U-TRR, a novel experimental methodology for reverse-engineering the main RowHammer mitigation mechanism
Abstract:
“The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but its exact are not openly disclosed. Security guarantees of TRR mechanisms implementations cannot be easily studied due to their proprietary nature.
To assess the security guarantees of recent DRAM chips, we present Uncovering TRR (U-TRR), an experimental methodology to analyze in-DRAM TRR implementations. U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR victim rows. U-TRR allows us to (i) understand how logical DRAM refreshes potential rows are laid out physically in silicon; (ii) study undocumented on-die TRR mechanisms; and (iii) combine (i) and (ii) to evaluate the RowHammer security guarantees of modern DRAM chips. We show how U-TRR allows us to craft RowHammer access patterns that successfully circumvent the TRR mechanisms employed in 45 DRAM modules of the three major DRAM vendors. We find that the DRAM modules we analyze are vulnerable to RowHammer, having bit flips in up to 99.9% of all DRAM rows.”
Find the technical paper link here.
Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, Onur Mutlu. This work is to appear at the 54th IEEE/ACM International Symposium on Microarchitecture (MICRO 2021).
Is There A Practical Test For Rowhammer Vulnerability?
New approaches surface for persistent DRAM issue.
DRAM’s Persistent Threat To Chip Security
Rowhammer attack on memory could create significant issues for systems; possible solution emerges.
More Data, More Memory-Scaling Problems
Challenges persist for DRAM, flash, and new memories.
Leave a Reply