RIP-RH - Preventing Rowhammer-based Inter-Process Attacks.

Run-time attacks pose a continuous threat to the security of computer systems. These attacks aim at hijacking the operation of a computer program by subverting its execution at run time. While conventional run-time attacks usually require memory-corruption vulnerabilities in the program, hardware bugs represent an increasingly popular attack vector. Rowhammer represents a vulnerability in the design of DRAM modules that allows an adversary to modify memory locations in physical proximity to attacker-controlled memory on the module without accessing them. This is a serious threat to real-world systems, since DRAM is used as main memory on virtually all platforms. Recent research proposed defenses against rowhammer, such by patching the memory controller in hardware, or statically partitioning physical memory to protect the operating system kernel from a user space adversary. However, sharing DRAM memory securely between a number of different entities currently remains as an open problem. In this paper, we present RIP-RH, a DRAM-aware memory allocator that allows for dynamic management of multiple user-space processes. RIP-RH ensures that the memory partitions belonging to individual processes are physically isolated. In our detailed evaluation we demonstrate that our prototype implementation of RIP-RH incurs a modest run-time overhead of 3.17% for standard benchmarks and offers practical performance in a number of real-world scenarios.