基于虚拟化内存隔离的Rowhammer攻击防护机制

随着虚拟化技术的发展与云计算的流行,虚拟化环境下的安全防护问题一直受到广泛的关注。最近的Rowhammer攻击打破了人们对于硬件的信赖,同时基于Rowhammer攻击的各种攻击方式已经威胁到了虚拟化环境下的虚拟机监视器以及其他虚拟机的安全。目前业界已有的对Rowhammer攻击的防御机制或者局限于修改物理硬件,或者无法很好的部署在虚拟化环境下。本文提出一种方案,该方案实现了一套在虚拟机监视器层面的Rowhammer感知的内存分配机制,能够在虚拟机监视器层面以虚拟机的粒度进行Rowhammer攻击的隔离防护。测试表明,该方案能够在不修改硬件,以及引入较小的性能开销（小于6%的运行时开销和小于0.1%的内存开销）的前提下,成功阻止从虚拟机到虚拟机监视器以及跨虚拟机的Rowhammer攻击。

Defense against Rowhammer Attack with Memory Isolation in Virtualized Environments

The virtualization security has increasingly gained widespread attention with the spreading of cloud computation in recent years. And some common hardware-software contracts which were supposed to be the base of security system have been violated by some attacks like "rowhammer". Adversaries have used rowhammer attack to break the isolation between virtual machines and hypervisor as well as to threaten the security in the virtualization environment. To date, all the known defenses against rowhammer either require the modification on hardware or are hard to be deployed in the virtualization environment. We present a novel method, which can prevent the spreading of rowhammer attacks by isolating the memory of different security domains (e.g., the kernel of hypervisor and the virtual machines). We extent the physical memory allocator of Xen to be aware of rowhammer. Our solution does not require any modification to the hardware, and it is transparent to the guest VMs. The evaluation shows its effectiveness in preventing against rowhammer attacks, as well as the efficiency in introducing negligible overhead (the runtime performance overhead is lower than 6%, and the memory cost is lower than 0.1%).