English

SoK: Rowhammer on Commodity Operating Systems

Cryptography and Security 2024-05-02 v3 Hardware Architecture

Abstract

Rowhammer has drawn much attention from both academia and industry in the past years as rowhammer exploitation poses severe consequences to system security. Since the first comprehensive study of rowhammer in 2014, a number of rowhammer attacks have been demonstrated against dynamic random access memory (DRAM)-based commodity systems to break software confidentiality, integrity and availability. Accordingly, numerous software defenses have been proposed to mitigate rowhammer attacks on commodity systems of either legacy (e.g., DDR3) or recent DRAM (e.g., DDR4). Besides, multiple hardware defenses (e.g., Target Row Refresh) from the industry have been deployed into recent DRAM to eliminate rowhammer, which we categorize as production defenses. In this paper, we systematize rowhammer attacks and defenses with a focus on DRAM-based commodity systems. Particularly, we have established a unified framework demonstrating how a rowhammer attack affects a commodity system. With the framework, we characterize existing attacks, shedding light on new attack vectors that have not yet been explored. We further leverage the framework to categorize software and production defenses, generalize their key defense strategies and summarize their key limitations, from which potential defense strategies are identified.

Keywords

Cite

@article{arxiv.2201.02986,
  title  = {SoK: Rowhammer on Commodity Operating Systems},
  author = {Zhi Zhang and Decheng Chen and Jiahao Qi and Yueqiang Cheng and Shijie Jiang and Yiyang Lin and Yansong Gao and Surya Nepal and Yi Zou and Jiliang Zhang and Yang Xiang},
  journal= {arXiv preprint arXiv:2201.02986},
  year   = {2024}
}

Comments

To Appear in the 19th ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2024)

R2 v1 2026-06-24T08:44:01.860Z