28 research outputs found
RowHammer and Beyond
We will discuss the RowHammer problem in DRAM, which is a prime (and likely
the first) example of how a circuit-level failure mechanism in Dynamic Random
Access Memory (DRAM) can cause a practical and widespread system security
vulnerability. RowHammer is the phenomenon that repeatedly accessing a row in a
modern DRAM chip predictably causes errors in physically-adjacent rows. It is
caused by a hardware failure mechanism called read disturb errors. Building on
our initial fundamental work that appeared at ISCA 2014, Google Project Zero
demonstrated that this hardware phenomenon can be exploited by user-level
programs to gain kernel privileges. Many other recent works demonstrated other
attacks exploiting RowHammer, including remote takeover of a server vulnerable
to RowHammer. We will analyze the root causes of the problem and examine
solution directions. We will also discuss what other problems may be lurking in
DRAM and other types of memories, e.g., NAND flash and Phase Change Memory,
which can potentially threaten the foundations of reliable and secure systems,
as the memory technologies scale to higher densities.Comment: A version of this paper is to appear in the COSADE 2019 proceedings.
arXiv admin note: text overlap with arXiv:1703.0062
Flexible-Latency DRAM: Understanding and Exploiting Latency Variation in Modern DRAM Chips
This article summarizes key results of our work on experimental
characterization and analysis of latency variation and latency-reliability
trade-offs in modern DRAM chips, which was published in SIGMETRICS 2016, and
examines the work's significance and future potential.
The goal of this work is to (i) experimentally characterize and understand
the latency variation across cells within a DRAM chip for these three
fundamental DRAM operations, and (ii) develop new mechanisms that exploit our
understanding of the latency variation to reliably improve performance. To this
end, we comprehensively characterize 240 DRAM chips from three major vendors,
and make six major new observations about latency variation within DRAM.
Notably, we find that (i) there is large latency variation across the cells for
each of the three operations; (ii) variation characteristics exhibit
significant spatial locality: slower cells are clustered in certain regions of
a DRAM chip; and (iii) the three fundamental operations exhibit different
reliability characteristics when the latency of each operation is reduced.
Based on our observations, we propose Flexible-LatencY DRAM (FLY-DRAM), a
mechanism that exploits latency variation across DRAM cells within a DRAM chip
to improve system performance. The key idea of FLY-DRAM is to exploit the
spatial locality of slower cells within DRAM, and access the faster DRAM
regions with reduced latencies for the fundamental operations. Our evaluations
show that FLY-DRAM improves the performance of a wide range of applications by
13.3%, 17.6%, and 19.5%, on average, for each of the three different vendors'
real DRAM chips, in a simulated 8-core system
Voltron: Understanding and Exploiting the Voltage-Latency-Reliability Trade-Offs in Modern DRAM Chips to Improve Energy Efficiency
This paper summarizes our work on experimental characterization and analysis
of reduced-voltage operation in modern DRAM chips, which was published in
SIGMETRICS 2017, and examines the work's significance and future potential.
We take a comprehensive approach to understanding and exploiting the latency
and reliability characteristics of modern DRAM when the DRAM supply voltage is
lowered below the nominal voltage level specified by DRAM standards. We perform
an experimental study of 124 real DDR3L (low-voltage) DRAM chips manufactured
recently by three major DRAM vendors. We find that reducing the supply voltage
below a certain point introduces bit errors in the data, and we comprehensively
characterize the behavior of these errors. We discover that these errors can be
avoided by increasing the latency of three major DRAM operations (activation,
restoration, and precharge). We perform detailed DRAM circuit simulations to
validate and explain our experimental findings. We also characterize the
various relationships between reduced supply voltage and error locations,
stored data patterns, DRAM temperature, and data retention.
Based on our observations, we propose a new DRAM energy reduction mechanism,
called Voltron. The key idea of Voltron is to use a performance model to
determine by how much we can reduce the supply voltage without introducing
errors and without exceeding a user-specified threshold for performance loss.
Our evaluations show that Voltron reduces the average DRAM and system energy
consumption by 10.5% and 7.3%, respectively, while limiting the average system
performance loss to only 1.8%, for a variety of memory-intensive quad-core
workloads. We also show that Voltron significantly outperforms prior dynamic
voltage and frequency scaling mechanisms for DRAM
Reducing DRAM Refresh Overheads with Refresh-Access Parallelism
This article summarizes the idea of "refresh-access parallelism," which was
published in HPCA 2014, and examines the work's significance and future
potential. The overarching objective of our HPCA 2014 paper is to reduce the
significant negative performance impact of DRAM refresh with intelligent memory
controller mechanisms.
To mitigate the negative performance impact of DRAM refresh, our HPCA 2014
paper proposes two complementary mechanisms, DARP (Dynamic Access Refresh
Parallelization) and SARP (Subarray Access Refresh Parallelization). The goal
is to address the drawbacks of state-of-the-art per-bank refresh mechanism by
building more efficient techniques to parallelize refreshes and accesses within
DRAM. First, instead of issuing per-bank refreshes in a round-robin order, as
it is done today, DARP issues per-bank refreshes to idle banks in an
out-of-order manner. Furthermore, DARP proactively schedules refreshes during
intervals when a batch of writes are draining to DRAM. Second, SARP exploits
the existence of mostly-independent subarrays within a bank. With minor
modifications to DRAM organization, it allows a bank to serve memory accesses
to an idle subarray while another subarray is being refreshed. Our extensive
evaluations on a wide variety of workloads and systems show that our mechanisms
improve system performance (and energy efficiency) compared to three
state-of-the-art refresh policies, and their performance bene ts increase as
DRAM density increases.Comment: 9 pages. arXiv admin note: text overlap with arXiv:1712.07754,
arXiv:1601.0635
Heterogeneous-Reliability Memory: Exploiting Application-Level Memory Error Tolerance
This paper summarizes our work on characterizing application memory error
vulnerability to optimize datacenter cost via Heterogeneous-Reliability Memory
(HRM), which was published in DSN 2014, and examines the work's significance
and future potential. Memory devices represent a key component of datacenter
total cost of ownership (TCO), and techniques used to reduce errors that occur
on these devices increase this cost. Existing approaches to providing
reliability for memory devices pessimistically treat all data as equally
vulnerable to memory errors. Our key insight is that there exists a diverse
spectrum of tolerance to memory errors in new data-intensive applications, and
that traditional one-size-fits-all memory reliability techniques are
inefficient in terms of cost. This presents an opportunity to greatly reduce
server hardware cost by provisioning the right amount of memory reliability for
different applications.
Toward this end, in our DSN 2014 paper, we make three main contributions to
enable highly-reliable servers at low datacenter cost. First, we develop a new
methodology to quantify the tolerance of applications to memory errors. Second,
using our methodology, we perform a case study of three new data-intensive
workloads (an interactive web search application, an in-memory key--value
store, and a graph mining framework) to identify new insights into the nature
of application memory error vulnerability. Third, based on our insights, we
propose several new hardware/software heterogeneous-reliability memory system
designs to lower datacenter cost while achieving high reliability and discuss
their trade-offs. We show that our new techniques can reduce server hardware
cost by 4.7% while achieving 99.90% single server availability.Comment: 4 pages, 4 figures, summary report for DSN 2014 paper:
"Characterizing Application Memory Error Vulnerability to Optimize Datacenter
Cost via Heterogeneous-Reliability Memory
Adaptive-Latency DRAM: Reducing DRAM Latency by Exploiting Timing Margins
This paper summarizes the idea of Adaptive-Latency DRAM (AL-DRAM), which was
published in HPCA 2015, and examines the work's significance and future
potential. AL-DRAM is a mechanism that optimizes DRAM latency based on the DRAM
module and the operating temperature, by exploiting the extra margin that is
built into the DRAM timing parameters. DRAM manufacturers provide a large
margin for the timing parameters as a provision against two worst-case
scenarios. First, due to process variation, some outlier DRAM chips are much
slower than others. Second, chips become slower at higher temperatures. The
timing parameter margin ensures that the slow outlier chips operate reliably at
the worst-case temperature, and hence leads to a high access latency.
Using an FPGA-based DRAM testing platform, our work first characterizes the
extra margin for 115 DRAM modules from three major manufacturers. The
experimental results demonstrate that it is possible to reduce four of the most
critical timing parameters by a minimum/maximum of 17.3%/54.8% at 55C while
maintaining reliable operation. AL-DRAM uses these observations to adaptively
select reliable DRAM timing parameters for each DRAM module based on the
module's current operating conditions. AL-DRAM does not require any changes to
the DRAM chip or its interface; it only requires multiple different timing
parameters to be specified and supported by the memory controller. Our real
system evaluations show that AL-DRAM improves the performance of
memory-intensive workloads by an average of 14% without introducing any errors.
Our characterization and proposed techniques have inspired several other works
on analyzing and/or exploiting different sources of latency and performance
variation within DRAM chips.Comment: arXiv admin note: substantial text overlap with arXiv:1603.0845
Tiered-Latency DRAM: Enabling Low-Latency Main Memory at Low Cost
This paper summarizes the idea of Tiered-Latency DRAM (TL-DRAM), which was
published in HPCA 2013, and examines the work's significance and future
potential. The capacity and cost-per-bit of DRAM have historically scaled to
satisfy the needs of increasingly large and complex computer systems. However,
DRAM latency has remained almost constant, making memory latency the
performance bottleneck in today's systems. We observe that the high access
latency is not intrinsic to DRAM, but a trade-off is made to decrease the cost
per bit. To mitigate the high area overhead of DRAM sensing structures,
commodity DRAMs connect many DRAM cells to each sense amplifier through a wire
called a bitline. These bit-lines have a high parasitic capacitance due to
their long length, and this bitline capacitance is the dominant source of DRAM
latency. Specialized low-latency DRAMs use shorter bitlines with fewer cells,
but have a higher cost-per-bit due to greater sense amplifier area overhead. To
achieve both low latency and low cost per bit, we introduce Tiered-Latency DRAM
(TL-DRAM). In TL-DRAM, each long bitline is split into two shorter segments by
an isolation transistor, allowing one of the two segments to be accessed with
the latency of a short-bitline DRAM without incurring a high cost per bit. We
propose mechanisms that use the low-latency segment as a hardware-managed or
software-managed cache. Our evaluations show that our proposed mechanisms
improve both performance and energy efficiency for both single-core and
multiprogrammed workloads. Tiered-Latency DRAM has inspired several other works
on reducing DRAM latency with little to no architectural modification.Comment: arXiv admin note: substantial text overlap with arXiv:1601.0690
Characterizing, Exploiting, and Mitigating Vulnerabilities in MLC NAND Flash Memory Programming
This paper summarizes our work on experimentally analyzing, exploiting, and
addressing vulnerabilities in multi-level cell NAND flash memory programming,
which was published in the industrial session of HPCA 2017, and examines the
work's significance and future potential. Modern NAND flash memory chips use
multi-level cells (MLC), which store two bits of data in each cell, to improve
chip density. As MLC NAND flash memory scaled down to smaller manufacturing
process technologies, manufacturers adopted a two-step programming method to
improve reliability. In two-step programming, the two bits of a multi-level
cell are programmed using two separate steps, in order to minimize the amount
of cell-to-cell program interference induced on neighboring flash cells.
In this work, we demonstrate that two-step programming exposes new
reliability and security vulnerabilities in state-of-the-art MLC NAND flash
memory. We experimentally characterize contemporary 1X-nm (i.e., 15--19nm)
flash memory chips, and find that a partially-programmed flash cell (i.e., a
cell where the second programming step has not yet been performed) is much more
vulnerable to cell-to-cell interference and read disturb than a
fully-programmed cell. We show that it is possible to exploit these
vulnerabilities on solid-state drives (SSDs) to alter the partially-programmed
data, causing (potentially malicious) data corruption. Based on our
observations, we propose several new mechanisms that eliminate or mitigate
these vulnerabilities in partially-programmed cells, and at the same time
increase flash memory lifetime by 16%
RowClone: Accelerating Data Movement and Initialization Using DRAM
In existing systems, to perform any bulk data movement operation (copy or
initialization), the data has to first be read into the on-chip processor, all
the way into the L1 cache, and the result of the operation must be written back
to main memory. This is despite the fact that these operations do not involve
any actual computation. RowClone exploits the organization and operation of
commodity DRAM to perform these operations completely inside DRAM using two
mechanisms. The first mechanism, Fast Parallel Mode, copies data between two
rows inside the same DRAM subarray by issuing back-to-back activate commands to
the source and the destination row. The second mechanism, Pipelined Serial
Mode, transfers cache lines between two banks using the shared internal bus.
RowClone significantly reduces the raw latency and energy consumption of bulk
data copy and initialization. This reduction directly translates to improvement
in performance and energy efficiency of systems running copy or
initialization-intensive workloadsComment: arXiv admin note: text overlap with arXiv:1605.0648
RowHammer: A Retrospective
This retrospective paper describes the RowHammer problem in Dynamic Random
Access Memory (DRAM), which was initially introduced by Kim et al. at the ISCA
2014 conference~\cite{rowhammer-isca2014}. RowHammer is a prime (and perhaps
the first) example of how a circuit-level failure mechanism can cause a
practical and widespread system security vulnerability. It is the phenomenon
that repeatedly accessing a row in a modern DRAM chip causes bit flips in
physically-adjacent rows at consistently predictable bit locations. RowHammer
is caused by a hardware failure mechanism called {\em DRAM disturbance errors},
which is a manifestation of circuit-level cell-to-cell interference in a scaled
memory technology.
Researchers from Google Project Zero demonstrated in 2015 that this hardware
failure mechanism can be effectively exploited by user-level programs to gain
kernel privileges on real systems. Many other follow-up works demonstrated
other practical attacks exploiting RowHammer. In this article, we
comprehensively survey the scientific literature on RowHammer-based attacks as
well as mitigation techniques to prevent RowHammer. We also discuss what other
related vulnerabilities may be lurking in DRAM and other types of memories,
e.g., NAND flash memory or Phase Change Memory, that can potentially threaten
the foundations of secure systems, as the memory technologies scale to higher
densities. We conclude by describing and advocating a principled approach to
memory reliability and security research that can enable us to better
anticipate and prevent such vulnerabilities.Comment: A version of this work is to appear at IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems (TCAD) Special Issue
on Top Picks in Hardware and Embedded Security, 2019. arXiv admin note:
substantial text overlap with arXiv:1703.00626, arXiv:1903.1105