SoftTRR: Protect Page Tables Against RowHammer Attacks using Software-only Target Row Refresh. (arXiv:2102.10269v1 [cs.CR])

Rowhammer attacks that corrupt level-1 page tables to gain kernel privilege
are the most detrimental to system security and hard to mitigate. However,
recently proposed software-only mitigations are not effective against such
kernel privilege escalation attacks. In this paper, we propose an effective and
practical software-only defense, called SoftTRR, to protect page tables from
all existing rowhammer attacks on x86. The key idea of SoftTRR is to refresh
the rows occupied by page tables when a suspicious rowhammer activity is
detected. SoftTRR is motivated by DRAM-chip-based target row refresh (ChipTRR)
but eliminates its main security limitation (i.e., ChipTRR tracks a limited
number of rows and thus can be bypassed by many-sided hammer). Specifically,
SoftTRR protects an unlimited number of page tables by tracking memory accesses
to the rows that are in close proximity to page-table rows and refreshing the
page-table rows once the tracked access count exceeds a pre-defined threshold.
We implement a prototype of SoftTRR as a loadable kernel module, and evaluate
its security effectiveness, performance overhead, and memory consumption. The
experimental results show that SoftTRR protects page tables from real-world
rowhammer attacks and incurs small performance overhead as well as memory cost.