Search Icon
Submissions

Copy-on-Flip: Hardening ECC Memory Against Rowhammer Attacks

Andrea Di Dio (Vrije Universiteit Amsterdam), Koen Koning (Intel), Herbert Bos (Vrije Universiteit Amsterdam), Cristiano Giuffrida (Vrije Universiteit Amsterdam)

Despite nearly decade-long mitigation efforts in academia and industry, the community is yet to find a practical solution to the Rowhammer vulnerability. Comprehensive software mitigations require complex changes to commodity systems, yielding significant run-time overhead and deterring practical adoption. Hardware mitigations, on the other hand, have generally grown more robust and efficient, but are difficult to deploy on commodity systems. Until recently, ECC memory implemented by the memory controller on server platforms seemed to provide the best of both worlds: use hardware features already on commodity systems to efficiently turn Rowhammer into a denial-of-service attack vector. Unfortunately, researchers have recently shown that attackers can perform one-bit-at-a-time memory templating and mount ECC-aware Rowhammer attacks.

In this paper, we reconsider ECC memory as an avenue for Rowhammer mitigations and show that not all hope is lost. In particular, we show that it is feasible to devise a software-based design to both efficiently and effectively harden commodity ECC memory against ECC-aware Rowhammer attacks. To support this claim, we present Copy-on-Flip (CoF), an ECC-based software mitigation which uses a combination of memory _migration_ and _offlining_ to stop Rowhammer attacks on commodity server systems in a practical way. The key idea is to let the operating system interpose on all the error correction events and offline the vulnerable victim page as soon as the attacker has successfully templated a sufficient number of bit flips---while transparently migrating the victim data to a new page. We present a CoF prototype on Linux, where we also show it is feasible to operate simple memory management changes to support migration for the relevant user and kernel memory pages. Our evaluation shows CoF incurs low performance and memory overhead, while significantly reducing the Rowhammer attack surface. On typical benchmarks such as SPEC CPU2017 and Google Chrome, CoF reports a $<1.5%$ overhead, and, on extreme I/O-intensive scenarios (saturated nginx), up to $sim11%$.

Paper
Slides
Video

View More Papers

CableAuth: A Biometric Second Factor Authentication Scheme for Electric...

Jack Sturgess, Sebastian Köhler, Simon Birnbach, Ivan Martinovic (University of Oxford)

Read More

Firefly: Spoofing Earth Observation Satellite Data through Radio Overshadowing

Edd Salkield, Sebastian Köhler, Simon Birnbach, Richard Baker (University of Oxford). Martin Strohmeier (armasuisse S+T), Ivan Martinovic (University of Oxford) Presenter: Edd Salkield

Read More

Ghost Domain Reloaded: Vulnerable Links in Domain Name Delegation...

Xiang Li (Tsinghua University), Baojun Liu (Tsinghua University), Xuesong Bai (University of California, Irvine), Mingming Zhang (Tsinghua University), Qifan Zhang (University of California, Irvine), Zhou Li (University of California, Irvine), Haixin Duan (Tsinghua University; QI-ANXIN Technology Research Institute; Zhongguancun Laboratory), Qi Li (Tsinghua University; Zhongguancun Laboratory)

Read More

PPA: Preference Profiling Attack Against Federated Learning

Chunyi Zhou (Nanjing University of Science and Technology), Yansong Gao (Nanjing University of Science and Technology), Anmin Fu (Nanjing University of Science and Technology), Kai Chen (Chinese Academy of Science), Zhiyang Dai (Nanjing University of Science and Technology), Zhi Zhang (CSIRO's Data61), Minhui Xue (CSIRO's Data61), Yuqing Zhang (University of Chinese Academy of Science)

Read More