English

Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation

Cryptography and Security 2024-09-25 v1

Abstract

Rowhammer is a hardware security vulnerability at the heart of every system with modern DRAM-based memory. Despite its discovery a decade ago, comprehensive defenses remain elusive, while the probability of successful attacks grows with DRAM density. Hardware-based defenses have been ineffective, due to considerable cost, delays in commercial adoption, and attackers' repeated ability to circumvent them. Meanwhile, more flexible software-based solutions either incur substantial performance and memory capacity overheads, or offer limited forms of protection. Citadel is a new memory allocator design that prevents Rowhammer-initiated security exploits by addressing the vulnerability's root cause: physical adjacency of DRAM rows. Citadel enables creation of flexible security domains and isolates different domains in physically disjoint memory regions, guaranteeing security by design. On a server system, Citadel supports thousands of security domains at a modest 7.4% average memory overhead and no performance loss. In contrast, recent domain isolation schemes fail to support many workload scenarios due to excessive overheads, and incur 4--6x higher overheads for supported scenarios. As a software solution, Citadel offers readily deployable Rowhammer-aware isolation on legacy, current, and future systems.

Keywords

Cite

@article{arxiv.2409.15463,
  title  = {Preventing Rowhammer Exploits via Low-Cost Domain-Aware Memory Allocation},
  author = {Anish Saxena and Walter Wang and Alexandros Daglis},
  journal= {arXiv preprint arXiv:2409.15463},
  year   = {2024}
}
R2 v1 2026-06-28T18:54:23.360Z