PT-Guard: Integrity-Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks

Page tables enforce process isolation in systems. Rowhammer attacks break process isolation by flipping bits in DRAM to tamper page tables and achieving privilege escalation. Moreover, new Rowhammer attacks break existing mitigations. We seek to protect systems against such breakthrough attacks. We...

Full description

Saved in:
Bibliographic Details
Main Authors: Saxena, Anish, Saileshwar, Gururaj, Juffinger, Jonas, Kogler, Andreas, Gruss, Daniel, Qureshi, Moinuddin
Format: Conference Proceeding
Language:English
Subjects:
Aerospace electronics
Codes
Costs
DRAM
Hardware
Integrity Protection
Memory management
Random access memory
Rowhammer
Security
Software
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Page tables enforce process isolation in systems. Rowhammer attacks break process isolation by flipping bits in DRAM to tamper page tables and achieving privilege escalation. Moreover, new Rowhammer attacks break existing mitigations. We seek to protect systems against such breakthrough attacks. We present PT-Guard, an integrity protection mechanism for page tables. PT-Guard uses unused bits in Page Table Entries (PTE) to embed a Message Authentication Code (MAC) for the PTE cacheline without any storage overhead. These unused bits arise from PTEs supporting petabytes of physical memory while systems targeted by Rowhammer use at-most terabytes of mem-ory. By storing and verifying MACs for PTEs, PT-Guard detects arbitrary bit-flips in PTEs. Moreover, PT-Guard also provides best-effort correction of faulty-PTEs leveraging value locality. PT-Guard protects page tables from breakthrough Rowhammer attacks with negligible hardware changes, no DRAM storage,
ISSN:2158-3927
DOI:10.1109/DSN58367.2023.00022