54 research outputs found
Retrospective: Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors
Our ISCA 2014 paper provided the first scientific and detailed
characterization, analysis, and real-system demonstration of what is now
popularly known as the RowHammer phenomenon (or vulnerability) in modern
commodity DRAM chips, which are used as main memory in almost all modern
computing systems. It experimentally demonstrated that more than 80% of all
DRAM modules we tested from the three major DRAM vendors were vulnerable to the
RowHammer read disturbance phenomenon: one can predictably induce bitflips
(i.e., data corruption) in real DRAM modules by repeatedly accessing a DRAM row
and thus causing electrical disturbance to physically nearby rows. We showed
that a simple unprivileged user-level program induced RowHammer bitflips in
multiple real systems and suggested that a security attack can be built using
this proof-of-concept to hijack control of the system or cause other harm. To
solve the RowHammer problem, our paper examined seven different approaches
(including a novel probabilistic approach that has very low cost), some of
which influenced or were adopted in different industrial products.
Many later works from various research communities examined RowHammer,
building real security attacks, proposing new defenses, further analyzing the
problem at various (e.g., device/circuit, architecture, and system) levels, and
exploiting RowHammer for various purposes (e.g., to reverse-engineer DRAM
chips). Industry has worked to mitigate the problem, changing both memory
controllers and DRAM standards/chips. Two major DRAM vendors finally wrote
papers on the topic in 2023, describing their current approaches to mitigate
RowHammer. Research & development on RowHammer in both academia & industry
continues to be very active and fascinating.
This short retrospective provides a brief analysis of our ISCA 2014 paper and
its impact.Comment: Selected to the 50th Anniversary of ISCA (ACM/IEEE International
Symposium on Computer Architecture), Commemorative Issue, 202
Row hammer exploit in cloud environment
The rapid increase in the adoption rate of cloud computing, across numerous businesses, has resulted in extensive use of virtualization tools. Virtualization technology utilizes a software layer (hypervisor) to enable sharing of hardware between multiple tenants that are co-located on the same multi-processor system. This enables the consolidation of servers and user machines into a very small set of physical systems. Physical machines are replaced with virtual machines (VM), running on the same physical system, to achieve better utilization of the hardware. Consequently, cloud users work on and store their data in the same physical machine.
A crucial part of a cloud setup is preventing information leakage between tenants. While the hypervisor enforces software isolation, shared CPU, cache or memory, has the potential to leak sensitive information. This article aims to provide an overview of the security concerns in virtualization technology, particularly in relation to row hammer bug that affects the DRAM chips.
As DRAM process technology scales down in dimension, it becomes increasingly difficult to prevent sub-micron electrical interaction between DRAM cells. This leads to unintentional effects where, activating the same row or same set of rows in DRAM (row hammer) corrupts data in nearby rows. If row hammer is coupled with some resource sharing features that can be enabled in hypervisors, then there is a high likelihood of corrupting a piece of data that belongs to another VM. This article is a survey of some prior works in cloud-based row hammer attacks and sheds some light on the exploit mechanics
DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the-art DRAM Chips
To understand and improve DRAM performance, reliability, security and energy
efficiency, prior works study characteristics of commodity DRAM chips.
Unfortunately, state-of-the-art open source infrastructures capable of
conducting such studies are obsolete, poorly supported, or difficult to use, or
their inflexibility limit the types of studies they can conduct.
We propose DRAM Bender, a new FPGA-based infrastructure that enables
experimental studies on state-of-the-art DRAM chips. DRAM Bender offers three
key features at the same time. First, DRAM Bender enables directly interfacing
with a DRAM chip through its low-level interface. This allows users to issue
DRAM commands in arbitrary order and with finer-grained time intervals compared
to other open source infrastructures. Second, DRAM Bender exposes easy-to-use
C++ and Python programming interfaces, allowing users to quickly and easily
develop different types of DRAM experiments. Third, DRAM Bender is easily
extensible. The modular design of DRAM Bender allows extending it to (i)
support existing and emerging DRAM interfaces, and (ii) run on new commercial
or custom FPGA boards with little effort.
To demonstrate that DRAM Bender is a versatile infrastructure, we conduct
three case studies, two of which lead to new observations about the DRAM
RowHammer vulnerability. In particular, we show that data patterns supported by
DRAM Bender uncovers a larger set of bit-flips on a victim row compared to the
data patterns commonly used by prior work. We demonstrate the extensibility of
DRAM Bender by implementing it on five different FPGAs with DDR4 and DDR3
support. DRAM Bender is freely and openly available at
https://github.com/CMU-SAFARI/DRAM-Bender.Comment: To appear in TCAD 202
TRRespass: Exploiting the Many Sides of Target Row Refresh
After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors
scrambled to deliver what was meant to be the definitive hardware solution
against the RowHammer problem: Target Row Refresh (TRR). A common belief among
practitioners is that, for the latest generation of DDR4 systems that are
protected by TRR, RowHammer is no longer an issue in practice. However, in
reality, very little is known about TRR. In this paper, we demystify the inner
workings of TRR and debunk its security guarantees. We show that what is
advertised as a single mitigation mechanism is actually a series of different
solutions coalesced under the umbrella term TRR. We inspect and disclose, via a
deep analysis, different existing TRR solutions and demonstrate that modern
implementations operate entirely inside DRAM chips. Despite the difficulties of
analyzing in-DRAM mitigations, we describe novel techniques for gaining
insights into the operation of these mitigation mechanisms. These insights
allow us to build TRRespass, a scalable black-box RowHammer fuzzer. TRRespass
shows that even the latest generation DDR4 chips with in-DRAM TRR, immune to
all known RowHammer attacks, are often still vulnerable to new TRR-aware
variants of RowHammer that we develop. In particular, TRRespass finds that, on
modern DDR4 modules, RowHammer is still possible when many aggressor rows are
used (as many as 19 in some cases), with a method we generally refer to as
Many-sided RowHammer. Overall, our analysis shows that 13 out of the 42 modules
from all three major DRAM vendors are vulnerable to our TRR-aware RowHammer
access patterns, and thus one can still mount existing state-of-the-art
RowHammer attacks. In addition to DDR4, we also experiment with LPDDR4 chips
and show that they are susceptible to RowHammer bit flips too. Our results
provide concrete evidence that the pursuit of better RowHammer mitigations must
continue.Comment: 16 pages, 16 figures, in proceedings IEEE S&P 202
- …