CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY

Hakan AYDIN

hakanaydin@topkapi.edu.tr
Istanbul Topkapı University, Faculty of Engineering, Istanbul (Turkey)

Ahmet SERTBAŞ


Istanbul University-Cerrahpasa, Faculty of Engineering, Istanbul, (Turkey)

Abstract

Increasing dependence on Information and Communication Technologies (ICT) and especially on the Internet in Industrial Control Systems (ICS) has made these systems the primary target of cyber-attacks. As ICS are extensively used in Critical Infrastructures (CI), this makes CI more vulnerable to cyber-attacks and their protection becomes an important issue. On the other hand, cyberattacks can exploit not only software but also physics; that is, they can target the fundamental physical aspects of computation. The newly discovered RowHammer (RH) fault injection attack is a serious vulnerability targeting hardware on reliability and security of DRAM (Dynamic Random Access Memory). Studies on this vulnerability issue raise serious security concerns.  The purpose of this study was to overview the RH phenomenon in DRAMs and its possible security risks on ICSs and to discuss a few possible realistic RH attack scenarios for ICSs. The results of the study revealed that RH is a serious security threat to any computer-based system having DRAMs, and this also applies to ICS.


Keywords:

RowHammer, Cyber Security, DRAM

Ackerman, P. (2017). Industrial Cybersecurity: Efficiently secure critical infrastructure systems. Packt Publishing Ltd.
  Google Scholar

Aga, M. T., Aweke, Z. B., & Austin, T. (2017). When good protections go bad: Exploiting anti-DoS measures to accelerate Rowhammer attacks. In 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) (pp. 8–13). IEEE. https://doi.org/10.1109/HST.2017.7951730
DOI: https://doi.org/10.1109/HST.2017.7951730   Google Scholar

Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security is-sues. Computers in Industry, 100, 212-223. https://doi.org/10.1016/j.compind.2018.04.017
DOI: https://doi.org/10.1016/j.compind.2018.04.017   Google Scholar

Aweke, Z. B., Yitbarek, S. F., Qiao, R., Das, R., Hicks, M., Oren, Y., & Austin, T. (2016). ANVIL: Soft-warebased protection against next-generation Rowhammer attacks. ACM SIGPLAN Notices, 51(4), 743–755. https://doi.org/10.1145/2954679.2872390
DOI: https://doi.org/10.1145/2954679.2872390   Google Scholar

Barenghi, A., Breveglieri, L., Izzo, N., & Pelosi, G. (2018). Software-only reverse engineering of physical DRAM mappings for RowHammer attacks. In 2018 IEEE 3rd International Verification and Security Workshop (IVSW) (pp. 19–24). IEEE. https://doi.org/10.1109/IVSW.2018.8494868
DOI: https://doi.org/10.1109/IVSW.2018.8494868   Google Scholar

Barrère, M., Hankin, C., Nicolaou, N., Eliades, D. G., & Parisini, T. (2020). Measuring cyber-physical security in industrial control systems via minimum-effort attack strategies. Journal of information security and applications, 52, 102471. https://doi.org/10.1016/j.jisa.2020.102471
DOI: https://doi.org/10.1016/j.jisa.2020.102471   Google Scholar

Bhattacharya, S., & Mukhopadhyay, D. (2018). Advanced fault attacks in software: Exploiting the RowHammer bug. In Fault Tolerant Architectures for Cryptography and Hardware Security (pp. 111–135). Springer. https://doi.org/10.1007/978-981-10-1387-4_6
DOI: https://doi.org/10.1007/978-981-10-1387-4_6   Google Scholar

Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. (2016). Dedup est machina: Memory deduplication as an advanced exploitation vector. In 2016 IEEE symposium on security and privacy (SP) (pp. 987–1004). IEEE. https://doi.org/10.1109/SP.2016.63
DOI: https://doi.org/10.1109/SP.2016.63   Google Scholar

Carvajal, J. H., Rojas, O. A., & Chacón, E. (2018). Cyber-physical system for industrial control automation based on the holonic approach and the IEC 61499 standard. In 2018 Forum on Specification & Design Languages (FDL) (pp. 5–16). IEEE. https://doi.org/10.1109/FDL.2018.8524082
DOI: https://doi.org/10.1109/FDL.2018.8524082   Google Scholar

Chekole, E. G., Castellanos, J. H., Ochoa, M., & Yau, D. K. (2017). Enforcing memory safety in cyber-physical systems. In Computer security (pp. 127–144). Springer. https://doi.org/10.1007/978-3-319-72817-9_18
DOI: https://doi.org/10.1007/978-3-319-72817-9_9   Google Scholar

Cojocar, L., Kim, J., Patel, M., Tsai, L., Saroiu, S., Wolman, A., & Mutlu, O. (2020). Are we susceptible to Rowhammer? An end-to-end methodology for cloud providers. In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 712–728). IEEE. https://doi.org/10.1109/SP40000.2020.00085
DOI: https://doi.org/10.1109/SP40000.2020.00085   Google Scholar

Ding, D., Han, Q. L., Xiang, Y., Ge, X., & Zhang, X. M. (2018). A survey on security control and attack detection for industrial cyber-physical systems. Neurocomputing, 275, 1674–1683. https://doi.org/10.1016/j.neucom.2017.10.009
DOI: https://doi.org/10.1016/j.neucom.2017.10.009   Google Scholar

Farmani, M., Tehranipoor, M., & Rahman, F. (2021). RHAT: Efficient RowHammer-Aware Test for Modern DRAM Modules. In 2021 IEEE European Test Symposium (ETS) (pp. 1–6). IEEE. https://doi.org/10.1109/ETS50041.2021.9465436
DOI: https://doi.org/10.1109/ETS50041.2021.9465436   Google Scholar

Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., & Sezer, S. (2017). STPA-SafeSec: Safety and security analysis for cyber-physical systems. Journal of information security and applications, 34, 183–196. https://doi.org/10.1016/j.jisa.2016.05.008
DOI: https://doi.org/10.1016/j.jisa.2016.05.008   Google Scholar

Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. (2018). Grand pawning unit: Accelerating microarchitectural attacks with the GPU. In 2018 IEEE Symposium on Security and Privacy (sp) (pp. 195–210). IEEE. https://doi.org/10.1109/SP.2018.00022
DOI: https://doi.org/10.1109/SP.2018.00022   Google Scholar

Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Yarom, Y. (2018). An-other flip in the wall of Rowhammer defenses. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 245–261). IEEE. https://doi.org/10.1109/SP.2018.00031
DOI: https://doi.org/10.1109/SP.2018.00031   Google Scholar

Gruss, D., Maurice, C., & Mangard, S. (2016). Rowhammer. js: A remote software-induced fault attack in JavaScript. In International conference on detection of intrusions and malware, and vulnerability assessment (pp. 300–321). Springer. https://doi.org/10.1007/978-3-319-40667-1_15
DOI: https://doi.org/10.1007/978-3-319-40667-1_15   Google Scholar

Hassan, H., Tugrul, Y. C., Kim, J. S., Van der Veen, V., Razavi, K., & Mutlu, O. (2021). Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1198–1213). https://doi.org/10.1145/3466752.3480110
DOI: https://doi.org/10.1145/3466752.3480110   Google Scholar

Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498–506. https://doi.org/10.1016/j.cose.2006.03.001
DOI: https://doi.org/10.1016/j.cose.2006.03.001   Google Scholar

Industrial control systems threat medley: spyware and malicious scripts on the rise in H1 2021. (2021). Kaspersky. Retrieved April 8, 2022 from https://www.kaspersky.com/about/press-releases/2021_industrial-controlsystems-threat-medley-spyware-and-malicious-scripts-on-the-rise-in-h1-2021
  Google Scholar

Jang, Y., Lee, J., Lee, S., & Kim, T. (2017). SGX-Bomb: Locking down the processor via Row-hammer attack. In Proceedings of the 2nd Workshop on System Software for Trusted Execution (pp. 1–6). https://doi.org/10.1145/3152701.3152709
DOI: https://doi.org/10.1145/3152701.3152709   Google Scholar

Johari, R., Kaur, A., Hashim, M., Rai, P. K., & Gupta, K. (2022). SEVA: Secure E-Voting Application in Cyber Physical System. Cyber-Physical Systems, 8(1), 1–31. https://doi.org/10.1080/23335777.2020.1837250
DOI: https://doi.org/10.1080/23335777.2020.1837250   Google Scholar

Khaitan, S. K., & McCalley, J. D. (2014). Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal, 9(2), 350-365. https://doi.org/10.1109/JSYST.2014.2322503
DOI: https://doi.org/10.1109/JSYST.2014.2322503   Google Scholar

Kim, J. S., Patel, M., Yağlıkçı, A. G., Hassan, H., Azizi, R., Orosa, L., & Mutlu, O. (2020). Revisiting Rowhammer: An experimental analysis of modern dram devices and mitigation techniques. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA) (pp. 638–651). IEEE. https://doi.org/10.1109/ISCA45697.2020.00059
DOI: https://doi.org/10.1109/ISCA45697.2020.00059   Google Scholar

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News, 42(3), 361–372. https://doi.org/10.1145/2678373.2665726
DOI: https://doi.org/10.1145/2678373.2665726   Google Scholar

Lee, M., & Kwak, J. (2021). Detection Technique of Software-Induced Rowhammer Attacks. CMC-Computers Materials & Continua, 67(1), 349–367.
DOI: https://doi.org/10.32604/cmc.2021.014700   Google Scholar

Lieu Tran, T. B., Törngren, M., Nguyen, H. D., Paulen, R., Gleason, N. W., & Duong, T. H. (2019). Trends in preparing cyber-physical systems engineers. Cyber-Physical Systems, 5(2), 65–91. https://doi.org/10.1080/23335777.2019.1600034
DOI: https://doi.org/10.1080/23335777.2019.1600034   Google Scholar

Lipp, M., Schwarz, M., Raab, L., Lamster, L., Aga, M. T., Maurice, C., & Gruss, D. (2020). Nethammer: Inducing Rowhammer faults through network requests. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 710–719). IEEE. https://doi.org/10.1109/EuroSPW51379.2020.00102
DOI: https://doi.org/10.1109/EuroSPW51379.2020.00102   Google Scholar

Loukas, G. (2015). Cyber-physical attacks on industrial control systems. In Cyber-Physical Attacks (pp. 105–144). Elsevier.
DOI: https://doi.org/10.1016/B978-0-12-801290-1.00004-7   Google Scholar

Lu, T., Guo, X., Li, Y., Peng, Y., Zhang, X., Xie, F., & Gao, Y. (2014). Cyberphysical security for industrial control systems based on wireless sensor networks. International Journal of Distributed Sensor Networks, 10(6), 438350. https://doi.org/10.1155/2014/438350
DOI: https://doi.org/10.1155/2014/438350   Google Scholar

Mahmoud, M. S., & Hamdan, M. M. (2019). Improved control of cyber-physical systems subject to cyber and physical attacks. Cyber-Physical Systems, 5(3), 173–190. https://doi.org/10.1080/23335777.2019.1631889
DOI: https://doi.org/10.1080/23335777.2019.1631889   Google Scholar

Mutlu, O. (2015). Main memory scaling: Challenges and solution directions. In More than Moore technologies for next generation computer design (pp. 127–153). Springer. https://doi.org/10.1007/978-1-4939-2163-8_6
DOI: https://doi.org/10.1007/978-1-4939-2163-8_6   Google Scholar

Mutlu, O., & Kim, J. S. (2019). Rowhammer: A retrospective. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(8), 1555–1571. https://doi.org/10.1109/TCAD.2019.2915318
DOI: https://doi.org/10.1109/TCAD.2019.2915318   Google Scholar

Mutlu, O., & Subramanian, L. (2014). Research problems and opportunities in memory systems. Supercomputing frontiers and innovations, 1(3), 19–55.
DOI: https://doi.org/10.14529/jsfi140302   Google Scholar

Orosa, L., Yaglikci, A. G., Luo, H., Olgun, A., Park, J., Hassan, H., & Mutlu, O. (2021). A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture (pp. 1182–1197). https://doi.org/10.1145/3466752.3480069
DOI: https://doi.org/10.1145/3466752.3480069   Google Scholar

Peng, Y., Wang, Y., Xiang, C., Liu, X., Wen, Z., Chen, D., & Zhang, C. (2015). Cyber-physical attack-oriented Industrial Control Systems (ICS) modeling, analysis and experiment environment. In 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP) (pp. 322–326). IEEE. https://doi.org/10.1109/IIH-MSP.2015.110
DOI: https://doi.org/10.1109/IIH-MSP.2015.110   Google Scholar

Qiao, R., & Seaborn, M. (2016). A new approach for Rowhammer attacks. In 2016 IEEE international symposium on hardware oriented security and trust (HOST) (pp. 161–166). IEEE. https://doi.org/10.1109/HST.2016.7495576
DOI: https://doi.org/10.1109/HST.2016.7495576   Google Scholar

Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. (2016). Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16) (pp. 1–18). USENIX Association.
  Google Scholar

Seaborn, M., & Dullien, T. (2015). Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat, 15, 71.
  Google Scholar

Stouffer, K., Falco, J., & Scarfone, K. (2011). Guide to industrial control systems (ICS) security. NIST special publication, 800(82), 16–16.
  Google Scholar

Tatar, A., Konoth, R. K., Athanasopoulos, E., Giuffrida, C., Bos, H., & Razavi, K. (2018). Throwhammer: Rowhammer attacks over the network and defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18) (pp. 213–226). USENIX Association.
  Google Scholar

Teixeira, M. A., Salman, T., Zolanvari, M., Jain, R., Meskin, N., & Samaka, M. (2018). SCADA system testbed for cybersecurity research using machine learning approach. Future Internet, 10(8), 76. https://doi.org/10.3390/fi10080076
DOI: https://doi.org/10.3390/fi10080076   Google Scholar

Van Der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G.& Giuffrida, C. (2016). Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security (pp. 1675–1689). https://doi.org/10.1145/2976749.2978406
DOI: https://doi.org/10.1145/2976749.2978406   Google Scholar

Yağlikçi, A. G., Patel, M., Kim, J. S., Azizi, R., Olgun, A., Orosa, L., & Mutlu, O. (2021). Blockhammer: Preventing Rowhammer at low cost by blacklisting rapidly-accessed dram rows. In 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA) (pp. 345–358). IEEE. https://doi.org/10.1109/HPCA51647.2021.00037
DOI: https://doi.org/10.1109/HPCA51647.2021.00037   Google Scholar

Yampolskiy, M., Horvath, P., Koutsoukos, X. D., Xue, Y., & Sztipanovits, J. (2013). Taxonomy for description of cross-domain attacks on CPS. In Proceedings of the 2nd ACM international conference on High confidence networked systems (pp. 135-142). ACM Digital Library https://doi.org/10.1145/2461446.2461465
DOI: https://doi.org/10.1145/2461446.2461465   Google Scholar

Zhang, Z., Qi, J., Cheng, Y., Jiang, S., Lin, Y., Gao, Y., & Zou, Y. (2022). A Retrospective and Future-spective of Rowhammer Attacks and Defenses on DRAM. arXiv preprint arXiv:2201.02986. https://doi.org/10.48550/arXiv.2201.02986
  Google Scholar

Zimba, A., Wang, Z., & Chen, H. (2018). Multi-stage crypto ransomware attacks: A new emerging cyber threat to critical infrastructure and industrial control systems. ICT Express, 4(1), 14–18. https://doi.org/10.1016/j.icte.2017.12.007
DOI: https://doi.org/10.1016/j.icte.2017.12.007   Google Scholar

Download


Published
2022-06-30

Cited by

AYDIN, H. ., & SERTBAŞ, A. . (2022). CYBER SECURITY IN INDUSTRIAL CONTROL SYSTEMS (ICS): A SURVEY OF ROWHAMMER VULNERABILITY. Applied Computer Science, 18(2), 86–100. https://doi.org/10.35784/acs-2022-15

Authors

Hakan AYDIN 
hakanaydin@topkapi.edu.tr
Istanbul Topkapı University, Faculty of Engineering, Istanbul Turkey

Authors

Ahmet SERTBAŞ 

Istanbul University-Cerrahpasa, Faculty of Engineering, Istanbul, Turkey

Statistics

Abstract views: 123
PDF downloads: 116


License

All articles published in Applied Computer Science are open-access and distributed under the terms of the Creative Commons Attribution 4.0 International License.