A rowhammer attack exploits a vulnerability created by the physical characteristics of modern computer memory. Dynamic Random-Access Memory (DRAM) is a high-speed memory circuit that stores information by creating an electrical charge in tiny capacitor; which is something like a battery. A charged capacitor represents a value (i.e.”1”) as opposed to an uncharged capacitor (“0”). There are literally billions of these tiny capacitors in DRAM modules and they are physically very close to each other. The ‘1’s and ‘0’s that the capacitors store (bits) form the basis of information storage for everything in the computer including the determinations of whom may access computer services. By deliberately repeatedly charging and discharging capacitor circuits that are near to a bit that stores an impotant security property it can be possible that some charge overflows into that capacitor and change its value (e.g. by charging it so that it changes from a ‘0’ to a ‘1’. These row hammer attacks are difficult to defend against as it is a physical problem. The amount and expense of DRAM that is implemented in computers around the world make it unfeasible to quickly change to a different type of memory. Ferdinand Brasser, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi from the Technische Universität Darmstadt, Germany and Lucas Davi from University of Duisburg-Essen, Germany came up with a method of protecting against these attacks that doesn’t require changing hardware. This isn’t the first attempt at this problem, other attempts operated by changing the rate at which charges are able to be delivered to ram capacitor circuits to reduce the chance of overflows. These can have impacts on the operation or reliability of RAM modules and aren’t always appropriate.
This method isolates secure zones in memory by providing a buffer space around those places so that malware isn’t able to write to spaces adjacent to important bits. This is done by mapping out the physical spaces for memory and set certain areas as secure and out of bounds for software to access.
This method is relatively efficient and doesn’t require the loss of any significant amount of storage space or speed.
cite:
Brasser, F., Davi, L., Gens, D., Liebchen, C., & Sadeghi, A. R. (2017). CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory.
Source:
This paper is easily accessible in the proceeds of the 26th USENIX Security Symposium:
https://www.usenix.org/conference/usenixsecurity17/technical-sessions
You can also see David Gens present the paper, on youtube; complete with M.C hammer references (<30 minutes)
https://www.youtube.com/watch?v=E-B6fd0SzaI
