FlippyR.AM: The large-scale Rowhammer study

Recently, Daniel Gruss, Martin Heckel, and Florian Adamsky gave a talk about Rowhammer at the 38th Chaos Communication Congress (38C3) in Hamburg, Germany. Now, they are looking for participants for their large-scale Rowhammer study!

What is Rowhammer?

Rowhammer is a disturbance effect in computer memory (DRAM) first published in 2014. When an attacker accesses carefully selected addresses, bits can flip in adjacent memory cells not accessed by the attacker. Depending on which information is stored in the cells, Rowhammer can be exploited to escalate privileges on desktop computers, mobile devices, and cloud servers. Since the first exploit publication in 2015, a cat-and-mouse game has started between new mitigations helping against known attacks and new attacks bypassing known mitigations.

In their talk “Ten Years of Rowhammer: A Retrospect and Path to the Future”, the researchers gave an overview on the basics of Rowhammer and the results of Rowhammer research in the last decade. They showed that the systems tested by researchers are very limited. Mostly, lab systems were tested with small sample sizes: Most of the analysed studies tested only one system. Therefore, it is unknown how big the problem of Rowhammer is in real-world systems that are actually used, and more research is needed.

However, it is unfeasible to test hundreds or thousands of systems. Also, these systems would be lab systems as well when used for research. Therefore, Daniel, Martin and Florian started the FlippyR.AM large-scale study where they ask people to test if their systems are affected by Rowhammer.

Find out more

Incentives

There are multiple incentives for participating:

You get and keep a FlippyR.AM USB stick you can get from Daniel Gruss’ office at ISEC (room IF01014)
For each system you test and upload the results, you get a token. With one token, you can participate in a Raffle for €10 Amazon gift cards at the end of the study (just send them a link with your token)
If you uploaded the results for 10 systems, you can get a FlippyR.AM t-shirt (limited to 10; currently, eight have been given out).

How to participate

Step 1: get the test software

There are different options for getting the test software:

Come to Daniel Gruss’ office at ISEC (room IF01014) and get a FlippyR.AM thumb drive
Download the ISO image from their website and flash it to your own thumb drive
Use their GitHub Repository to run the docker container
Use their GitHub Repository to build the image yourself and flash it to your own thumb drive

Step 2: run the test

After that, boot your system using the thumb drive and let the experiment run for 3 hours (recommended are 8 hours).

Step 3: send them the results

Send them the results afterwards by either accepting to upload them directly from the test system or by manually uploading them from the thumb drive using their website.