A Principled Rowhammer Defense-in-Depth
Abstract
Rowhammer bit flips in DRAM enable software attackers to fully compromise a great variety of systems. Hardware mitigations can be precise and efficient but suffer from long deployment cycles and very limited or no update capabilities. Consequently, refined attack methods have repeatedly bypassed deployed hardware protections, repeatedly leaving commodity systems vulnerable to Rowhammer attacks.
In this paper, we present Memory Band-Aid, a principled defense-in-depth against Rowhammer. Memory Band-Aid is no replacement for long-term, efficient hardware mitigations but a defense-in-depth that is activated when hardware mitigations are discovered to be insufficient on a specific system generation. For this purpose, Memory Band-Aid introduces per-thread and per-bank rate limits for DRAM accesses in the memory controller, ensuring that the minimum number of row activations for Rowhammer bit flips cannot be reached. We implement a proof-of-concept of Memory Band-Aid on Ubuntu Linux and test it on 3 Intel and 3 AMD systems. In a micro-benchmark to cause DRAM pressure, we observe a slow down up to a factor of 5.2. In a collection of realistic Phoronix macro-benchmarks, we observe a low overhead of 0 % to 9.4 %. Both overheads only apply to untrusted throttled workloads, e.g., sandboxes, for instance in browsers. Especially as Memory Band-Aid can be enabled on demand, we conclude that Memory Band-Aid is an important defense-in-depth that should be deployed in practice as a second defense layer.
Mehr zum Titel
| Titel | A Principled Rowhammer Defense-in-Depth |
|---|---|
| Medien | Network and Distributed System Security (NDSS) Symposium |
| Verlag | --- |
| Heft | --- |
| Band | --- |
| ISBN | --- |
| Verfasser/Herausgeber | Carina Fiedler, Jonas Juffinger, Raghav Neela Sudheendra , Martin Heckel, Hannes Weissteiner, Abdullah Giray Yağlıkçı, Prof. Dr. Florian Adamsky, Prof. Dr. Daniel Gruss |
| Seiten | --- |
| Veröffentlichungsdatum | 2026-02-23 |
| Projekttitel | NeRAM |
| Zitation | Fiedler, Carina; Juffinger, Jonas; Sudheendra , Raghav Neela; Heckel, Martin; Weissteiner, Hannes; Yağlıkçı, Abdullah Giray; Adamsky, Florian; Gruss, Daniel (2026): A Principled Rowhammer Defense-in-Depth. Network and Distributed System Security (NDSS) Symposium. |