A new technical paper titled “Preventing Rowhammer Exploits with Low-Cost Domain-Aware Memory Allocation” has been published by researchers at Georgia Tech.
abstract
“Rowhammer is a hardware security vulnerability at the heart of all systems with modern DRAM-based memory. Despite being discovered a decade ago, attacks are becoming more successful as DRAM density increases. While increasing potential, hardware-based defenses still lack significant cost, slow commercial implementation, and the ability for attackers to repeatedly evade defenses. On the other hand, more flexible software-based solutions incur significant performance and memory capacity overhead or provide limited forms of protection. Citadel is a new memory allocator design that prevents security exploits by Rowhammer by addressing the physical adjacency of DRAM rows, allowing for the creation of flexible security domains with different physically separated memory regions. Separates domains and guarantees security by design. On server systems, Citadel supports thousands of security domains with a modest average memory overhead of 7.4% and no performance loss. Isolation schemes cannot support many workload scenarios due to excessive overhead, with supported scenarios incurring 4-6x overhead, and as a software solution, Citadel supports legacy, current, and future. It provides Rowhammer-compatible isolation that can be easily implemented into your system.”
Please see the technical document here. Preprint September 2024.
Saxena, Anish, Walter Wang, and Alexandros Dougris. “Preventing the Rowhammer Exploit with Low-Cost Domain-Aware Memory Allocation.” arXiv preprint arXiv:2409.15463 (2024).
