Towards Remote Attestation of Microarchitectural Attacks: The Case of Rowhammer

TL;DR

This paper introduces HammerWatch, a remote attestation protocol that detects Rowhammer microarchitectural attacks by analyzing hardware-level signals, providing a detection mechanism to complement existing prevention methods.

Contribution

It presents a novel remote attestation approach leveraging hardware signals like MCEs and PRAC counters to detect Rowhammer attacks on commodity hardware.

Findings

Reliable detection of Rowhammer-like behavior achieved

Hardware signals can distinguish malicious from benign access patterns

Detection complements existing prevention mechanisms

Abstract

Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from prevention to detection through microarchitectural-aware remote attestation. As a first instantiation of this idea, we present HammerWatch, a Rowhammer-aware remote attestation protocol that enables an external verifier to assess whether a system exhibits hardware-induced disturbance behavior. HammerWatch leverages memory-level evidence available on commodity platforms, specifically Machine-Check Exceptions (MCEs) from ECC DRAM and counter-based indicators from Per-Row Activation Counting (PRAC), and protects these measurements against kernel-level adversaries using TPM-anchored hash chains. We implement HammerWatch on commodity hardware and evaluate it on 20000 simulated benign and malicious access patterns. Our results show that the verifier reliably distinguishes Rowhammer-like behavior from benign operation under conservative heuristics, demonstrating that detection-oriented attestation is feasible and can complement incomplete prevention mechanisms