research-article

RIP-RH: Preventing Rowhammer-based Inter-Process Attacks

Authors:

Ferdinand Brasser,

Christopher Liebchen,

Ahamd-Reza SadeghiAuthors Info & Claims

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Pages 561 - 572

https://doi.org/10.1145/3321705.3329827

Published: 02 July 2019 Publication History

Abstract

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.

References

[1]

Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd Austin. 2016. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks. In International Conference on Architectural Support for Programming Languages and Operating Systems.

Digital Library

[2]

Erik Bosman, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2016. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In IEEE Symposium on Security and Privacy.

[3]

Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. Can't touch this: Software-only mitigation against rowhammer attacks targeting kernel memory. In USENIX Security Symposium.

Digital Library

[4]

Nathan Burow, Scott A. Carr, Stefan Brunthaler, Mathias Payer, Joseph Nash, Per Larsen, and Michael Franz. 2016. Control-Flow Integrity: Precision, Security, and Performance. (2016). http://arxiv.org/abs/1602.04056

Digital Library

[5]

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In IEEE Symposium on Security and Privacy.

Digital Library

[6]

J. Criswell, N. Dautenhahn, and V. Adve. 2014. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In IEEE Symposium on Security and Privacy.

Digital Library

[7]

Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi. 2012. MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones. In Annual Network and Distributed System Security Symposium.

[8]

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU. In IEEE Symposium on Security and Privacy.

[9]

Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger. 2016. Fine-Grained Control-Flow Integrity for Kernel Software. In IEEE European Symposium on Security and Privacy.

[10]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of rowhammer defenses. In IEEE Symposium on Security and Privacy.

[11]

Daniel Gruss, Clé mentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A Cache Attack to Induce Hardware Faults from a Website. In Conference on Detection of Intrusions and Malware and Vulnerability Assessment.

[12]

IC Insights. 2017. DDR4 Set to Account for Largest Share of DRAM Market by Architecture. http://icinsights.com/data/articles/documents/969.pdf.

[13]

Michael Kerrisk. 2010. The Linux programming interface: a Linux and UNIX system programming handbook .No Starch Press.

Digital Library

[14]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In Annual International Symposium on Computer Architecture.

Digital Library

[15]

Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2018. ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. In USENIX Symposium on Operating Systems Design and Implementation.

Digital Library

[16]

Byoungyoung Lee, Chengyu Song, Yeongjin Jang, Tielei Wang, Taesoo Kim, Long Lu, and Wenke Lee. 2015. Preventing Use-after-free with Dangling Pointers Nullification. In Annual Network and Distributed System Security Symposium.

[17]

Zhiqiang Lin, RyanD. Riley, and Dongyan Xu. 2009. Polymorphing Software by Randomizing Data Structure Layout. In Conference on Detection of Intrusions and Malware and Vulnerability Assessment.

Digital Library

[18]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: reading kernel memory from user space. In USENIX Security Symposium.

Digital Library

[19]

Nick Nikiforakis, Steven Van Acker, Wannes Meert, Lieven Desmet, Frank Piessens, and Wouter Joosen. 2013. Bitsquatting: Exploiting bit-flips for fun, or profit?. In Proceedings of the 22nd international conference on World Wide Web.

Digital Library

[20]

Gene Novark and Emery D Berger. 2010. DieHarder: securing the heap. In ACM Conference on Computer and Communications Security.

Digital Library

[21]

Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2010. G-Free: Defeating Return-Oriented Programming through Gadget-less Binaries. In Annual Computer Security Applications Conference.

Digital Library

[22]

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security Symposium.

Digital Library

[23]

Jannik Pewny and Thorsten Holz. 2013. Control-flow Restrictor: Compiler-based CFI for iOS. In Annual Computer Security Applications Conference.

Digital Library

[24]

Rui Qiao and Mark Seaborn. 2016. A New Approach for Rowhammer Attacks. In IEEE International Symposium on Hardware Oriented Security and Trust.

[25]

Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. 2016. Flip Feng Shui: Hammering a Needle in the Software Stack. In USENIX Security Symposium.

Digital Library

[26]

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C+ Applications. In IEEE Symposium on Security and Privacy.

Digital Library

[27]

Mark Seaborn and Thomas Dullien. 2016. Exploiting the DRAM rowhammer bug to gain kernel privileges. https://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html.

[28]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In ACM Conference on Computer and Communications Security.

Digital Library

[29]

Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, and Tongping Liu. 2017. FreeGuard: A Faster Secure Heap Allocator. In ACM Conference on Computer and Communications Security.

Digital Library

[30]

Chengyu Song, Byoungyoung Lee, Kangjie Lu, William R. Harris, Taesoo Kim, and Wenke Lee. 2016. Enforcing Kernel Security Invariants with Data Flow Integrity. In Annual Network and Distributed System Security Symposium.

[31]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In IEEE Symposium on Security and Privacy.

Digital Library

[32]

Andrei Tatar, Radhesh Krishnan Konoth, Elias Athanasopoulos, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Throwhammer: Rowhammer Attacks over the Network and Defenses. In USENIX Annual Technical Conference.

Digital Library

[33]

Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer Attacks on Commodity Mobile Platforms. In ACM Conference on Computer and Communications Security.

Digital Library

[34]

Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi. 2018. GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In Detection of Intrusions and Malware, and Vulnerability Assessment.

[35]

Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Mircea-Radu Teodorescu. 2016. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In USENIX Security Symposium.

Digital Library

[36]

B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. 2009. Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In IEEE Symposium on Security and Privacy.

Digital Library

Cited By

Awal MRahman M(2024)Exploring the Correlation Between DRAM Latencies and Rowhammer Attacks2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00086(445-450)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00086
Bostanci FYüksel IOlgun AKanellopoulos KTuğrul YYağliçi ASadrosadati MMutlu O(2024)CoMeT: Count-Min-Sketch-based Row Tracking to Mitigate RowHammer at Low Cost2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00050(593-612)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00050
Yağlıkçı ATuğrul YOliveira GYüksel İOlgun ALuo HMutlu O(2024)Spatial Variation-Aware Read Disturbance Defenses: Experimental Analysis of Real DRAM Chips and Implications on Future Solutions2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00048(560-577)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00048
Show More Cited By

Recommendations

RIP StrandHogg: a practical StrandHogg attack detection method on Android
WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

StrandHogg vulnerabilities affect Android's multitasking system and threaten up to 90% of Android platforms, which translates to millions of affected users. Existing countermeasures require modification of the OS, have usability drawbacks, or are ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS'16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

July 2019

708 pages

ISBN:9781450367523

DOI:10.1145/3321705

General Chairs:
Steven Galbraith
University of Auckland, New Zealand
,
Giovanni Russello
University of Auckland, New Zealand
,
Willy Susilo
University of Wollongong, Australia
,
Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany & Nanyang Technological University, Singapore
,
Engin Kirda
Northeastern University, USA
,
Zhenkai Liang
National University of Singapore, Singapore

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

Asia CCS '19

Sponsor:

SIGSAC

Asia CCS '19: ACM Asia Conference on Computer and Communications Security

July 9 - 12, 2019

Auckland, New Zealand

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
352
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)3

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Awal MRahman M(2024)Exploring the Correlation Between DRAM Latencies and Rowhammer Attacks2024 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)10.1109/ISVLSI61997.2024.00086(445-450)Online publication date: 1-Jul-2024
https://doi.org/10.1109/ISVLSI61997.2024.00086
Bostanci FYüksel IOlgun AKanellopoulos KTuğrul YYağliçi ASadrosadati MMutlu O(2024)CoMeT: Count-Min-Sketch-based Row Tracking to Mitigate RowHammer at Low Cost2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00050(593-612)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00050
Yağlıkçı ATuğrul YOliveira GYüksel İOlgun ALuo HMutlu O(2024)Spatial Variation-Aware Read Disturbance Defenses: Experimental Analysis of Real DRAM Chips and Implications on Future Solutions2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00048(560-577)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00048
Woo SElsasser WHamburg MLinstadt EMiller MSong TTringali J(2023)RAMPART: RowHammer Mitigation and Repair for Server Memory SystemsProceedings of the International Symposium on Memory Systems10.1145/3631882.3631886(1-15)Online publication date: 2-Oct-2023
https://dl.acm.org/doi/10.1145/3631882.3631886
Zhang ZHe WCheng YWang WGao YLiu DLi KNepal SFu AZou Y(2023) Implicit Hammer : Cross-Privilege-Boundary Rowhammer Through Implicit Accesses IEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.321466620:5(3716-3733)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TDSC.2022.3214666
Woo JSaileshwar GNair P(2023)Scalable and Secure Row-Swap: Efficient and Safe Row Hammer Mitigation in Memory Systems2023 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA56546.2023.10070999(374-389)Online publication date: Feb-2023
https://doi.org/10.1109/HPCA56546.2023.10070999
Saxena ASaileshwar GJuffinger JKogler AGruss DQureshi M(2023)PT-Guard: Integrity-Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58367.2023.00022(95-108)Online publication date: Jun-2023
https://doi.org/10.1109/DSN58367.2023.00022
Saileshwar GWang BQureshi MNair PFalsafi BFerdman MLu SWenisch T(2022)Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rowsProceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3503222.3507716(1056-1069)Online publication date: 28-Feb-2022
https://dl.acm.org/doi/10.1145/3503222.3507716
Loughlin KSaroiu SWolman AManerkar YKasikci BSalapura VZahran MChong FTang L(2022)MOESI-primeProceedings of the 49th Annual International Symposium on Computer Architecture10.1145/3470496.3527427(670-684)Online publication date: 18-Jun-2022
https://dl.acm.org/doi/10.1145/3470496.3527427
Saxena ASaileshwar GNair PQureshi M(2022)AQUA: Scalable Rowhammer Mitigation by Quarantining Aggressor Rows at Runtime2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO56248.2022.00022(108-123)Online publication date: Oct-2022
https://doi.org/10.1109/MICRO56248.2022.00022
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents