Filters








8 Hits in 2.9 sec

GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM [chapter]

Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, Kaveh Razavi
2018 Lecture Notes in Computer Science  
To mitigate Rowhammer exploitation on ARM, we propose guardion, a lightweight defense that prevents DMA-based attacks-the main attack vector on mobile devices-by isolating DMA buffers with guard rows.  ...  Proposals made by both academia and industry, however, are either impractical to deploy, or insufficient in stopping all attacks: we present rampage, a set of DMA-based Rowhammer attacks against the latest  ...  either expressed or implied, of the U.S.  ... 
doi:10.1007/978-3-319-93411-2_5 fatcat:3d4h2rmbijcphbk64zf5staxoi

A Retrospective and Futurespective of Rowhammer Attacks and Defenses on DRAM [article]

Zhi Zhang, Jiahao Qi, Yueqiang Cheng, Shijie Jiang, Yiyang Lin, Yansong Gao, Surya Nepal, Yi Zou, Jiliang Zhang, Yang Xiang
2022 arXiv   pre-print
Since the first comprehensive study of rowhammer in 2014, a number of rowhammer attacks have been demonstrated against ubiquitous dynamic random access memory (DRAM)-based commodity systems to cause denial-of-service  ...  In this paper, we systematize rowhammer attacks and defenses with a focus on DRAM.  ...  Similar to ALIS, GuardION [45] mitigates DMA-based attacks particularly on mobile devices by isolating DMA buffers using guarding rows.  ... 
arXiv:2201.02986v2 fatcat:72hvl7xgsrerpndekuyoq5mg2a

SoftTRR: Protect Page Tables Against RowHammer Attacks using Software-only Target Row Refresh [article]

Zhi Zhang, Yueqiang Cheng, Minghua Wang, Wei He, Wenhao Wang, Nepal Surya, Yansong Gao, Kang Li, Zhe Wang, Chenggang Wu
2021 arXiv   pre-print
In this paper, we propose an effective and practical software-only defense, called SoftTRR, to protect page tables from all existing rowhammer attacks on x86.  ...  Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege are the most detrimental to system security and hard to mitigate.  ...  Such attack is demonstrated on ARM (Drammer [48] ), and it has been defeated by GuardION [49] that enforces DMA memory isolation.  ... 
arXiv:2102.10269v2 fatcat:c7ov3eqzlnbfxbnfyiuyxdvcta

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks

Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, Kaveh Razavi
2018 USENIX Symposium on Operating Systems Design and Implementation  
The Rowhammer vulnerability common to many modern DRAM chips allows attackers to trigger bit flips in a row of memory cells by accessing the adjacent rows at high frequencies.  ...  ZebRAM isolates every DRAM row that contains data with guard rows that absorb any Rowhammer-induced bit flips; the only known method to protect against all forms of Rowhammer.  ...  The funding agencies are not responsible for any use that may be made of the information it contains.  ... 
dblp:conf/osdi/KonothOTABGR18 fatcat:afd2ocwwuvffhe4kmpj6qrbm6u

Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework [article]

Xiaoxuan Lou, Fan Zhang, Zheng Leong Chua, Zhenkai Liang, Yueqiang Cheng, Yajin Zhou
2019 arXiv   pre-print
Based on the reference framework, we analyze all previous rowhammer attacks and corresponding countermeasures.  ...  In this work, we propose a unified reference framework for analyzing the rowhammer attacks, indicating three necessary factors in a practical rowhammer attack: the attack origin, the intended implication  ...  G-CATT [22] EV Physically isolate the memory of different system entities with a gap. × GuardION [68] EV Isolate DMA buffer with guard rows to prevent mobile rowhammer attacks.  ... 
arXiv:1901.03538v1 fatcat:dgfw3m6p4fchfij43qvmw2xzri

Still Hammerable and Exploitable: on the Effectiveness of Software-only Physical Kernel Isolation [article]

Yueqiang Cheng, Zhi Zhang, Surya Nepal, Zhi Wang
2019 arXiv   pre-print
The existence of such buffers invalidates the physical separation enforced by CATT and makes the rowhammer-based attack possible again.  ...  To mitigate these attacks, CATT [6], as the first generic and practical technique, physically separates each domain: it divides the physical memory into multiple partitions and keeps each partition occupied  ...  Among software-based defenses, CATT is the first generic and effective mitigation method against rowhammer attacks [6] 1 .  ... 
arXiv:1802.07060v3 fatcat:wmt72ighijckpllfic7bj3ncxe

Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications [article]

Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, Onur Mutlu
2021 arXiv   pre-print
To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR).  ...  U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows.  ...  Razavi, “GuardION: Practical Mitigation of DMA-Based Rowham- [93] M. Patel, J. S. Kim, H. Hassan, and O.  ... 
arXiv:2110.10603v1 fatcat:ab7zgdwb3vaqtbszjmyxuvngny

Hardening the security of modern operating systems against side-channel and rowhammer attacks

Marco Oliverio, Andrea Pugliese, Felice Crupi
2019
ZebRAM Other recent software-based solutions have targeted specific Rowhammer attack variants. GuardION isolates DMA buffers to protect mobile devices against DMA-based Rowhammer attacks [160] .  ...  Worryingly, not a single defence is currently deployed to protect from the recent GPU-based Rowhammer attack on mobile ARM devices (and PCs), even though it offers attackers a huge number of vulnerable  ...  For each of them, OpenCAL-, OpenCAL-OMP-and OpenCAL-CL-based double precision implementations have been developed.  ... 
doi:10.13126/unical.it/dottorati/1667 fatcat:p5aqtkts7vbufjpudhn4lotwxm