10.1145/3152701.3152709 DOI: https://doi.org/10.1145/3152701.3152709

Johari, R., Kaur, A., Hashim, M., Rai, P. K., & Gupta, K. (2022). SEVA: Secure E-Voting Application in Cyber Physical System. Cyber-Physical Systems, 8(1), 1–31. https://doi.org/10.1080/23335777.2020.1837250 DOI: https://doi.org/10.1080/23335777.2020.1837250

Khaitan, S. K., & McCalley, J. D. (2014). Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal, 9(2), 350-365. https://doi.org/10.1109/JSYST.2014.2322503 DOI: https://doi.org/10.1109/JSYST.2014.2322503

Kim, J. S., Patel, M., Yağlıkçı, A. G., Hassan, H., Azizi, R., Orosa, L., & Mutlu, O. (2020). Revisiting Rowhammer: An experimental analysis of modern dram devices and mitigation techniques. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA) (pp. 638–651). IEEE. https://doi.org/10.1109/ISCA45697.2020.00059 DOI: https://doi.org/10.1109/ISCA45697.2020.00059

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News, 42(3), 361–372. https://doi.org/10.1145/2678373.2665726 DOI: https://doi.org/10.1145/2678373.2665726

Lee, M., & Kwak, J. (2021). Detection Technique of Software-Induced Rowhammer Attacks. CMC-Computers Materials & Continua, 67(1), 349–367. DOI: https://doi.org/10.32604/cmc.2021.014700

Lieu Tran, T. B., Törngren, M., Nguyen, H. D., Paulen, R., Gleason, N. W., & Duong, T. H. (2019). Trends in preparing cyber-physical systems engineers. Cyber-Physical Systems, 5(2), 65–91. https://doi.org/10.1080/23335777.2019.1600034 DOI: https://doi.org/10.1080/23335777.2019.1600034

Lipp, M., Schwarz, M., Raab, L., Lamster, L., Aga, M. T., Maurice, C., & Gruss, D. (2020). Nethammer: Inducing Rowhammer faults through network requests. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 710–719). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00102 DOI: https://doi.org/10.1109/EuroSPW51379.2020.00102

Loukas, G. (2015). Cyber-physical attacks on industrial control systems. In Cyber-Physical Attacks (pp. 105–144). Elsevier. DOI: https://doi.org/10.1016/B978-0-12-801290-1.00004-7

Lu, T., Guo, X., Li, Y., Peng, Y., Zhang, X., Xie, F., & Gao, Y. (2014). Cyberphysical security for industrial control systems based on wireless sensor networks. International Journal of Distributed Sensor Networks, 10(6), 438350. https://doi.org/10.1155/2014/438350 DOI: https://doi.org/10.1155/2014/438350

Mahmoud, M. S., & Hamdan, M. M. (2019). Improved control of cyber-physical systems subject to cyber and physical attacks. Cyber-Physical Systems, 5(3), 173–190. https://doi.org/10.1080/23335777.2019.1631889 DOI: https://doi.org/10.1080/23335777.2019.1631889

Mutlu, O. (2015). Main memory scaling: Challenges and solution directions. In More than Moore technologies for next generation computer design (pp. 127–153). Springer. https://doi.org/10.1007/978-1-4939-2163-8_6 DOI: https://doi.org/10.1007/978-1-4939-2163-8_6

Mutlu, O., & Kim, J. S. (2019). Rowhammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(8), 1555–1571. https://doi.org/10.1109/TCAD.2019.2915318 DOI: https://doi.org/10.1109/TCAD.2019.2915318

Mutlu, O., & Subramanian, L. (2014). Research problems and opportunities in memory systems. Supercomputing frontiers and innovations, 1(3), 19–55. DOI: https://doi.org/10.14529/jsfi140302

Orosa, L., Yaglikci, A. G., Luo, H., Olgun, A., Park, J., Hassan, H., & Mutlu, O. (2021). A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1182–1197). https://doi.org/10.1145/3466752.3480069 DOI: https://doi.org/10.1145/3466752.3480069

Peng, Y., Wang, Y., Xiang, C., Liu, X., Wen, Z., Chen, D., & Zhang, C. (2015). Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment. In 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) (pp. 322–326). IEEE. https://doi.org/10.1109/IIH-MSP.2015.110 DOI: https://doi.org/10.1109/IIH-MSP.2015.110

Qiao, R., & Seaborn, M. (2016). A new approach for Rowhammer attacks. In 2016 IEEE international symposium on hardware oriented security and trust (HOST) (pp. 161–166). IEEE. https://doi.org/10.1109/HST.2016.7495576 DOI: https://doi.org/10.1109/HST.2016.7495576

Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. (2016). Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16) (pp. 1–18). USENIX Association.

Seaborn, M., & Dullien, T. (2015). Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat, 15, 71.

Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16–16.

Tatar, A., Konoth, R. K., Athanasopoulos, E., Giuffrida, C., Bos, H., & Razavi, K. (2018). Throwhammer: Rowhammer attacks over the network and defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (pp. 213–226). USENIX Association.

Teixeira, M. A., Salman, T., Zolanvari, M., Jain, R., Meskin, N., & Samaka, M. (2018). SCADA system testbed for cybersecurity research using machine learning approach. Future Internet, 10(8), 76. https://doi.org/10.3390/fi10080076 DOI: https://doi.org/10.3390/fi10080076

Van Der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G.& Giuffrida, C. (2016). Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1675–1689). https://doi.org/10.1145/2976749.2978406 DOI: https://doi.org/10.1145/2976749.2978406

Yağlikçi, A. G., Patel, M., Kim, J. S., Azizi, R., Olgun, A., Orosa, L., & Mutlu, O. (2021). Blockhammer: Preventing Rowhammer at low cost by blacklisting rapidly-accessed dram rows. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA) (pp. 345–358). IEEE. https://doi.org/10.1109/HPCA51647.2021.00037 DOI: https://doi.org/10.1109/HPCA51647.2021.00037

Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2013). Taxonomy for description of cross-domain attacks on CPS. In Proceedings of the 2nd ACM international conference on High confidence networked systems (pp. 135-142). ACM Digital Library https://doi.org/10.1145/2461446.2461465 DOI: https://doi.org/10.1145/2461446.2461465

Zhang, Z., Qi, J., Cheng, Y., Jiang, S., Lin, Y., Gao, Y., & Zou, Y. (2022). A Retrospective and Future-spective of Rowhammer Attacks and Defenses on DRAM. arXiv preprint arXiv:2201.02986. https://doi.org/10.48550/arXiv.2201.02986

Zimba, A., Wang, Z., & Chen, H. (2018). Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express, 4(1), 14–18. https://doi.org/10.1016/j.icte.2017.12.007 DOI: https://doi.org/10.1016/j.icte.2017.12.007

Article Details

AYDIN, H. ., & SERTBAŞ, A. . (2022). CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY. Applied Computer Science, 18(2), 86–100. https://doi.org/10.35784/acs-2022-15

ACM
ACS
APA
ABNT
Chicago
Harvard
IEEE
MLA
Turabian
Vancouver

Endnote/Zotero/Mendeley (RIS)
BibTeX

Abstract views: 155

License

All articles published in Applied Computer Science are open-access and distributed under the terms of the Creative Commons Attribution 4.0 International License.