Autor | Bock, Carsten; Brasser, Ferdinand; Gens, David; Liebchen, Christopher; Sadeghi, Ahmad-Reza |
---|
Datum | 2019 |
---|
Art | Conference Proceedings |
---|
Abstrakt | Run-time attacks pose a continuous threat to the security of computer
systems. These attacks aim at hijacking the operation of a
computer program by subverting its execution at run time. While
conventional run-time attacks usually require memory-corruption
vulnerabilities in the program, hardware bugs represent an increasingly
popular attack vector. Rowhammer represents a vulnerability
in the design of DRAM modules that allows an adversary to modify
memory locations in physical proximity to attacker-controlled
memory on the module without accessing them. This is a serious
threat to real-world systems, since DRAM is used as main memory
on virtually all platforms.
Recent research proposed defenses against rowhammer, such by
patching the memory controller in hardware, or statically partitioning
physical memory to protect the operating system kernel from
a user space adversary. However, sharing DRAM memory securely
between a number of different entities currently remains as an
open problem. In this paper, we present RIP-RH, a DRAM-aware
memory allocator that allows for dynamic management of multiple
user-space processes. RIP-RH ensures that the memory partitions
belonging to individual processes are physically isolated. In our
detailed evaluation we demonstrate that our prototype implementation
of RIP-RH incurs a modest run-time overhead of 3.17% for
standard benchmarks and offers practical performance in a number
of real-world scenarios. |
---|
Konferenz | ACM Asia Conference on Computer and Communications Security (AsiaCCS) |
---|
Url | https://tubiblio.ulb.tu-darmstadt.de/id/eprint/113742 |
---|