Defense Against Rowhammer Attack With Memory Isolation In Virtualized Environments

The virtualization security has increasingly gained widespread attention with the spreading of cloud computation in recent years.And some common hardware-software contracts which were supposed to be the base of security system have been violated by some attacks like “Rowhammer”.Adversaries have used software attacks to trigger some errors in hardware and finish Rowhammer attacks.Currently there are some Rowhammer attacks which can break the isolation between virtual machines and hypervisor as well as threaten the security in the virtualization environment.To date,all the known defenses against Rowhammer either require the modification on hardware or can be easiliy passed over,or only target attacks in normal OS.Besides most of those defenses are difficult to be deployed in the virtualization environment.To prevent the Rowhammer attacks in virtualization environment,we analysis the cause of Rowhammer attacks' generation,and present a novel method,which can prevent the spreading of Rowhammer attacks by isolating the memory of different secure domains(e.g.,the kernel of hypervisor and the virtual machines),called RDXA system.Our RDXA system extent the physical memory allocator of Xen to guarantee all the memories of different secure domains will never stay in adjacent rows in the same bank of same chip.In this way RDXA system can stop the Rowhammer attacks between different secure domains.RDXA system is part of Xen hypervisor and it contains two modules: 1.One reverse engineering tool which can reverse the mapping from physical address to DRAM address.The tool is guided by the different latency caused by different pattern of DRAM memory access as well as is designed in the way of side channel.2.Rowhammer aware memory allocator which can divide memory into zones and separate different zones with rows.We make some evaluation on RDXA system,and it shows that our solution does not require any modification to the hardware,and also is transparent to the guest VMs.The evaluation shows its effectiveness in preventing against Rowhammer attacks,as well as the efficiency in introducing negligible overhead(the runtime performance overhead is lower than 1%,the performance overhead of starting VMs is lower than 6%,and the memory cost of RDXA is lower than 0.2%).Besides,RDXA system will neither influence the scalability of booting the VMs nor undermine the stability of the running VMs.