傳統硬碟(hdd)還沒有步馬車的後塵,也就是說還沒有被曆史抛棄,不過鑒于固态硬碟(ssd)人氣飙升,ssd成為标準、hdd被逐漸淘汰是早晚的事情。考慮到固态硬碟在速度和可靠性方面具有優勢,更不用說最近價格不斷下滑,這種轉變完全在情理之中。
然而卡内基·梅隆大學的研究人員卻發現固态硬碟設計存在一處缺陷,這導緻它們極容易受到某種特定類型的攻擊,因而導緻固态硬碟過早失效和資料損毀。這個缺陷的技術細節非常深奧,不過我會在這裡盡量講得簡單明了。
很顯然,這個問題隻影響多層單元(mlc)固态硬碟。單層單元(slc)固态硬碟不受影響,但是由于mlc固态硬碟速度快,因而變得更受歡迎,這個風險波及多得多的裝置。雖然該研究報告沒有探讨三層單元(tlc)固态硬碟,不過extremetech指出,由于tlc使用了與mlc相同類型的多階段程式設計周期,tlc可能也易受攻擊。
這個安全漏洞源自mlc的程式設計方式。不像slc固态硬碟,mlc固态硬碟從閃存單元将資料寫入到緩沖器,而不是從固态硬碟的閃存控制器将資料寫入到緩沖器。如果攔截這個過程,攻擊者就可以破壞需要寫入的資料。
顯而易見的結果是,記憶體中存儲的資料損壞,但是這還可能對固态硬碟本身造成破壞,因而縮短其使用壽命。
當然,上面這番解釋高度簡單化了,但如果你精通技術行話,可以上semantic scholar 閱讀研究人員的全文下載下傳,文章标題為《mlc nand 閃存程式設計中的安全漏洞:實驗性分析、漏洞利用及緩解技術/方法》。
解決這個問題來得比較簡單直覺。固态硬碟廠商隻要改而通過閃存控制器來運作資料,就像處理slc那樣。然而,這使延遲時間增加了約5%,這多少影響了mlc固态硬碟相比slc固态硬碟具有的主要優勢之一。
如果卡内基·梅隆大學能搞清楚這個問題,黑客恐怕也有這個本事。要是黑客還沒有聽說過這個漏洞,他們現在應該聽說了。我們還沒有聽到有誰報告利用這個安全漏洞的攻擊;固态硬碟廠商們肯定已經在竭力尋找方法,在不影響速度的情況下堵住這個漏洞。
即使廠商确實搞清楚了如何修複新固态硬碟中的缺陷,已經用于消費類裝置中的固态硬碟該怎麼辦?有沒有軟體更新檔可以修複這個問題?是否可以編寫病毒定義,以便檢測有人是否編寫了某個軟體或應用程式來利用這個安全漏洞?
英文:
vulnerabilities in mlc nand flash memory programming: experimental analysis, exploits, and mitigation techniques
abstract
modern nand flash memory chips provide high density by storing two bits of data in each flash cell, called a multi-level cell (mlc). an mlc partitions the threshold voltage range of a flash cell into four voltage states. when a flash cell is programmed, a high voltage is applied to the cell. due to parasitic capacitance coupling between flash cells that are physically close to each other, flash cell programming can lead to cell-to-cell program interference, which introduces errors into neighboring flash cells. in order to reduce the impact of cell-to-cell interference on the reliability of mlc nand flash memory, flash manufacturers adopt a two-step programming method, which programs the mlc in two separate steps. first, the flash memory partially programs the least significant bit of the mlc to some intermediate threshold voltage. second, it programs the most significant bit to bring the mlc up to its full voltage state. in this paper, we demonstrate that two-step programming exposes new reliability and security vulnerabilities. we experimentally characterize the effects of two-step programming using contemporary 1x-nm (i.e., 15–19nm) flash memory chips. we find that a partially-programmed flash cell (i.e., a cell where the second programming step has not yet been performed) is much more vulnerable to cell-to-cell interference and read disturb than a fully-programmed cell. we show that it is possible to exploit these vulnerabilities on solid-state drives (ssds) to alter the partially-programmed data, causing (potentially malicious) data corruption. building on our experimental observations, we propose several new mechanisms for mlc nand flash memory that eliminate or mitigate data corruption in partially-programmed cells, thereby removing or reducing the extent of the vulnerabilities, and at the same time increasing flash memory lifetime by 16%.
作者:佚名
來源:51cto