A new technical paper titled “Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation” was published by researchers at Georgia Tech.
Abstract
“Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. Despite its discovery a decade ago, comprehensive defenses remain elusive, while the probability of successful attacks grows with DRAM density. Hardware-based defenses have been ineffective, due to considerable cost, delays in commercial adoption, and attackers’ repeated ability to circumvent them. Meanwhile, more flexible software-based solutions either incur substantial performance and memory capacity overheads, or offer limited forms of protection. Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits by addressing the vulnerability’s root cause: physical adjacency of DRAM rows. Citadel enables creation of flexible security domains and isolates different domains in physically disjoint memory regions, guaranteeing security by design. On a server system, Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss. In contrast, recent domain isolation schemes fail to support many workload scenarios due to excessive overheads, and incur 4–6x higher overheads for supported scenarios. As a software solution, Citadel offers readily deployable Rowhammer-aware isolation on legacy, current, and future systems.”
Find the technical paper here. Preprint September 2024.
Saxena, Anish, Walter Wang, and Alexandros Daglis. “Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation.” arXiv preprint arXiv:2409.15463 (2024).
Leave a Reply