Introduction
The concept of Rowhammer has drawn attention to the potential for non-physical hardware-based attacks. Recently, Cai et al. proposed that similar vulnerabilities might exist in MLC NAND flash-based SSDs, raising concerns about their security. In this article, we explore the conditions required for a system-wide privilege escalation attack on SSDs and demonstrate how file system-based attacks can be executed. We also highlight the importance of designing operating systems with these threats in mind.
Foreword
When developing software, hardware is often abstracted away, and security mechanisms like resource isolation are assumed. This means that modern software development rarely requires deep knowledge of the underlying hardware. However, the Rowhammer vulnerability has brought attention to the hidden flaws in hardware design, particularly in memory management. Recent research has shown that such vulnerabilities can be exploited through JavaScript to achieve privilege escalation or even damage virtual machines.
While DRAM is a common target, sensitive data is also stored in persistent storage, such as flash memory used in SSDs. Flash memory has largely replaced traditional hard drives, making it an important part of modern computing systems. Although Cai et al. suggested that a Rowhammer-like attack could occur on SSDs, no actual attack had been demonstrated until now. Our research explores the feasibility of such an attack from a system-level perspective.
We found that, although challenging, it is possible to exploit flash weaknesses to gain local privileges under realistic assumptions about flash device behavior and file system usage. Our attack was not "full system" because it only targeted the file system level, but we also discuss how such an attack could potentially extend to a broader system-wide breach. Future work will focus on demonstrating such attacks in more comprehensive scenarios.
More precisely, we use existing reliability mechanisms in SSDs, including ECC (Error Correction Code), to show that the attack primitives derived from MLC NAND flash defects are coarse-grained. Unlike Rowhammer, where a single bit can be flipped, attackers in this case can only corrupt an entire block. However, this weaker primitive still allows for effective privilege escalation, providing more control than just flipping a single bit.
Model: We assume that the attacked system uses an MLC NAND flash-based SSD and that the attacker does not have root access. This gives the attacker controlled write access to the file system, such as through a non-privileged user login shell. Physical access to the system is not considered in our analysis.
Contribution: The main contributions of this paper include:
(1) For the first time, we detail a complete, flash-based defect exploitation method that leads to local privilege escalation.
(2) We implemented and demonstrated this attack at the file system level.
(3) We analyze the generalization and limitations of the attack.
Background introduction
2.1 Hardware-based attacks
Table 1 classifies hardware-based attacks into two main categories: physical and non-physical. Physical attacks require direct access to the system’s hardware, such as reading voltage levels or scraping silicon chips. Non-physical attacks, on the other hand, exploit hardware without requiring direct access, making them potentially more dangerous. Examples include timing bypass attacks in cloud environments.
Attacks can also be categorized based on whether they compromise confidentiality or integrity. Confidentiality attacks involve reading data, while integrity attacks involve modifying or destroying it. Rowhammer, for instance, exploits memory write primitives to escalate privileges. The attacks discussed in this article fall into the category of non-physical hardware integrity attacks.
2.2 Flash memory defects
MLC NAND flash memory suffers from several reliability issues, including repetitive program/erase cycles, inter-cell interference (CCI), and threshold voltage instability. These defects can lead to bit errors and data corruption. For example, CCI occurs when programming one page affects adjacent cells, causing unintended changes in their state.
2.3 Flash reliability methods
To improve reliability, flash controllers use scrambling and ECC. Scrambling reduces error-prone bit patterns, while ECC adds redundant bits to correct errors. These mechanisms help protect data against the inherent flaws of flash memory.
System-wide attack
A system-wide attack exploiting flash defects involves multiple layers, from the flash chip itself to the operating system. At the lowest level, inter-cell interference poses a threat. Flash controllers implement scrambling and ECC to mitigate errors, while SSD controllers manage wear leveling and block placement. Operating systems handle file system caching and error detection, which can introduce vulnerabilities if not properly managed.
The main challenge lies in finding a file system-based attack vector that leverages the weak attack primitive. By corrupting the file system’s data structures, an attacker can create new files that increase their privileges. For example, creating a SUID-root binary file can allow unauthorized access to the system.
3.1 Attack primitives
The presence of ECC in the system determines the best scenario for an attacker. Ideally, the attacker would cause uncontrolled random modifications to the flash page. Depending on the decoding method, three outcomes may occur: successful decoding, detected failure, or undetected failure. Only undetected failures allow for true data corruption, which is what the attacker aims for.
The attack primitives range from precise bit flips to full block corruption. Due to strong ECC protection, only the weakest form—undetected block corruption—is feasible. This means the attacker cannot control the exact bit changes, but they can still cause significant damage.
3.2 Test Platform
Our test platform includes a PCIe flash development board with FPGA and DRAM, a general-purpose CPU, and an MLC NAND flash chip. All flash operations, including data scrambling and ECC, are implemented in the FPGA. The FTL runs on both the FPGA and CPU, and the board connects to an x86-64 server running RHEL 6.7. This setup allows us to simulate real-world conditions and verify our findings.
File system layer attack
To successfully execute an attack, certain constraints must be met. First, the corrupted block should not trigger a fatal file system error. Second, the target block should be frequently written to increase the chances of success. Third, the corruption should create viable conditions for the attack. Finally, the cache must be refreshed to ensure the operating system accesses the corrupted data.
4.1 Environment Construction
We implemented the attack using the ext3 file system and tested it under default installation settings. The file system does not need to be the root file system, but we explored how these assumptions could be relaxed in future work.
4.2 Attack
We focused on the indirect block as the attack target. In ext3, an indirect block contains pointers to data blocks. If this block is corrupted, it can point to critical parts of the file system, such as the inode table or root files. An attacker can then manipulate these pointers to create a SUID-root shell, gaining elevated privileges.
4.3 Exploring the details
Several practical challenges arise during the attack. For example, the attacker needs to know the location of a root shell, which can be done by examining the inode table. They also need to verify whether the corruption was successful and ensure that the cache is refreshed to force the system to read the modified data.
4.4 Improved attack using double indirect blocks
A more advanced version of the attack targets the double indirect block, which points to multiple indirect blocks. This provides greater flexibility, allowing the attacker to control the entire file system. With a large file, the probability of success increases significantly.
Discussion
5.1 Other file systems
While the attack described in this paper works on file systems like ext3, it may not be applicable to others, such as ext4 or ZFS, due to differences in structure and metadata handling.
5.2 Metadata checksums
Some file systems, like ZFS, use metadata checksums to detect corruption. These can reduce the success rate of the attack by identifying and correcting errors before they cause damage.
5.3 Other attacks
Any program that interacts with SSDs, directly or indirectly, could be a target for non-physical integrity attacks. While we focused on the file system, other vectors may also exist. Additionally, the possibility of remote attacks via web technologies like JavaScript remains a concern.
5.4 Encryption and integrity
Disk encryption, such as dm-crypt, can prevent some attacks by making it difficult for an attacker to manipulate data without the encryption key. However, it does not fully eliminate the risk, especially when attacking metadata.
Conclusion
In this article, we presented a detailed analysis of flash-based attacks and demonstrated how they can be used to escalate privileges through the file system. While the theoretical success rate is reasonable, further research is needed to overcome ECC limitations and expand the attack to a broader system-wide scale.
Terminal Block Din Rail,Spring Grounding Terminal Block,Pe Grounding Terminal Block,Plastic Terminal Blocks
Wonke Electric CO.,Ltd. , https://www.wkdq-electric.com