Abstract
Page tables enforce process isolation in systems. Rowhammer attacks break process isolation by flipping bits in DRAM to tamper page tables and achieving privilege escalation. Moreover, new Rowhammer attacks break existing mitigations. We seek to protect systems against such breakthrough attacks. We present PT-Guard, an integrity protection mechanism for page tables. PT-Guard uses unused bits in Page Table Entries (PTE) to embed a Message Authentication Code (MAC) for the PTE cacheline without any storage overhead. These unused bits arise from PTEs supporting petabytes of physical memory while systems targeted by Rowhammer use at-most terabytes of mem-ory. By storing and verifying MACs for PTEs, PT-Guard detects arbitrary bit-flips in PTEs. Moreover, PT-Guard also provides best-effort correction of faulty-PTEs leveraging value locality. PT-Guard protects page tables from breakthrough Rowhammer attacks with negligible hardware changes, no DRAM storage, <72 bytes of SRAM, 1.3% slowdown, and no software changes.
Original language | English |
---|---|
Title of host publication | Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 |
Pages | 95-108 |
Number of pages | 14 |
ISBN (Electronic) | 9798350347937 |
DOIs | |
Publication status | Published - 9 Aug 2023 |
Event | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks: DSN 2023 - Porto, Portugal Duration: 27 Jun 2023 → 30 Jun 2023 |
Conference
Conference | 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks |
---|---|
Abbreviated title | DSN |
Country/Territory | Portugal |
City | Porto |
Period | 27/06/23 → 30/06/23 |
Keywords
- DRAM
- Integrity Protection
- Rowhammer
- Security
ASJC Scopus subject areas
- Software
- Artificial Intelligence
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications