Quantifying Rowhammer Vulnerability for DRAM Security

New insight on Rowhammer attacks, including an analytical model of capacitive-coupling vulnerabilities in DRAMs.


“Rowhammer is a memory-based attack that leverages capacitive-coupling to induce faults in modern dynamic random-access memory (DRAM). Over the last decade, a significant number of Rowhammer attacks have been presented to reveal that it is a severe security issue capable of causing privilege escalations, launching distributed denial-of-service (DDoS) attacks, and even runtime attack such as control flow hijacking. Moreover, the Rowhammer vulnerability has also been identified and validated in both cloud computing and data center environments, threatening data security and privacy at a large scale. Various solutions have been proposed to counter Rowhammer attacks but existing methods lack a circuit-level explanation of the capacitive-coupling phenomenon in modern DRAMs, the key cause of Rowhammer attacks.

In this paper, we develop an analytical model of capacitive-coupling vulnerabilities in DRAMs. We thoroughly analyze all parameters in the mathematical model contributing to the Rowhammer vulnerability and quantify them through real DRAM measurements. We validate the model with different attributions on a wide range of DRAM brands from various manufacturers. Through our model we re-evaluate existing Rowhammer attacks on both DDR3 and DDR4 memory, including the recently developed TRRespass attack. Our analysis presents a new Rowhammer attack insight and will guide future research in this area.”

Find the technical paper link here and here (IEEE Xplore). Published Dec. 2021.

Y. Jiang, H. Zhu, D. Sullivan, X. Guo, X. Zhang and Y. Jin, “Quantifying Rowhammer Vulnerability for DRAM Security,” 2021 58th ACM/IEEE Design Automation Conference (DAC), 2021, pp. 73-78, doi: 10.1109/DAC18074.2021.9586119.

Visit Semiconductor Engineering’s Technical Paper repository here and discover many more chip industry academic papers.

Leave a Reply

(Note: This name will be displayed publicly)