基于重映射矩阵的Rowhammer漏洞防御方法研究

doi:10.3969/j.issn.1671-1122.2025.05.008

信息网络安全 ›› 2025, Vol. 25 ›› Issue (5): 758-766.doi: 10.3969/j.issn.1671-1122.2025.05.008

基于重映射矩阵的Rowhammer漏洞防御方法研究

王建新¹, 许弘可¹^,²(), 肖超恩¹, 张磊¹

1.北京电子科技学院，北京 100070
2.建德市密码管理局，杭州 311699

收稿日期:2024-10-18 出版日期:2025-05-10 发布日期:2025-06-10
通讯作者: 许弘可 201720060827@ecut.edu.cn
作者简介:王建新（1977—），男，教授，博士，主要研究方向为电子信息工程、EDA技术、信息安全|许弘可（1999—），男，硕士研究生，CCF会员，主要研究方向为电子信息工程、形式化语义、信息安全|肖超恩（1982—），男，讲师，博士，主要研究方向为嵌入式系统安全、智能软件和分布式计算|张磊（1979—），男，教授，博士，主要研究方向为密码工程、芯片安全、网络空间安全
基金资助:
中央高校基本科研业务费(3282024009);中央高校基本科研业务费(20230051Z0114);中央高校基本科研业务费(20230050Z0114);院级特色教材讲义项目(20220119Z0221);教育部产学合作协同育人项目(20220163H0211);北京高等教育“本科教学改革创新项目”(20220121Z0208);北京高等教育“本科教学改革创新项目”(202110018002);学院教学类孵化项目(20220120Z0220);学院学科建设项目(20230007Z0452);学院学科建设项目(20230010Z0452)

Research on Rowhammer Vulnerability Defense Method Based on Remapping Matrix

WANG Jianxin¹, XU Hongke¹^,²(), XIAO Chaoen¹, ZHANG Lei¹

1. Beijing Electronic Science and Technology Institute, Beijing 100070, China
2. Jiande City Cryptography Bureau, Hangzhou 311699, China

Received:2024-10-18 Online:2025-05-10 Published:2025-06-10

摘要/Abstract

摘要：

针对国产高级精简指令集（ARM）架构计算机中动态随机存取内存（DRAM）存在Rowhammer漏洞的问题，文章首先介绍了重映射矩阵，并结合重映射矩阵分析了Rowhammer漏洞产生原因；然后，提出一种基于重映射矩阵的Rowhammer漏洞防御方法，该方法通过物理地址重映射和禁用pagemap接口相结合的方法防御Rowhammer攻击；最后通过改变DRAM中行解码器和列选择器实现重映射矩阵，并在国产ARM架构计算机平台和Xilinx Zynq 7000系列芯片上对该方法进行功能测试，同时通过搭建Vivado集成开发环境对该方法进行安全性分析和性能分析。功能测试结果表明，该方法能够有效抵御Rowhammer攻击。安全性分析结果表明，与未采取防御措施相比，Rowhammer漏洞发生率下降了98.6%。性能分析结果表明，引入该防御方法后得到的解码器延迟为0.783 ns，资源占用率约为0.002%，延迟和资源占用率极低，对国产ARM架构计算机的性能影响微乎其微。

关键词: Rowhammer漏洞, 国产ARM架构计算机, DRAM, 重映射矩阵

Abstract:

Aiming at the problem of Rowhammer vulnerability in dynamic random access memory (DRAM) of domestic Advanced RISC Machines (ARM) architecture computers, this paper firstly introduced the remapping matrix, and analyzed the causes of Rowhammer vulnerability based on the remapping matrix. Secondly, a Rowhammer vulnerability defense method based on remapping matrix was proposed, which combined physical address remapping with disabling pagemap interface to defend against Rowhammer attacks. Finally, the remapping matrix was realized by changing the DRAM line decoder and column selectors, and the Rowhammer vulnerability defense method was tested on the domestic ARM architecture computers and Xilinx Zynq7000 series. At the same time, the security and performance of this method were analyzed by setting up Vivado integrated development environment. The functional test results show that the Rowhammer vulnerability defense method can effectively resist the Rowhammer attack. The security analysis results show that compared to not taking defensive measures, the occurrence rate of Rowhammer vulnerability decreased by 98.6%. The performance analysis results show that the decoder obtained after the introduction of this defense method has a latency of 0.783ns and a resource occupancy of about 0.002%, which is extremely low, and has little impact on the performance of domestic ARM architecture computers.

Key words: Rowhammer vulnerability, domestic ARM architecture computers, DRAM, remapping matrix

中图分类号:

TP309

王建新, 许弘可, 肖超恩, 张磊. 基于重映射矩阵的Rowhammer漏洞防御方法研究[J]. 信息网络安全, 2025, 25(5): 758-766.

WANG Jianxin, XU Hongke, XIAO Chaoen, ZHANG Lei. Research on Rowhammer Vulnerability Defense Method Based on Remapping Matrix[J]. Netinfo Security, 2025, 25(5): 758-766.

图/表 10

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

参考文献 16

[1]	KIM Y, DALY R, KIM J, et al. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors[C]// ACM. The 41st International Symposium on Computer Architecture (ISCA). New York: ACM, 2014: 361-372.
[2]	LEE M, KWAK J. Detection Technique of Software-Induced Rowhammer Attacks[J]. Computers, Materials & Continua, 2021, 67(1): 349-367.
[3]	GAO Bo, CHEN Lin, YAN Yingjian. Research on Side Channel Attack Based on CNN-MGU[J]. Netinfo Security, 2022, 22(8): 55-63.
	高博, 陈琳, 严迎建. 基于CNN-MGU的侧信道攻击研究[J]. 信息网络安全, 2022, 22(8):55-63.
[4]	MA Yuepeng, LIU Jiqiang, WANG Jian. A Pretreatment of DPI System Based on the Cache Hit[J]. Netinfo Security, 2016, 16(10): 69-75.
	马跃鹏, 刘吉强, 王健. 基于缓存命中的DPI系统预处理方法[J]. 信息网络安全, 2016, 16(10):69-75.
[5]	SEABORN M, DULLIEN T. Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges[EB/OL]. (2015-08-11)[2024-09-03]. https://www.cs.umd.e-du/class/fall2019/cmsc818O/papers/rowhammer-kernel.pdf.
[6]	GRUSS D, MAURICE C, MANGARD S. Rowhammer. js: A Remote Software-Induced Fault Attack in JavaScript[C]// Springer. Detection of Intrusions and Malware, and Vulnerability Assessment. Heidelberg: Springer, 2016: 300-321.
[7]	FRIGO P, GIUFFRIDA C, BOS H, et al. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU[C]// IEEE. 2018 IEEE Symposium on Security and Privacy. New York: IEEE, 2018: 195-210.
[8]	JATTKE P, WIPFLI M, SOLT F, et al. Zenhammer: Rowhammer Attacks on AMD Zen-Based Platforms[C]// USENIX. 33rd USENIX Security Symposium (USENIX Security 2024). Philadelphia: USENIX, 2024: 1615-1633.
[9]	DING Liping, LIU Xuehua, CHEN Guangxuan, et al. Overview of Digital Forensics Technologies of RAM in Android Devices[J]. Netinfo Security, 2019, 19(2): 10-17.
	丁丽萍, 刘雪花, 陈光宣, 等. Android智能手机动态内存取证技术综述[J]. 信息网络安全, 2019, 19(2):10-17.
[10]	XIAO Chaoen, HUANG Song, WANG Jianxin, et al. Review on Research Progress of Rowhammer[J]. Journal of Beijing Electronic Science and Technology Institute, 2020, 28(1): 30-41.
	肖超恩, 黄松, 王建新, 等. Rowhammer漏洞研究进展[J]. 北京电子科技学院学报, 2020, 28(1):30-41.
[11]	LOU Xiaoxuan. The Implementation Security of Block Ciphers against Side Channel Attacks Based on Memory System[D]. Hangzhou: Zhejiang University, 2020.
	楼潇轩. 基于存储系统旁路攻击的分组密码实现安全性研究[D]. 杭州: 浙江大学, 2020.
[12]	YANG Yingying, HOU Rui. Overview of Memory RowHammer Attacks and Defense Technology[J]. Journal of Guangzhou University(Natural Science Edition), 2021, 20(3): 30-43.
	杨莹莹, 侯锐. 内存RowHammer攻击与防御综述[J]. 广州大学学报(自然科学版), 2021, 20(3):30-43.
[13]	HONG Sheng, LI Lei, YUAN Yidong, et al. Research on Cooperative Security Technology of Side Channel in Processor Microarchitecture Storage System[J]. Netinfo Security, 2022, 22(6): 26-37.
	洪晟, 李雷, 原义栋, 等. 处理器微架构存储体系侧信道协同安全技术研究[J]. 信息网络安全, 2022, 22(6):26-37.
[14]	WANG Jianxin, XU Hongke, XIAO Chaoen, et al. Research and Implementation of Rowhammer Attack Method Based on Domestic NeoKylin Operating System[C]// IEEE. 2022 4th International Conference on Frontiers Technology of Information and Computer (ICFTIC). New York: IEEE, 2022: 663-668.
[15]	COJOCAR L, RAZAVI K, GIUFFRIDA C. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks[C]// IEEE. 2019 IEEE Symposium on Security and Privacy. New York: IEEE, 2019: 55-71.
[16]	MAO Ting. Analysis of Storage Structure on Linux Operating System[D]. Changsha: Central South University of Forestry & Technology, 2017.
	毛婷. Linux存储结构分析[D]. 长沙: 中南林业科技大学, 2017.

基于重映射矩阵的Rowhammer漏洞防御方法研究

Research on Rowhammer Vulnerability Defense Method Based on Remapping Matrix

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 16

相关文章 1

编辑推荐

Metrics

本文评价