Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation

• URL: http://arxiv.org/abs/2409.15463v1
• Date: Mon, 23 Sep 2024 18:41:14 GMT
• Title: Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation
• Authors: Anish Saxena, Walter Wang, Alexandros Daglis,
• Abstract summary: Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. C Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits. C Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss.
• Score: 46.268703252557316
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. Despite its discovery a decade ago, comprehensive defenses remain elusive, while the probability of successful attacks grows with DRAM density. Hardware-based defenses have been ineffective, due to considerable cost, delays in commercial adoption, and attackers' repeated ability to circumvent them. Meanwhile, more flexible software-based solutions either incur substantial performance and memory capacity overheads, or offer limited forms of protection. Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits by addressing the vulnerability's root cause: physical adjacency of DRAM rows. Citadel enables creation of flexible security domains and isolates different domains in physically disjoint memory regions, guaranteeing security by design. On a server system, Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss. In contrast, recent domain isolation schemes fail to support many workload scenarios due to excessive overheads, and incur 4--6x higher overheads for supported scenarios. As a software solution, Citadel offers readily deployable Rowhammer-aware isolation on legacy, current, and future systems.

Related papers

• Cabin: Confining Untrusted Programs within Confidential VMs [13.022056111810599]
  Confidential computing safeguards sensitive computations from untrusted clouds. CVMs often come with large and vulnerable operating system kernels, making them susceptible to attacks exploiting kernel weaknesses. This study proposes Cabin, an isolated execution framework within guest VM utilizing the latest AMD SEV-SNP technology.
  arXiv  Detail & Related papers  (2024-07-17T06:23:28Z)
• SafeAligner: Safety Alignment against Jailbreak Attacks via Response Disparity Guidance [48.80398992974831]
  SafeAligner is a methodology implemented at the decoding stage to fortify defenses against jailbreak attacks. We develop two specialized models: the Sentinel Model, which is trained to foster safety, and the Intruder Model, designed to generate riskier responses. We show that SafeAligner can increase the likelihood of beneficial tokens, while reducing the occurrence of harmful ones.
  arXiv  Detail & Related papers  (2024-06-26T07:15:44Z)
• DRAM-Profiler: An Experimental DRAM RowHammer Vulnerability Profiling Mechanism [8.973443004379561]
  This paper presents a low-overhead DRAM RowHammer vulnerability profiling technique termed DRAM-Profiler. The proposed test vectors intentionally weaken the spatial correlation between the aggressors and victim rows before an attack for evaluation. The results uncover the significant variability among chips from different manufacturers in the type and quantity of RowHammer attacks that can be exploited by adversaries.
  arXiv  Detail & Related papers  (2024-04-29T03:15:59Z)
• BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads [5.767293823380473]
  RowHammer is a read disturbance mechanism in DRAM where repeatedly accessing (hammering) a row of DRAM cells (DRAM row) induces bitflips in other physically nearby DRAM rows. RowHammer solutions perform preventive actions (e.g., refresh neighbor rows of the hammered row) that mitigate such bitflips. As shrinking technology node size over DRAM chip generations exacerbates RowHammer, the overheads of RowHammer solutions become prohibitively expensive. In this work, we tackle the performance overheads of RowHammer solutions by tracking and throttling the generators of memory accesses that trigger RowHammer solutions.
  arXiv  Detail & Related papers  (2024-04-20T22:09:38Z)
• Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing [107.97160023681184]
  Aligned large language models (LLMs) are vulnerable to jailbreaking attacks. We propose SEMANTICSMOOTH, a smoothing-based defense that aggregates predictions of semantically transformed copies of a given input prompt.
  arXiv  Detail & Related papers  (2024-02-25T20:36:03Z)
• DNN-Defender: A Victim-Focused In-DRAM Defense Mechanism for Taming Adversarial Weight Attack on DNNs [10.201050807991175]
  We present the first DRAM-based victim-focused defense mechanism tailored for quantized Deep Neural Networks (DNNs) DNN-Defender can deliver a high level of protection downgrading the performance of targeted RowHammer attacks to a random attack level. The proposed defense has no accuracy drop on CIFAR-10 and ImageNet datasets without requiring any software training or incurring hardware overhead.
  arXiv  Detail & Related papers  (2023-05-14T00:30:58Z)
• Evil from Within: Machine Learning Backdoors through Hardware Trojans [72.99519529521919]
  Backdoors pose a serious threat to machine learning, as they can compromise the integrity of security-critical systems, such as self-driving cars. We introduce a backdoor attack that completely resides within a common hardware accelerator for machine learning. We demonstrate the practical feasibility of our attack by implanting our hardware trojan into the Xilinx Vitis AI DPU.
  arXiv  Detail & Related papers  (2023-04-17T16:24:48Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• SoK: Rowhammer on Commodity Operating Systems [33.038670040926284]
  Since the first comprehensive study of rowhammer in 2014, a number of rowhammer attacks have been demonstrated against dynamic random access memory (DRAM)-based commodity systems. In this paper, we systematize rowhammer attacks and defenses with a focus on DRAM-based commodity systems.
  arXiv  Detail & Related papers  (2022-01-09T11:13:58Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.