[Cryptography] "Flip Feng Shui: Hammering a Needle in the Software Stack"

[Jerry Leichter]

> 
>> The technique cannot be aimed exactly: You can flip some
>> unpredictable, uncontrollable subset of the bits in a word.
> 
> That's not what the paper claims:
> 
> | The end-to-end attack allows the attacker to flip a bit of choice in
> | data of choice anywhere in the software stack in a controlled
> | fashion.
The paper's description of the attack gets a bit vague at points, but as far as I can tell, it relies on the technique outlined in the earlier Rowhammer paper, which randomly perturbs a word (where the length of a word has to do with the physical organization of memory and *might* be independent of any similar concept visible in the machine ABI, though in common hardware it isn't).  To the degree that the effect is actually truly random, of course, you can check the results and keep trying until you get the desired results - but if your attacking code, that makes the problem of revealing yourself that much worse.

Then again, perhaps I missed something about the way the attack is carried out.  If anyone here understands how one can use the Rowhammer technique to reliably flip a chosen bit, could they explain it?
                                                        -- Jerry