The paper provides a comprehensive study of rowhammer attacks and defenses on commodity operating systems. It first introduces the background on DRAM organization and rowhammer characteristics.
For attacks, the paper summarizes the critical steps an attacker must follow to demonstrate a meaningful rowhammer attack: 1) Placing sensitive objects onto desired DRAM rows, 2) Inducing frequent accesses to attacker-induced objects to trigger bit flips, and 3) Exploiting the bit flips to compromise system security. It then discusses the techniques used in each attack step, covering a wide range of attacks targeting different architectures and objectives, such as causing denial-of-service, gaining privilege escalation, leaking sensitive information, and degrading deep neural network models.
For defenses, the paper categorizes existing software-only defenses into three groups: ad-hoc attempts, DRAM-aware isolation, and rowhammer-triggered detection. It summarizes the key strategies and limitations of each defense category. The paper also discusses proposed hardware defenses, highlighting their limitations in terms of security guarantees, scalability, memory efficiency, and cooperation between the memory controller and DRAM.
Finally, the paper provides insights on potential future attack vectors and defense strategies, identifying four new attack scenarios and two possible defense approaches.
다른 언어로
소스 콘텐츠 기반
arxiv.org
더 깊은 질문