CAn’t Touch This: New Software-Based Defense Against Rowhammer Attacks

The high density of memory cells in modern DRAM chips caused the so-called Rowhammer bug. As Google researchers recently demonstrated, this bug allows an attacker to induce dangerous bit flips in memory to undermine memory access control mechanisms without requiring any software vulnerability. By repeatedly hammering certain memory rows, bit flips occur in co-located memory rows allowing an attacker to corrupt code and data structures of higher-privileged system entities. In collaboration with researchers at TU Darmstadt, we present CATT (CAn't Touch This), a practical and efficient software-only defense against rowhammer attacks. Our defense prevents the attacker from leveraging rowhammer to corrupt physically co-located data in memory that is owned by a different system entity. To do so, CATT extends the physical memory allocator of the OS to physically isolate the memory of different system entities such as kernel and user space. In particular, it ensures that an empty memory row is always placed between memory belonging to user-space and memory belonging to kernel-space. The results of this research will appear at this year's USENIX Security Symposium. A technical report on CATT and a bootloader extension to blacklist vulnerable rows is already available on arxiv: https://arxiv.org/abs/1611.08396