MAD: Memory Allocation meets Software Diversity
This addresses a critical security issue for computer systems vulnerable to RowHammer attacks, but it is incremental as it builds on existing software diversity principles.
The paper tackles the problem of DRAM vulnerabilities from RowHammer attacks by proposing a new approach that combines memory allocation with software diversity, showing promising early results with ease-of-implementation and negligible performance impact.
Vulnerabilities emanating from DRAM errors pose a vexing problem that remains, as of yet, unsolved and elusive but cannot be ignored. Prior defenses focused on specific details of early RowHammer attacks and fail to generalize with the generalizations of recent RowHammer attacks. Even worse, it is presently not clear that techniques from prior defenses will be able to cope with these generalizations or if an entirely new approach is required. Although still work-in-progress, we have identified a new approach that combines memory allocation with principles underlying software diversity and shows promising early results. At first glance, software diversity seems to be an unlikely contender, since it faces seemingly insurmountable obstacles, primarily the lack of sufficient entropy in memory subsystems. Our system - called MAD, short for memory allocation diversity - leverages two novel, complementary spatial diversification techniques to overcome this entropy obstacle. Entropy aside, MAD offers ease-of-implementation, negligible performance impact, and is both hardware and software agnostic. From a security perspective, MAD's goal is to deter RowHammer attacks by delaying them to the maximum extent possible. Such a delay opens the door for a variety of additional responses, e.g., proactive rebooting, or complementary in-depth analysis of ongoing attacks that would be too slow for an always-on defense.