Principled DRAM Security against Rowhammer Attacks
OPEN ACCESS
Author / Producer
Date
2024
Publication Type
Doctoral Thesis
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
The security of a system is fractioned into the guarantees of the multiple hardware devices that it relies on. DRAM is pivotal to today’s systems, yet its guarantees against sophisticated Rowhammer attacks are uncertain and undisclosed. Instead, the industry’s answer to Rowhammer has been security-by-obscurity, quickly proven to be a failure by researchers. It is therefore unclear if, differently from these results, in-DRAM mitigations can provide security against Rowhammer once designed with principled security guarantees. Designing in-DRAM Rowhammer mitigations is complex due to the devices’ synchronous nature and rigorous timings. As well, their scalability towards the possible worsening of Rowhammer in future devices is a crucial factor. On top of these challenges, DRAM vendors do not disclose the internal architecture of their devices, making the deployability of mitigations uncertain and their design based on assumptions. Meanwhile, the first high-end RISC-V CPU recently became available; however, no existing research has studied the feasibility of Rowhammer on this new emerging architecture. In this thesis, we demonstrate that the RISC-V ecosystem is also affected by Rowhammer by triggering bit flips on this architecture for the first time. While DRAM vendors have failed to secure DDR4 devices with TRR, we prove that this is possible with our principled in-DRAM Rowhammer mitigation. As future devices might suffer from low Rowhammer thresholds and a high blast radius, we modify the internal DRAM architecture to
protect against such cases. Our design is based on the collaboration with a minor DRAM vendor and the existing literature, and as such, its applicability to commodity devices is unclear. Therefore, to fill the long-lasting gap between industry and research, we image and reverse engineer DRAM devices from the three major vendors.
Permanent link
Publication status
published
External links
Editor
Contributors
Examiner : Razavi, Kaveh
Examiner : Qureshi, Moinuddin
Examiner : Ahn, Jung Ho
Book title
Journal / series
Volume
Pages / Article No.
Publisher
ETH Zurich
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
DRAM; Security; Hardware; Reverse engineering; Rowhammer; imaging; RISC-V; Memory controller; Fuzzer; Fuzzing; SEM; FIB; RFM; DDR4; DDR5; Security analysis; TRR
Organisational unit
09721 - Razavi, Kaveh / Razavi, Kaveh