TU Darmstadt / ULB / TUbiblio

RIP-RH: Preventing Rowhammer-based Inter-Process Attacks

Bock, Carsten ; Brasser, Ferdinand ; Gens, David ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza (2019)
RIP-RH: Preventing Rowhammer-based Inter-Process Attacks.
ACM Asia Conference on Computer and Communications Security (AsiaCCS). Auckland (07.07.2019-12.07.2019)
doi: 10.1145/3321705.3329827
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2019
Autor(en): Bock, Carsten ; Brasser, Ferdinand ; Gens, David ; Liebchen, Christopher ; Sadeghi, Ahmad-Reza
Art des Eintrags: Bibliographie
Titel: RIP-RH: Preventing Rowhammer-based Inter-Process Attacks
Sprache: Englisch
Publikationsjahr: 7 Juli 2019
Ort: Auckland
Veranstaltungstitel: ACM Asia Conference on Computer and Communications Security (AsiaCCS)
Veranstaltungsort: Auckland
Veranstaltungsdatum: 07.07.2019-12.07.2019
DOI: 10.1145/3321705.3329827
Kurzbeschreibung (Abstract):

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
Hinterlegungsdatum: 19 Jun 2019 11:20
Letzte Änderung: 19 Jun 2019 11:20
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen