Abstract
Page tables enforce process isolation in systems. Rowhammer attacks break process isolation by flipping bits in DRAM to tamper page tables and achieving privilege escalation. Moreover, new Rowhammer attacks break existing mitigations. We seek to protect systems against such breakthrough attacks. We present PT-Guard, an integrity protection mechanism for page tables. PT-Guard uses unused bits in Page Table Entries (PTE) to embed a Message Authentication Code (MAC) for the PTE cacheline without any storage overhead. These unused bits arise from PTEs supporting petabytes of physical memory while systems targeted by Rowhammer use at-most terabytes of mem-ory. By storing and verifying MACs for PTEs, PT-Guard detects arbitrary bit-flips in PTEs. Moreover, PT-Guard also provides best-effort correction of faulty-PTEs leveraging value locality. PT-Guard protects page tables from breakthrough Rowhammer attacks with negligible hardware changes, no DRAM storage, <72 bytes of SRAM, 1.3% slowdown, and no software changes.
Originalsprache | englisch |
---|---|
Titel | Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 |
Seiten | 95-108 |
Seitenumfang | 14 |
ISBN (elektronisch) | 9798350347937 |
DOIs | |
Publikationsstatus | Veröffentlicht - 9 Aug. 2023 |
Veranstaltung | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks: DSN 2023 - Porto, Portugal Dauer: 27 Juni 2023 → 30 Juni 2023 |
Konferenz
Konferenz | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks |
---|---|
Kurztitel | DSN |
Land/Gebiet | Portugal |
Ort | Porto |
Zeitraum | 27/06/23 → 30/06/23 |
ASJC Scopus subject areas
- Software
- Artificial intelligence
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
- Computernetzwerke und -kommunikation