Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege
are the most detrimental to system security and hard to mitigate. However,
recently proposed software-only mitigations are not effective against such
kernel privilege escalation attacks. In this paper, we propose an effective and
practical software-only defense, called SoftTRR, to protect page tables from
all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh
the rows occupied by page tables when a suspicious rowhammer activity is
detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR)
but eliminates its main security limitation (i.e., ChipTRR tracks a limited
number of rows and thus can be bypassed by many-sided hammer). Specifically,
SoftTRR protects an unlimited number of page tables by tracking memory accesses
to the rows that are in close proximity to page-table rows and refreshing the
page-table rows once the tracked access count exceeds a pre-defined threshold.
We implement a prototype of SoftTRR as a loadable kernel module, and evaluate
its security effectiveness, performance overhead, and memory consumption. The
experimental results show that SoftTRR protects page tables from real-world
rowhammer attacks and incurs small performance overhead as well as memory cost.

Go to Source of this post
Author Of this post: <a href="">Zhi Zhang</a>, <a href="">Yueqiang Cheng</a>, <a href="">Minghua Wang</a>, <a href="">Wei He</a>, <a href="">Wenhao Wang</a>, <a href="">Nepal Surya</a>, <a href="">Yansong Gao</a>, <a href="">Kang Li</a>, <a href="">Zhe Wang</a>, <a href="">Chenggang Wu</a>

By admin