Article

ZebRAM: comprehensive and compatible software protection against rowhammer attacks

Authors:

Radhesh Krishnan Konoth,

Marco Oliverio,

Dennis Andriesse,

Cristiano Giuffrida,

Kaveh RazaviAuthors Info & Claims

OSDI'18: Proceedings of the 13th USENIX conference on Operating Systems Design and Implementation

Pages 697 - 710

Published: 08 October 2018 Publication History

Abstract

The Rowhammer vulnerability common to many modern DRAM chips allows attackers to trigger bit flips in a row of memory cells by accessing the adjacent rows at high frequencies. As a result, they are able to corrupt sensitive data structures (such as page tables, cryptographic keys, object pointers, or even instructions in a program), and circumvent all existing defenses.

This paper introduces ZebRAM, a novel and comprehensive software-level protection against Rowhammer. ZebRAM isolates every DRAM row that contains data with guard rows that absorb any Rowhammer-induced bit flips; the only known method to protect against all forms of Rowhammer. Rather than leaving guard rows unused, ZebRAM improves performance by using the guard rows as efficient, integrity-checked and optionally compressed swap space. ZebRAM requires no hardware modifications and builds on virtualization extensions in commodity processors to transparently control data placement in DRAM. Our evaluation shows that ZebRAM provides strong security guarantees while utilizing all available memory.

References

[1]

LZO. http://www.oberhumer.com/opensource/lzo/, Retrieved 09.09.2018.

[2]

WRK2 - a HTTP Benchmarking Tool. https://github.com/giltene/wrk2, Retrieved 09.09.2018.

[3]

AICHINGER, B. DDR Memory Errors caused by Row Hammer. HPEC'15.

[4]

AWEKE, Z. B., YITBAREK, S. F., QIAO, R., DAS, R., HICKS, M., OREN, Y., AND AUSTIN, T. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks. ASPLOS'16.

Digital Library

[5]

BHATTACHARYA, S., AND MUKHOPADHYAY, D. Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis. CHESS'16.

[6]

BOSMAN, E., RAZAVI, K., BOS, H., AND GIUFFRIDA, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. S&P'16.

[7]

BRASSER, F., DAVI, L., GENS, D., LIEBCHEN, C., AND SADEGHI, A.-R. CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. SEC'17.

Digital Library

[8]

BRASSER, F., DAVI, L., GENS, D., LIEBCHEN, C., AND SADEGHI, A.-R. CAn't Touch This: Practical and Generic Software-only Defenses Against Rowhammer Attacks. arXiv preprint arXiv:1611.08396 (2016).

[9]

CAI, Y., GHOSE, S., LUO, Y., MAI, K., MUTLU, O., AND HARATSCH, E. F. Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques. HPCA '17.

[10]

COJOCAR, L., RAZAVI, K., GIUFFRIDA, C., AND BOS, H. Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks. S&P '19.

[11]

COOPER, B. F., SILBERSTEIN, A., TAM, E., RAMAKRISHNAN, R., AND SEARS, R. Benchmarking cloud serving systems with YCSB. SoCC'10.

Digital Library

[12]

CVE-2016-3272. Microsoft Security Bulletin MS16-092 - Important. https://technet.microsoft.com/en-us/library/security/ms16-092.aspx (2016).

[13]

FRIGO, P., GIUFFRIDA, C., BOS, H., AND RAZAVI, K. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU. S&P'18.

[14]

GRUSS, D., LIPP, M., SCHWARZ, M., GENKIN, D., JUFFINGER, J., OCONNELL, S., SCHOECHL, W., AND YAROM, Y. Another Flip in the Wall of Rowhammer Defenses. arXiv preprint arXiv:1710.00551 (2017).

[15]

GRUSS, D., MAURICE, C., AND MANGARD, S. Rowhammer. js: A Remote Software-Induced Fault Attack in JavaScript. DIMVA'16.

Digital Library

[16]

HAMMING, R. W. Error detecting and error correcting codes. Bell Labs Technical Journal 29, 2 (1950), 147-160.

[17]

HENNING, J. L. SPEC CPU2006 memory footprint. ACM SIGARCH Computer Architecture'07.

Digital Library

[18]

JANG, Y., LEE, J., LEE, S., AND KIM, T. Sgx-bomb: Locking down the processor via rowhammer attack. SysTEX'17.

Digital Library

[19]

JEDEC SOLID STATE TECHNOLOGY ASSOCIATION. Low Power Double Data 4 (LPDDR4). JESD209-4A (2015).

[20]

JEDEC SOLID STATE TECHNOLOGY ASSOCIATION. DDR4 SDRAM Specification. JESD79-4B (2017).

[21]

KIM, Y., DALY, R., KIM, J., FALLIN, C., LEE, J. H., LEE, D., WILKERSON, C., LAI, K., AND MUTU, O. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. ISCA'14.

Digital Library

[22]

KURMUS, A., IOANNOU, N., PAPANDREOU, N., AND PARNELL, T. From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks. WOOT'17.

Digital Library

[23]

LANTEIGNE, M. How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware (2016).

[24]

NEWMAN, L. H. The hidden toll of fixing meltdown and spectre. WIRED (2018).

[25]

OLIVERIO, M., RAZAVI, K., BOS, H., AND GIUFFRIDA, C. Secure page fusion with vusion. SOSP'17.

[26]

PESSL, P., GRUSS, D., MAURICE, C., SCHWARZ, M., AND MANGARD, S. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. SEC'16.

Digital Library

[27]

QIAO, R., AND SEABORN, M. A New Approach for Rowhammer Attacks. HOST'16.

[28]

RAZAVI, K., GRAS, B., BOSMAN, E., PRENEEL, B., GIUFFRIDA, C., AND BOS, H. Flip Feng Shui: Hammering a Needle in the Software Stack. SEC'16.

Digital Library

[29]

SCHWARZ, M., GRUSS, D., AND LIPP, M. Another Flip in the Row. BHUS'18. https://gruss.cc/files/us-18-Gruss-Another-Flip-In-The-Row.pdf Retrieved 09.09.2018.

[30]

SEABORN, M., AND DULLIEN, T. Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges. BHUS'15.

[31]

TATAR, A., GIUFFRIDA, C., BOS, H., AND RAZAVI, K. Defeating software mitigations against Rowhammer: A surgical precision hammer. RAID'18.

[32]

TATAR, A., KRISHNAN, R., ATHANASOPOULOS, E., GIUFFRIDA, C., BOS, H., AND RAZAVI, K. Throwhammer: Rowhammer Attacks over the Network and Defenses. ATC'18.

Digital Library

[33]

TJIN, P. android-7.1.0_r7 (Disable ION_HEAP_TYPE_SYSTEM_CONTIG). https://android.googlesource.com/device/google/marlin-kernel/+/android-7.1.0_r7 (2016).

[34]

VAN DER VEEN, V., FRATANTONIO, Y., LINDORFER, M., GRUSS, D., MAURICE, C., VIGNA, G., BOS, H., RAZAVI, K., AND GIUFFRIDA, C. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. CCS'16.

[35]

VAN DER VEEN, V., FRATANTONIO, Y., LINDORFER, M., GRUSS, D., MAURICE, C., VIGNA, G., BOS, H., RAZAVI, K., AND GIUFFRIDA, C. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. http://vvdveen.com/publications/drammer.slides.pdf, Retrieved 09.09.2018.

[36]

VAN DER VEEN, V., LINDORFER, M., FRATANTONIO, Y., PILLAI, H. P., VIGNA, G., KRUEGEL, C., BOS, H., AND RAZAVI, K. GuardION: Practical mitigation of DMA-based Rowhammer attacks on ARM. DIMVA'18.

[37]

XIAO, Y., ZHANG, X., ZHANG, Y., AND TEODORESCU, R. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. SEC'16.

Digital Library

Cited By

Saileshwar GWang BQureshi MNair PFalsafi BFerdman MLu SWenisch T(2022)Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rowsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507716(1056-1069)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507716
Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Loughlin KSaroiu SWolman AKasikci BAngel SKasikci BKohler E(2021)Stop! Hammer timeProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465295(88-95)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465295
Show More Cited By

Recommendations

ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS'16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS '16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

OSDI'18: Proceedings of the 13th USENIX conference on Operating Systems Design and Implementation

October 2018

815 pages

ISBN:9781931971478

Program Chairs:
Andrea Arpaci-Dusseau
University of Wisconsin-Madison
,
Geoff Voelker
University of California, San Diego

Sponsors

NetApp
Google Inc.
NSF
Microsoft: Microsoft
Facebook: Facebook

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

USENIX Association

United States

Publication History

Published: 08 October 2018

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Saileshwar GWang BQureshi MNair PFalsafi BFerdman MLu SWenisch T(2022)Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rowsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507716(1056-1069)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507716
Mahmoud DLenders VStojilović M(2022)Electrical-Level Attacks on CPUs, FPGAs, and GPUs: Survey and Implications in the Heterogeneous EraACM Computing Surveys10.1145/349833755:3(1-40)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3498337
Loughlin KSaroiu SWolman AKasikci BAngel SKasikci BKohler E(2021)Stop! Hammer timeProceedings of the Workshop on Hot Topics in Operating Systems10.1145/3458336.3465295(88-95)Online publication date: 1-Jun-2021
https://dl.acm.org/doi/10.1145/3458336.3465295
Hong SFrigo PKaya YGiuffrida CDumitraş THeninger NTraynor P(2019)Terminal brain damageProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361373(497-514)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361373
Bock CBrasser FGens DLiebchen CSadeghi AGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)RIP-RHProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329827(561-572)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329827
Wu XSherwood TChong FLi YBahar IHerlihy MWitchel ELebeck A(2019)Protecting Page Tables from RowHammer Attacks using Monotonic Pointers in DRAM True-CellsProceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3297858.3304039(645-657)Online publication date: 4-Apr-2019
https://dl.acm.org/doi/10.1145/3297858.3304039

View Options

View options

Media

Figures

Other

Tables

View Table of Contents