TU Darmstadt / ULB / TUbiblio

RIP-RH: Preventing Rowhammer-based Inter-Process Attacks

Bock, Carsten ; Brasser, Ferdinand ; Gens, David ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza (2019)
RIP-RH: Preventing Rowhammer-based Inter-Process Attacks.
ACM Asia Conference on Computer and Communications Security (AsiaCCS). Auckland (07. - 12.07.2019)
doi: 10.1145/3321705.3329827
Conference or Workshop Item, Bibliographie

Abstract

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.

Item Type: Conference or Workshop Item
Erschienen: 2019
Creators: Bock, Carsten ; Brasser, Ferdinand ; Gens, David ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza
Type of entry: Bibliographie
Title: RIP-RH: Preventing Rowhammer-based Inter-Process Attacks
Language: English
Date: 7 July 2019
Place of Publication: Auckland
Event Title: ACM Asia Conference on Computer and Communications Security (AsiaCCS)
Event Location: Auckland
Event Dates: 07. - 12.07.2019
DOI: 10.1145/3321705.3329827
Abstract:

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Date Deposited: 19 Jun 2019 11:20
Last Modified: 19 Jun 2019 11:20
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details