Title | ||
---|---|---|
SoftTRR: Protect Page Tables against Rowhammer Attacks using Software-only Target Row Refresh |
Abstract | ||
---|---|---|
Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege are the most detrimental to system security and hard to mitigate. However, recently proposed software-only mitigations are not effective against such kernel privilege escalation attacks. In this paper, we propose an effective and practical software-only defense, called SoftTRR, to protect page tables from all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh the rows occupied by page tables when a suspicious rowhammer activity is detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR) but eliminates its main security limitation (i.e., ChipTRR tracks a limited number of rows and thus can be bypassed by many-sided hammer). Specifically, SoftTRR protects an unlimited number of page tables by tracking memory accesses to the rows that are in close proximity to page-table rows and refreshing the page-table rows once the tracked access count exceeds a pre-defined threshold. We implement a prototype of SoftTRR as a loadable kernel module, and evaluate its security effectiveness, performance overhead, and memory consumption. The experimental results show that SoftTRR protects page tables from real-world rowhammer attacks and incurs small performance overhead as well as memory cost. |
Year | Venue | DocType |
---|---|---|
2022 | USENIX Annual Technical Conference (USENIX ATC) | Conference |
Citations | PageRank | References |
0 | 0.34 | 0 |
Authors | ||
10 |
Name | Order | Citations | PageRank |
---|---|---|---|
Zhi Zhang | 1 | 11 | 3.92 |
Yueqiang Cheng | 2 | 6 | 5.51 |
Minghua Wang | 3 | 64 | 15.40 |
Wei He | 4 | 29 | 10.01 |
Wenhao Wang | 5 | 5 | 9.95 |
Surya Nepal | 6 | 1486 | 186.76 |
Yansong Gao | 7 | 28 | 5.43 |
Kang Li | 8 | 337 | 29.74 |
Zhe Wang | 9 | 198 | 24.41 |
Chenggang Wu | 10 | 44 | 6.57 |