299 research outputs found
RAMPART: RowHammer Mitigation and Repair for Server Memory Systems
RowHammer attacks are a growing security and reliability concern for DRAMs
and computer systems as they can induce many bit errors that overwhelm error
detection and correction capabilities. System-level solutions are needed as
process technology and circuit improvements alone are unlikely to provide
complete protection against RowHammer attacks in the future. This paper
introduces RAMPART, a novel approach to mitigating RowHammer attacks and
improving server memory system reliability by remapping addresses in each DRAM
in a way that confines RowHammer bit flips to a single device for any victim
row address. When RAMPART is paired with Single Device Data Correction (SDDC)
and patrol scrub, error detection and correction methods in use today, the
system can detect and correct bit flips from a successful attack, allowing the
memory system to heal itself. RAMPART is compatible with DDR5 RowHammer
mitigation features, as well as a wide variety of algorithmic and probabilistic
tracking methods. We also introduce BRC-VL, a variation of DDR5 Bounded Refresh
Configuration (BRC) that improves system performance by reducing mitigation
overhead and show that it works well with probabilistic sampling methods to
combat traditional and victim-focused mitigation attacks like Half-Double. The
combination of RAMPART, SDDC, and scrubbing enables stronger RowHammer
resistance by correcting bit flips from one successful attack. Uncorrectable
errors are much less likely, requiring two successful attacks before the memory
system is scrubbed.Comment: 16 pages, 13 figures. A version of this paper will appear in the
Proceedings of MEMSYS2
PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses
Rowhammer is a hardware vulnerability in DRAM memory, where repeated access
to memory can induce bit flips in neighboring memory locations. Being a
hardware vulnerability, rowhammer bypasses all of the system memory protection,
allowing adversaries to compromise the integrity and confidentiality of data.
Rowhammer attacks have shown to enable privilege escalation, sandbox escape,
and cryptographic key disclosures. Recently, several proposals suggest
exploiting the spatial proximity between the accessed memory location and the
location of the bit flip for a defense against rowhammer. These all aim to deny
the attacker's permission to access memory locations near sensitive data. In
this paper, we question the core assumption underlying these defenses. We
present PThammer, a confused-deputy attack that causes accesses to memory
locations that the attacker is not allowed to access. Specifically, PThammer
exploits the address translation process of modern processors, inducing the
processor to generate frequent accesses to protected memory locations. We
implement PThammer, demonstrating that it is a viable attack, resulting in a
system compromise (e.g., kernel privilege escalation). We further evaluate the
effectiveness of proposed software-only defenses showing that PThammer can
overcome those.Comment: Preprint of the work accepted at the International Symposium on
Microarchitecture (MICRO) 2020. arXiv admin note: text overlap with
arXiv:1912.0307
TRRespass: Exploiting the Many Sides of Target Row Refresh
After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors
scrambled to deliver what was meant to be the definitive hardware solution
against the RowHammer problem: Target Row Refresh (TRR). A common belief among
practitioners is that, for the latest generation of DDR4 systems that are
protected by TRR, RowHammer is no longer an issue in practice. However, in
reality, very little is known about TRR. In this paper, we demystify the inner
workings of TRR and debunk its security guarantees. We show that what is
advertised as a single mitigation mechanism is actually a series of different
solutions coalesced under the umbrella term TRR. We inspect and disclose, via a
deep analysis, different existing TRR solutions and demonstrate that modern
implementations operate entirely inside DRAM chips. Despite the difficulties of
analyzing in-DRAM mitigations, we describe novel techniques for gaining
insights into the operation of these mitigation mechanisms. These insights
allow us to build TRRespass, a scalable black-box RowHammer fuzzer. TRRespass
shows that even the latest generation DDR4 chips with in-DRAM TRR, immune to
all known RowHammer attacks, are often still vulnerable to new TRR-aware
variants of RowHammer that we develop. In particular, TRRespass finds that, on
modern DDR4 modules, RowHammer is still possible when many aggressor rows are
used (as many as 19 in some cases), with a method we generally refer to as
Many-sided RowHammer. Overall, our analysis shows that 13 out of the 42 modules
from all three major DRAM vendors are vulnerable to our TRR-aware RowHammer
access patterns, and thus one can still mount existing state-of-the-art
RowHammer attacks. In addition to DDR4, we also experiment with LPDDR4 chips
and show that they are susceptible to RowHammer bit flips too. Our results
provide concrete evidence that the pursuit of better RowHammer mitigations must
continue.Comment: 16 pages, 16 figures, in proceedings IEEE S&P 202
ํ์ ์๋์ฐ ์นด์ดํฐ๋ฅผ ํ์ฉํ ๋ก์ฐ ํด๋จธ๋ง ๋ฐฉ์ง ๋ฐ ์ฃผ๊ธฐ์ต์ฅ์น ์ฑ๋ฅ ํฅ์
ํ์๋
ผ๋ฌธ (๋ฐ์ฌ) -- ์์ธ๋ํ๊ต ๋ํ์ : ์ตํฉ๊ณผํ๊ธฐ์ ๋ํ์ ์ตํฉ๊ณผํ๋ถ(์ง๋ฅํ์ตํฉ์์คํ
์ ๊ณต), 2020. 8. ์์ ํธ.Computer systems using DRAM are exposed to row-hammer (RH) attacks, which can flip data in a DRAM row without directly accessing a row but by frequently activating its adjacent ones. There have been a number of proposals to prevent RH, including both probabilistic and deterministic solutions. However, the probabilistic solutions provide protection with no capability to detect attacks and have a non-zero probability for missing protection. Otherwise, counter-based deterministic solutions either incur large area overhead or suffer from noticeable performance drop on adversarial memory access patterns.
To overcome these challenges, we propose a new counter-based RH prevention solution named Time Window Counter (TWiCe) based row refresh, which accurately detects potential RH attacks only using a small number of counters with a minimal performance impact. We first make a key observation that the number of rows that can cause RH is limited by the maximum values of row activation frequency and DRAM cell retention time. We calculate the maximum number of required counter entries per DRAM bank, with which TWiCe prevents RH with a strong deterministic guarantee. TWiCe incurs no performance overhead on normal DRAM operations and less than 0.7% area and energy overheads over contemporary DRAM devices. Our evaluation shows that TWiCe makes no more than 0.006% of additional DRAM row activations for adversarial memory access patterns, including RH attack scenarios.
To reduce the area and energy overhead further, we propose the threshold adjusted rank-level TWiCe. We first introduce pseudo-associative TWiCe (pa-TWiCe) that can search for hundreds of TWiCe table entries energy-efficiently. In addition, by exploiting pa-TWiCe structure, we propose rank-level TWiCe that reduces the number of required entries further by managing the table entries at a rank-level. We also adjust the thresholds of TWiCe to reduce the number of entries without the increase of false-positive detection on general workloads.
Finally, we propose extend TWiCe as a hot-page detector to improve main-memory performance. TWiCe table contains the row addresses that have been frequently activated recently, and they are likely to be activated again due to temporal locality in memory accesses. We show how the hot-page detection in TWiCe can be combined with a DRAM page swap methodology to reduce the DRAM latency for the hot pages. Also, our evaluation shows that low-latency DRAM using TWiCe achieves up to 12.2% IPC improvement over a baseline DDR4 device for a multi-threaded workload.DRAM์ ์ฃผ๊ธฐ์ต์ฅ์น๋ก ์ฌ์ฉํ๋ ์ปดํจํฐ ์์คํ
์ ๋ก์ฐ ํด๋จธ๋ง ๊ณต๊ฒฉ์ ๋
ธ์ถ๋๋ค. ๋ก์ฐ ํด๋จธ๋ง์ ์ธ์ DRAM ๋ก์ฐ๋ฅผ ์์ฃผ activationํจ์ผ๋ก์จ ํน์ DRAM ๋ก์ฐ ๋ฐ์ดํฐ์ ์ง์ ์ ๊ทผํ์ง ์๊ณ ์๋ ๋ฐ์ดํฐ๋ฅผ ๋ค์ง์ ์ ์๋ ํ์์ ๋งํ๋ค. ์ด๋ฌํ ๋ก์ฐ ํด๋จธ๋ง ํ์์ ๋ฐฉ์งํ๊ธฐ ์ํด ์ฌ๋ฌ๊ฐ์ง ํ๋ฅ ์ ์ธ ๋ฐฉ์ง ๊ธฐ๋ฒ๊ณผ ๊ฒฐ์ ๋ก ์ ๋ฐฉ์ง ๊ธฐ๋ฒ๋ค์ด ์ฐ๊ตฌ๋์ด ์๋ค. ๊ทธ๋ฌ๋, ํ๋ฅ ์ ์ธ ๋ฐฉ์ง ๊ธฐ๋ฒ์ ๊ณต๊ฒฉ ์์ฒด๋ฅผ ํ์งํ ์ ์๊ณ , ๋ฐฉ์ง์ ์คํจํ ํ๋ฅ ์ด 0์ด ์๋๋ผ๋ ํ๊ณ๊ฐ ์๋ค. ๋ํ ๊ธฐ์กด์ ์นด์ดํฐ๋ฅผ ํ์ฉํ ๊ฒฐ์ ๋ก ์ ๋ฐฉ์ง ๊ธฐ๋ฒ๋ค์ ํฐ ์นฉ ๋ฉด์ ๋น์ฉ์ ๋ฐ์์ํค๊ฑฐ๋ ํน์ ๋ฉ๋ชจ๋ฆฌ ์ ๊ทผ ํจํด์์ ํ์ ํ ์ฑ๋ฅ ํ๋ฝ์ ์ผ๊ธฐํ๋ค๋ ๋จ์ ์ด ์๋ค.
์ด๋ฌํ ๋ฌธ์ ๋ฅผ ํด๊ฒฐํ๊ธฐ ์ํด, ์ฐ๋ฆฌ๋ TWiCe (Time Window Counter based row refresh)๋ผ๋ ์๋ก์ด ์นด์ดํฐ ๊ธฐ๋ฐ ๊ฒฐ์ ๋ก ์ ๋ฐฉ์ง ๊ธฐ๋ฒ์ ์ ์ํ๋ค. TWiCe๋ ์ ์ ์์ ์นด์ดํฐ๋ฅผ ํ์ฉํ์ฌ ๋ก์ฐ ํด๋จธ๋ง ๊ณต๊ฒฉ์ ์ ํํ๊ฒ ํ์งํ๋ฉด์๋ ์ฑ๋ฅ์ ์
์ํฅ์ ์ต์ํํ๋ ๋ฐฉ๋ฒ์ด๋ค. ์ฐ๋ฆฌ๋ DRAM ํ์ด๋ฐ ํ๋ผ๋ฏธํฐ์ ์ํด ๋ก์ฐ activation ๋น๋๊ฐ ์ ํ๋๊ณ DRAM ์
์ด ์ฃผ๊ธฐ์ ์ผ๋ก ๋ฆฌํ๋ ์ ๋๊ธฐ ๋๋ฌธ์ ๋ก์ฐ ํด๋จธ๋ง์ ์ผ๊ธฐํ ์ ์๋ DRAM ๋ก์ฐ์ ์๊ฐ ํ์ ๋๋ค๋ ์ฌ์ค์ ์ฃผ๋ชฉํ์๋ค. ์ด๋ก๋ถํฐ ์ฐ๋ฆฌ๋ TWiCe๊ฐ ํ์คํ ๊ฒฐ์ ๋ก ์ ๋ฐฉ์ง๋ฅผ ๋ณด์ฅํ ๊ฒฝ์ฐ ํ์ํ DRAM ๋ฑ
ํฌ ๋น ํ์ํ ์นด์ดํฐ ์์ ์ต๋๊ฐ์ ๊ตฌํ์๋ค. TWiCe๋ ์ผ๋ฐ์ ์ธ DRAM ๋์ ๊ณผ์ ์์๋ ์ฑ๋ฅ์ ์๋ฌด๋ฐ ์ํฅ์ ๋ฏธ์น์ง ์์ผ๋ฉฐ, ํ๋ DRAM ๋๋ฐ์ด์ค์์ 0.7% ์ดํ์ ์นฉ ๋ฉด์ ์ฆ๊ฐ ๋ฐ ์๋์ง ์ฆ๊ฐ๋ง์ ํ์๋ก ํ๋ค. ์ฐ๋ฆฌ๊ฐ ์งํํ ํ๊ฐ์์ TWiCe๋ ๋ก์ฐ ํด๋จธ๋ง ๊ณต๊ฒฉ ์๋๋ฆฌ์ค๋ฅผ ํฌํจํ ์ฌ๋ฌ๊ฐ์ง ๋ฉ๋ชจ๋ฆฌ ์ ๊ทผ ํจํด์์ 0.006% ์ดํ์ ์ถ๊ฐ์ ์ธ DRAM activation์ ์๊ตฌํ์๋ค.
๋ํ TWiCe์ ์นฉ ๋ฉด์ ๋ฐ ์๋์ง ๋น์ฉ์ ๋์ฑ ์ค์ด๊ธฐ ์ํ์ฌ, ์ฐ๋ฆฌ๋ threshold๊ฐ ์กฐ์ ๋ ๋ญํฌ ๋จ์ TWiCe๋ฅผ ์ ์ํ๋ค. ๋จผ์ , ์๋ฐฑ๊ฐ๊ฐ ๋๋ TWiCe ํ
์ด๋ธ ํญ๋ชฉ ๊ฒ์์ ์๋์ง ํจ์จ์ ์ผ๋ก ์ํํ ์ ์๋ pa-TWiCe (pseudo-associatvie TWiCe)๋ฅผ ์ ์ํ์๋ค. ๊ทธ๋ฆฌ๊ณ , ํ
์ด๋ธ ํญ๋ชฉ์ ๋ญํฌ ๋จ์๋ก ๊ด๋ฆฌํ์ฌ ํ์ํ ํ
์ด๋ธ ํญ๋ชฉ์ ์๋ฅผ ๋์ฑ ์ค์ธ ๋ญํฌ ๋จ์ TWiCe๋ฅผ ์ ์ํ์๋ค. ๋ํ, ์ฐ๋ฆฌ๋ TWiCe์ threshold ๊ฐ์ ์กฐ์ ํจ์ผ๋ก์จ ์ผ๋ฐ์ ์ธ ์ํฌ๋ก๋ ์์์ ๊ฑฐ์ง ์์ฑ(false-positive) ํ์ง๋ฅผ ์ฆ๊ฐ์ํค์ง ์๋ ์ ์์ TWiCe์ ํ
์ด๋ธ ํญ๋ชฉ ์๋ฅผ ๋์ฑ ์ค์๋ค.
๋ง์ง๋ง์ผ๋ก, ์ฐ๋ฆฌ๋ ์ปดํจํฐ ์์คํ
์ ์ฃผ๊ธฐ์ต์ฅ์น ์ฑ๋ฅ ํฅ์์ ์ํด TWiCe๋ฅผ hot-page ๊ฐ์ง๊ธฐ๋ก ์ฌ์ฉํ๋ ๊ฒ์ ์ ์ํ๋ค. ๋ฉ๋ชจ๋ฆฌ ์ ๊ทผ์ ์๊ฐ์ ์ง์ญ์ฑ์ ์ํด ์ต๊ทผ ์์ฃผ activation๋ DRAM ๋ก์ฐ๋ค์ ๋ค์ activation๋ ํ๋ฅ ์ด ๋๊ณ , TWiCe๋ ์ต๊ทผ ์์ฃผ activation๋ DRAM ๋ก์ฐ์ ๋ํ ์ ๋ณด๋ฅผ ๊ฐ์ง๊ณ ์๋ค. ์ด๋ฌํ ์ฌ์ค์ ๊ธฐ๋ฐํ์ฌ, ์ฐ๋ฆฌ๋ hot-page์ ๋ํ DRAM ์ ๊ทผ ์ง์ฐ์๊ฐ์ ์ค์ด๋ DRAM ํ์ด์ง ์ค์(swap) ๊ธฐ๋ฒ๋ค์ TWiCe๋ฅผ ์ ์ฉํ๋ ๋ฐฉ๋ฒ์ ๋ณด์ธ๋ค. ์ฐ๋ฆฌ๊ฐ ์ํํ ํ๊ฐ์์ TWiCe๋ฅผ ์ฌ์ฉํ ์ ์ง์ฐ์๊ฐ DRAM์ ๋ฉํฐ ์ฐ๋ ๋ฉ ์ํฌ๋ก๋๋ค์์ ๊ธฐ์กด DDR4 ๋๋ฐ์ด์ค ๋๋น IPC๋ฅผ ์ต๋ 12.2% ์ฆ๊ฐ์์ผฐ๋ค.Introduction 1
1.1 Time Window Counter Based Row Refresh to Prevent Row-hammering 2
1.2 Optimizing Time Window Counter 6
1.3 Using Time Window Counters to Improve Main Memory Performance 8
1.4 Outline 10
Background of DRAM and Row-hammering 11
2.1 DRAM Device Organization 12
2.2 Sparing DRAM Rows to Combat Reliability Challenges 13
2.3 Main Memory Subsystem Organization and Operation 14
2.4 Row-hammering (RH) 18
2.5 Previous RH Prevention Solutions 20
2.6 Limitations of the Previous RH Solutions 21
TWiCe: Time Window Counter based RH Prevention 26
3.1 TWiCe: Time Window Counter 26
3.2 Proof of RH Prevention 30
3.3 Counter Table Size 33
3.4 Architecting TWiCe 35
3.4.1 Location of TWiCe Table 35
3.4.2 Augmenting DRAM Interface with a New Adjacent Row Refresh (ARR) Command 37
3.5 Analysis 40
3.6 Evaluation 42
Optimizing TWiCe to Reduce Implementation Cost 47
4.1 Pseudo-associative TWiCe 47
4.2 Rank-level TWiCe 50
4.3 Adjusting Threshold to Reduce Table Size 55
4.4 Analysis 57
4.5 Evaluation 59
Augmenting TWiCe for Hot-page Detection 62
5.1 Necessity of Counters for Detecting Hot Pages 62
5.2 Previous Studies on Migration for Asymmetric Low-latency DRAM 64
5.3 Extending TWiCe for Dynamic Hot-page Detection 67
5.4 Additional Components and Methodology 70
5.5 Analysis and Evaluation 73
5.5.1 Overhead Analysis 73
5.5.2 Evaluation 75
Conclusion 82
6.1 Future work 84
Bibliography 85
๊ตญ๋ฌธ์ด๋ก 94Docto
Scalable and Configurable Tracking for Any Rowhammer Threshold
The Rowhammer vulnerability continues to get worse, with the Rowhammer
Threshold (TRH) reducing from 139K activations to 4.8K activations over the
last decade. Typical Rowhammer mitigations rely on tracking aggressor rows. The
number of possible aggressors increases with lowering thresholds, making it
difficult to reliably track such rows in a storage-efficient manner. At lower
thresholds, academic trackers such as Graphene require prohibitive SRAM
overheads (hundreds of KBs to MB). Recent in-DRAM trackers from industry, such
as DSAC-TRR, perform approximate tracking, sacrificing guaranteed protection
for reduced storage overheads, leaving DRAM vulnerable to Rowhammer attacks.
Ideally, we seek a scalable tracker that tracks securely and precisely, and
incurs negligible dedicated SRAM and performance overheads, while still being
able to track arbitrarily low thresholds.
To that end, we propose START - a Scalable Tracker for Any Rowhammer
Threshold. Rather than relying on dedicated SRAM structures, START dynamically
repurposes a small fraction the Last-Level Cache (LLC) to store tracking
metadata. START is based on the observation that while the memory contains
millions of rows, typical workloads touch only a small subset of rows within a
refresh period of 64ms, so allocating tracking entries on demand significantly
reduces storage. If the application does not access many rows in memory, START
does not reserve any LLC capacity. Otherwise, START dynamically uses 1-way,
2-way, or 8-way of the cache set based on demand. START consumes, on average,
9.4% of the LLC capacity to store metadata, which is 5X lower compared to
dedicating a counter in LLC for each row in memory. We also propose START-M, a
memory-mapped START for large-memory systems. Our designs require only 4KB SRAM
for newly added structures and perform within 1% of idealized tracking even at
TRH of less than 100
Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations
Modern systems mitigate Rowhammer using victim refresh, which refreshes the
two neighbours of an aggressor row when it encounters a specified number of
activations. Unfortunately, complex attack patterns like Half-Double break
victim-refresh, rendering current systems vulnerable. Instead, recently
proposed secure Rowhammer mitigations rely on performing mitigative action on
the aggressor rather than the victims. Such schemes employ mitigative actions
such as row-migration or access-control and include AQUA, SRS, and Blockhammer.
While these schemes incur only modest slowdowns at Rowhammer thresholds of few
thousand, they incur prohibitive slowdowns (15%-600%) for lower thresholds that
are likely in the near future. The goal of our paper is to make secure
Rowhammer mitigations practical at such low thresholds.
Our paper provides the key insights that benign application encounter
thousands of hot rows (receiving more activations than the threshold) due to
the memory mapping, which places spatially proximate lines in the same row to
maximize row-buffer hitrate. Unfortunately, this causes row to receive
activations for many frequently used lines. We propose Rubix, which breaks the
spatial correlation in the line-to-row mapping by using an encrypted address to
access the memory, reducing the likelihood of hot rows by 2 to 3 orders of
magnitude. To aid row-buffer hits, Rubix randomizes a group of 1-4 lines. We
also propose Rubix-D, which dynamically changes the line-to-row mapping.
Rubix-D minimizes hot-rows and makes it much harder for an adversary to learn
the spatial neighbourhood of a row. Rubix reduces the slowdown of AQUA (from
15% to 1%), SRS (from 60% to 2%), and Blockhammer (from 600% to 3%) while
incurring a storage of less than 1 Kilobyte
- โฆ