Onur Mutlu
ABSTRACT
We provide an overview of recent developments and future directions in the RowHammer vulnerability that plagues modern DRAM (Dynamic Random Memory Access) chips, which are used in almost all computing systems as main memory.
RowHammer is the phenomenon in which repeatedly accessing a row in a real DRAM chip causes bitflips (i.e., data corruption) in physically nearby rows. This phenomenon leads to a serious and widespread system security vulnerability, as many works since the original RowHammer paper in 2014 have shown. Recent analysis of the RowHammer phenomenon reveals that the problem is getting much worse as DRAM technology scaling continues: newer DRAM chips are fundamentally more vulnerable to RowHammer at the device and circuit levels. Deeper analysis of RowHammer shows that there are many dimensions to the problem as the vulnerability is sensitive to many variables, including environmental conditions (temperature & voltage), process variation, stored data patterns, as well as memory access patterns and memory control policies. As such, it has proven difficult to devise fully-secure and very efficient (i.e., low-overhead in performance, energy, area) protection mechanisms against RowHammer and attempts made by DRAM manufacturers have been shown to lack security guarantees.
After reviewing various recent developments in exploiting, understanding, and mitigating RowHammer, we discuss future directions that we believe are critical for solving the RowHammer problem. We argue for two major directions to amplify research and development efforts in: 1) building a much deeper understanding of the problem and its many dimensions, in both cutting-edge DRAM chips and computing systems deployed in the field, and 2) the design and development of extremely efficient and fully-secure solutions via system-memory cooperation.
- M. T. Aga et al., "When Good Protections Go Bad: Exploiting Anti-DoS Measures to Accelerate Rowhammer Attacks," in HOST, 2017.Google Scholar
- S. Agarwal et al., "Rowhammer for Spin Torque based Memory: Problem or not?" in INTERMAG, 2018.Google Scholar
- S. M. Ajorpaz et al., "EVAX: Towards a Practical, Pro-active & Adaptive Architecture for High Performance & Security," in MICRO, 2022.Google Scholar
- Apple Inc., "About the Security Content of Mac EFI Security Update 2015-001," https://support.apple.com/en-us/HT204934, 2015.Google Scholar
- Z. B. Aweke et al., "ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks," in ASPLOS, 2016.Google Scholar
- K. Bains et al., "Row Hammer Refresh Command," US Patents: 9,117,544 9,236,110 10,210,925, 2015.Google Scholar
- K. Bains et al., "Method, Apparatus and System for Providing a Memory Refresh," US Patent: 9,030,903, 2015.Google Scholar
- K. S. Bains and J. B. Halbert, "Distributed Row Hammer Tracking," US Patent: 9,299,400, 2016.Google Scholar
- K. S. Bains and J. B. Halbert, "Row Hammer Monitoring Based on Stored Row Hammer Threshold Value," US Patent: 10,083,737, 2016.Google Scholar
- A. Barenghi et al., "Software-only Reverse Engineering of Physical DRAM Mappings for Rowhammer Attacks," in IVSW, 2018.Google Scholar
- T. Bennett et al., "Panopticon: A Complete In-DRAM Rowhammer Mitigation," in DRAMSec, 2021.Google Scholar
- S. Bhattacharya and D. Mukhopadhyay, "Curious Case of RowHammer: Flipping Secret Exponent Bits using Timing Analysis," in CHES, 2016.Google Scholar
- S. Bhattacharya and D. Mukhopadhyay, "Advanced Fault Attacks in Software: Exploiting the Rowhammer Bug," in Fault Tolerant Architectures for Cryptography and Hardware Security, 2018.Google Scholar
- A. Boroumand et al., "Google Neural Network Models for Edge Devices: Analyzing and Mitigating Machine Learning Inference Bottlenecks," in PACT, 2021.Google Scholar
- A. Boroumand et al., "Google Workloads for Consumer Devices: Mitigating Data Movement Bottlenecks," in ASPLOS, 2018.Google ScholarDigital Library
- E. Bosman et al., "Dedup Est Machina: Memory Deduplication as An Advanced Exploitation Vector," in S&P, 2016.Google Scholar
- R. Boyer and J. S. Moore, "A Fast Majority Vote Algorithm," Technical Report 35, Institute for Computer Science, UT Austin, 1982.Google Scholar
- F. Brasser et al., "Can't Touch This: Software-Only Mitigation Against Rowhammer Attacks Targeting Kernel Memory," in USENIX Security, 2017.Google Scholar
- L. Bu et al., "SRASA: a Generalized Theoretical Framework for Security and Reliability Analysis in Computing Systems," Journal of Hardware and Systems Security, 2018.Google Scholar
- W. Burleson et al., "Invited: Who is the Major Threat to Tomorrow's Security? You, the Hardware Designer," in DAC, 2016.Google Scholar
- S. Carre et al., "OpenSSL Bellcore's Protection Helps Fault Attack," in DSD, 2018.Google Scholar
- K. K. Chang et al., "Improving DRAM Performance by Parallelizing Refreshes with Accesses," in HPCA, 2014.Google Scholar
- K. K. Chang et al., "Low-Cost Inter-Linked Subarrays (LISA): Enabling Fast Inter-Subarray Data Movement in DRAM," in HPCA, 2016.Google Scholar
- Y. Cohen et al., "HammerScope: Observing DRAM Power Consumption Using Rowhammer," in CCS, 2022.Google ScholarDigital Library
- L. Cojocar et al., "Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers," in S&P, 2020.Google ScholarCross Ref
- L. Cojocar et al., "Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks," in S&P, 2019.Google Scholar
- G. F. de Oliveira et al., "DAMOV: A New Methodology and Benchmark Suite for Evaluating Data Movement Bottlenecks," IEEE Access, 2021.Google Scholar
- F. de Ridder et al., "SMASH: Synchronized Many-Sided Rowhammer Attacks from JavaScript," in USENIX Security, 2021.Google Scholar
- F. Devaux and R. Ayrignac, "Method and Circuit for Protecting a DRAM Memory Device from the Row Hammer Effect," US Patent: 10,885,966, 2021.Google Scholar
- S. Enomoto et al., "Efficient Protection Mechanism for CPU Cache Flush Instruction Based Attacks," IEICE Transactions on Information and Systems, 2022.Google ScholarCross Ref
- M. Fahr Jr et al., "When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer," CCS, 2022.Google ScholarDigital Library
- A. Fakhrzadehgan et al., "SafeGuard: Reducing the Security Risk from RowHammer via Low-Cost Integrity Protection," in HPCA, 2022.Google Scholar
- M. Fang et al., "Computing Iceberg Queries Efficiently," VLDB, 1998.Google Scholar
- M. Fischer and S. Salzberg, "Finding a Majority Among N Votes: Solution to Problem 81-5," Journal of Algorithms, 1982.Google Scholar
- A. P. Fournaris et al., "Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: A Survey of Potent Microarchitectural Attacks," Electronics, 2017.Google Scholar
- T. Fridley and O. Santos, "Mitigations Available for the DRAM Row Hammer Vulnerability," http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability, March 2015.Google Scholar
- P. Frigo et al., "Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU," in S&P, 2018.Google Scholar
- P. Frigo et al., "TRRespass: Exploiting the Many Sides of Target Row Refresh," in S&P, 2020.Google Scholar
- P. R. Genssler et al., "On the Reliability of FeFET On-Chip Memory," TC, 2022.Google Scholar
- H. Gomez et al., "DRAM Row-hammer Attack Reduction using Dummy Cells," in NORCAS, 2016.Google Scholar
- Z. Greenfield et al., "Row Hammer Condition Monitoring," US Patent: 8,938,573, 2015.Google Scholar
- D. Gruss et al., "Another Flip in the Wall of Rowhammer Defenses," in S&P, 2018.Google ScholarCross Ref
- D. Gruss et al., "Rowhammer.js: A Remote Software-Induced Fault Attack in Javascript," in DIMVA, 2016.Google Scholar
- J.-W. Han et al., "Surround Gate Transistor With Epitaxially Grown Si Pillar and Simulation Study on Soft Error and Rowhammer Tolerance for DRAM," IEEE TED, 2021.Google Scholar
- H. Hassan et al., "CROW: A Low-Cost Substrate for Improving DRAM Performance, Energy Efficiency, and Reliability," in ISCA, 2019.Google Scholar
- H. Hassan et al., "A Case for Self-Managing DRAM Chips: Improving Performance, Efficiency, Reliability, and Security via Autonomous in-DRAM Maintenance Operations," arXiv:2207.13358, 2022.Google Scholar
- H. Hassan et al., "Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications," in MICRO, 2021.Google Scholar
- H. Hassan et al., "SoftMC: A Flexible and Practical Open-Source Infrastructure for Enabling Experimental DRAM Studies," in HPCA, 2017.Google Scholar
- Hewlett-Packard Enterprise, "HP Moonshot Component Pack Version 2015.05.0," http://h17007.www1.hp.com/us/en/enterprise/servers/products/moonshot/component-pack/index.aspx, 2015.Google Scholar
- S. Hong et al., "Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks," in USENIX Security, 2019.Google Scholar
- G. Irazoqui et al., "MASCAT: Stopping Microarchitectural Attacks Before Execution," IACR Cryptology, 2016.Google Scholar
- N. Izzo, "Reliably Achieving and Efficiently Preventing Rowhammer Attacks," Ph.D. dissertation, Politecnico Milano, 2017.Google Scholar
- Y. Jang et al., "SGX-Bomb: Locking Down the Processor via Rowhammer Attack," in SysTEX, 2017.Google ScholarDigital Library
- P. Jattke et al., "Blacksmith: Scalable Rowhammering in the Frequency Domain," in S&P, 2022.Google Scholar
- JEDEC, JESD79-5: DDR5 SDRAM Standard, 2020.Google Scholar
- JEDEC, JEP300-1: Near-Term DRAM Level RowHammer Mitigation, 2021.Google Scholar
- JEDEC, JEP301-1: System Level RowHammer Mitigation, 2021.Google Scholar
- JEDEC, "JEDEC Global Standards for the Microelectronics Industry," https://www.jedec.org/, 2022.Google Scholar
- S. Ji et al., "Pinpoint Rowhammer: Suppressing Unwanted Bit Flips on Rowhammer Attacks," in ASIACCS, 2019.Google ScholarDigital Library
- B. K. Joardar et al., "Learning to Mitigate RowHammer Attacks," in DATE, 2022.Google Scholar
- B. K. Joardar et al., "Machine Learning-based Rowhammer Mitigation," TCAD, 2022.Google Scholar
- J. Juffinger et al., "CSI: Rowhammer-Cryptographic Security and Integrity against Rowhammer (to appear)," in S&P, 2023.Google Scholar
- M. Kaczmarski, "Thoughts on Intel Xeon E5-2600 v2 Product Family Performance Optimisation - Component Selection Guidelines," http://infobazy.gda.pl/2014/pliki/prezentacje/d2s2e4-Kaczmarski-Optymalna.pdf, page 13, 2014.Google Scholar
- S. Kanev et al., "Profiling a Warehouse-Scale Computer," in ISCA, 2015.Google Scholar
- I. Kang et al., "CAT-TWO: Counter-Based Adaptive Tree, Time Window Optimized for DRAM Row-Hammer Prevention," IEEE Access, 2020.Google Scholar
- U. Kang et al., "Co-Architecting Controllers and DRAM to Enhance DRAM Process Scaling," in The Memory Forum, 2014.Google Scholar
- R. M. Karp et al., "A Simple Algorithm for Finding Frequent Elements in Streams and Bags," Transactions on Database Systems, 2003.Google ScholarDigital Library
- M. N. I. Khan and S. Ghosh, "Analysis of Row Hammer Attack on STTRAM," in ICCD, 2018.Google Scholar
- D.-H. Kim et al., "Architectural Support for Mitigating Row Hammering in DRAM Memories," IEEE CAL, 2014.Google Scholar
- J. S. Kim et al., "Revisiting RowHammer: An Experimental Analysis of Modern Devices and Mitigation Techniques," in ISCA, 2020.Google Scholar
- M. J. Kim et al., "Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh," in HPCA, 2022.Google Scholar
- Y. Kim et al., "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors," in ISCA, 2014.Google ScholarDigital Library
- Y. Kim et al., "Ramulator: A Fast and Extensible DRAM Simulator," CAL, 2015.Google Scholar
- Y. Kim et al., "A Case for Exploiting Subarray-Level Parallelism (SALP) in DRAM," in ISCA, 2012.Google ScholarDigital Library
- A. Kogler et al., "Half-Double: Hammering From the Next Row Over," in USENIX Security, 2022.Google Scholar
- R. K. Konoth et al., "ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks," in OSDI, 2018.Google Scholar
- A. Kwong et al., "RAMBleed: Reading Bits in Memory Without Accessing Them," in S&P, 2020.Google Scholar
- E. Lee et al., "TWiCe: Preventing Row-Hammering by Exploiting Time Window Counters," in ISCA, 2019.Google ScholarDigital Library
- E. Lee et al., "TWiCe: Time Window Counter Based Row Refresh to Prevent Row-Hammering," IEEE CAL, 2018.Google Scholar
- G.-H. Lee et al., "CryoGuard: A Near Refresh-Free Robust DRAM Design for Cryogenic Computing," in ISCA, 2021.Google Scholar
- J. Lee, "Green Memory Solution," Samsung Electronics, Investor's Forum, 2014.Google Scholar
- Lenovo, "Row Hammer Privilege Escalation," https://support.lenovo.com/us/en/product_security/row_hammer, 2015.Google Scholar
- H. Li et al., "Write Disturb Analyses on Half-Selected Cells of Cross-Point RRAM Arrays," in IRPS, 2014.Google Scholar
- M. Lipp et al., "Nethammer: Inducing Rowhammer Faults Through Network Requests," arXiv:1805.04956, 2018.Google Scholar
- J. Liu et al., "RAIDR: Retention-Aware Intelligent DRAM Refresh," in ISCA, 2012.Google ScholarDigital Library
- L. Liu et al., "Generating Robust DNN with Resistance to Bit-Flip based Adversarial Weight Attack," IEEE TC, 2022.Google Scholar
- K. Loughlin et al., "Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations," in HotOS, 2021.Google ScholarDigital Library
- K. Loughlin et al., "MOESI-Prime: Preventing Coherence-Induced Hammering in Commodity Workloads," in ISCA, 2022.Google ScholarDigital Library
- I. A. Lovecruft, "Tweet about RowHammer Mitigation on x210," https://twitter.com/isislovecruft/status/1021939922754723841, 2018.Google Scholar
- E. Manzhosov et al., "Revisiting Residue Codes for Modern Memories," in MICRO, 2022.Google Scholar
- M. Marazzi et al., "ProTRR: Principled yet Optimal In-DRAM Target Row Refresh," in S&P, 2022.Google Scholar
- Micron Inc., SDRAM, 4Gb: x4, x8, x16 DDR4 SDRAM Features, 2014.Google Scholar
- J. Misra and D. Gries, "Finding Repeated Elements," Science of Computer Programming, 1982.Google ScholarDigital Library
- O. Mutlu, "Memory Scaling: A Systems Architecture Perspective," in IMW, 2013.Google Scholar
- O. Mutlu, "The RowHammer Problem and Other Issues We May Face as Memory Becomes Denser," in DATE, 2017.Google Scholar
- O. Mutlu, "RowHammer and Beyond," in COSADE, 2019.Google Scholar
- O. Mutlu et al., "A Modern Primer on Processing in Memory," in Emerging Computing: From Devices to Systems --- Looking Beyond Moore and Von Neumann. Springer, 2021. [Online]. Available: https://arxiv.org/abs/2012.03112Google Scholar
- O. Mutlu and J. Kim, "RowHammer: A Retrospective," IEEE TCAD Special Issue on Top Picks in Hardware and Embedded Security, 2019.Google Scholar
- O. Mutlu and L. Subramanian, "Research Problems and Opportunities in Memory Systems," SUPERFRI, 2014.Google Scholar
- A. Naseredini et al., "ALARM: Active LeArning of Rowhammer Mitigations," https://users.sussex.ac.uk/~mfb21/rh-draft.pdf, 2022.Google Scholar
- K. Ni et al., "Write Disturb in Ferroelectric FETs and Its Implication for 1T-FeFET AND Memory Arrays," IEEE EDL, 2018.Google Scholar
- S. Oh and J. Kim, "Reliable Rowhammer Attack and Mitigation Based on Reverse Engineering Memory Address Mapping Algorithms," in WISA, 2018.Google Scholar
- A. Olgun et al., "DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the-art DRAM Chips," arXiv, 2022.Google Scholar
- A. Olgun et al., "PiDRAM: A Holistic End-to-end FPGA-based Framework for Processing-in-DRAM," TACO, 2022.Google Scholar
- OpenSSH, "OpenSSH: Keeping Your Communiqués Secret," https://www.openssh.com/, 2017.Google Scholar
- L. Orosa et al., "SpyHammer: Using RowHammer to Remotely Spy on Temperature," arXiv:2210.04084, 2022.Google Scholar
- L. Orosa et al., "A Deeper Look into RowHammer's Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses," in MICRO, 2021.Google Scholar
- J. H. Park et al., "Row Hammer Reduction Using a Buried Insulator in a Buried Channel Array Transistor," IEEE TED, 2022.Google Scholar
- K. Park et al., "Experiments and Root Cause Analysis for Active-precharge Hammering Fault in DDR3 SDRAM under 3× nm Technology," Microelectronics Reliability, 2016.Google Scholar
- K. Park et al., "Statistical Distributions of Row-hammering Induced Failures in DDR3 Components," Microelectronics Reliability, 2016.Google Scholar
- Y. Park et al., "Graphene: Strong yet Lightweight Row Hammer Protection," in MICRO, 2020.Google Scholar
- M. Patel et al., "A Case for Transparent Reliability in DRAM Systems," arXiv:2204.10378, 2022. [Online]. Available: https://arxiv.org/abs/2204.10378Google Scholar
- P. Pessl et al., "DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks," in USENIX Security, 2016.Google Scholar
- D. Poddebniak et al., "Attacking Deterministic Signature Schemes using Fault Attacks," in EuroS&P, 2018.Google Scholar
- S. Qazi et al., "Half-Double: Next-Row-Over Assisted RowHammer," https://github.com/google/hammer-kit/blob/main/20210525_half_double.pdf, 2021.Google Scholar
- S. Qazi et al., "Introducing Half-Double New Hammering Technique for DRAM RowHammer Bug," https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html, 2021.Google Scholar
- R. Qiao et al., "A New Approach for RowHammer Attacks," in HOST, 2016.Google Scholar
- M. Qureshi, "Rethinking ECC in the Era of Row-Hammer," DRAMSec, 2021.Google Scholar
- M. Qureshi et al., "Hydra: Enabling Low-Overhead Mitigation of Row-Hammer at Ultra-Low Thresholds via Hybrid Tracking," in ISCA, 2022.Google ScholarDigital Library
- A. S. Rakin et al., "DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories," in S&P, 2022.Google Scholar
- K. Razavi et al., "Flip Feng Shui: Hammering a Needle in the Software Stack," in USENIX Security, 2016.Google Scholar
- S. H. S. Rezaei et al., "NoM: Network-on-Memory for Inter-Bank Data Transfer in Highly-Banked Memories," IEEE CAL, 2020.Google Scholar
- S.-W. Ryu et al., "Overcoming the Reliability Limitation in the Ultimately Scaled DRAM using Silicon Migration Technique by Hydrogen Annealing," in IEDM, 2017.Google Scholar
- SAFARI Research Group, "Ramulator --- GitHub Repository," https://github.com/CMU-SAFARI/ramulator.Google Scholar
- SAFARI Research Group, "RowHammer --- GitHub Repository," https://github.com/CMU-SAFARI/rowhammer, 2014.Google Scholar
- SAFARI Research Group, "SoftMC --- GitHub Repository," https://github.com/CMU-SAFARI/softmc, 2017.Google Scholar
- SAFARI Research Group, "BlockHammer --- GitHub Repository," https://github.com/CMU-SAFARI/blockhammer, 2021.Google Scholar
- SAFARI Research Group, "DRAM Bender --- GitHub Repository," https://github.com/CMU-SAFARI/DRAM-Bender, 2022.Google Scholar
- SAFARI Research Group, "PiDRAM Source Code," https://github.com/CMU-SAFARI/PiDRAM, 2022.Google Scholar
- SAFARI Research Group, "Self-Managing DRAM (SMD) Source Code," https://github.com/CMU-SAFARI/SelfManagingDRAM, 2022.Google Scholar
- G. Saileshwar et al., "Randomized Row-Swap: Mitigating Row Hammer by Breaking Spatial Correlation Between Aggressor and Victim Rows," in ASPLOS, 2022.Google Scholar
- S. Saroiu et al., "The Price of Secrecy: How Hiding Internal DRAM Topologies Hurts Rowhammer Defenses," in IRPS, 2022.Google Scholar
- A. Saxena et al., "AQUA: Scalable Rowhammer Mitigation by Quarantining Aggressor Rows at Runtime," in MICRO, 2022.Google Scholar
- M. Seaborn and T. Dullien, "Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges," Black Hat, 2015.Google Scholar
- M. Seaborn and T. Dullien, "Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges," http://googleprojectzero.blogspot.com.tr/2015/03/exploiting-dram-rowhammer-bug-to-gain.html, 2015.Google Scholar
- V. Seshadri et al., "RowClone: Fast and Energy-Efficient In-DRAM Bulk Data Copy and Initialization," in MICRO, 2013.Google ScholarDigital Library
- V. Seshadri et al., "Ambit: In-memory Accelerator for Bulk Bitwise Operations using Commodity DRAM Technology," in MICRO, 2017.Google ScholarDigital Library
- S. M. Seyedzadeh et al., "Mitigating Wordline Crosstalk Using Adaptive Trees of Counters," in ISCA, 2018.Google Scholar
- S. M. Seyedzadeh et al., "Counter-based Tree Structure for Row Hammering Mitigation in DRAM," IEEE CAL, 2017.Google Scholar
- M. Son et al., "Making DRAM Stronger Against Row Hammering," in DAC, 2017.Google Scholar
- A. Tatar et al., "Defeating Software Mitigations Against Rowhammer: A Surgical Precision Hammer," in RAID, 2018.Google Scholar
- A. Tatar et al., "Throwhammer: Rowhammer Attacks Over the Network and Defenses," in USENIX ATC, 2018.Google Scholar
- Y. Tobah et al., "SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks," in S&P, 2022.Google Scholar
- M. C. Tol et al., "Toward Realistic Backdoor Injection Attacks on DNNs using RowHammer," arXiv:2110.07683, 2022.Google Scholar
- V. van der Veen et al., "Drammer: Deterministic Rowhammer Attacks on Mobile Platforms," in CCS, 2016.Google ScholarDigital Library
- V. van der Veen et al., "GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM," in DIMVA, 2018.Google Scholar
- A. J. Walker et al., "On DRAM RowHammer and the Physics on Insecurity," IEEE TED, 2021.Google Scholar
- Y. Wang et al., "FIGARO: Improving System Performance via Fine-Grained In-DRAM Data Relocation and Caching," in MICRO, 2020.Google Scholar
- Z. Weissman et al., "JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms," arXiv:1912.11523, 2020.Google Scholar
- X.-C. Wu et al., "Protecting Page Tables from RowHammer Attacks using Monotonic Pointers in DRAM True-Cells," ASPLOS, 2019.Google Scholar
- Y. Xiao et al., "One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation," in USENIX Security, 2016.Google Scholar
- A. G. Yağlıkcı et al., "Security Analysis of the Silver Bullet Technique for RowHammer Prevention," arXiv:2106.07084, 2021.Google Scholar
- A. G. Yağlıkcı et al., "Understanding RowHammer Under Reduced Wordline Voltage: An Experimental Study Using Real DRAM Devices," in DSN, 2022.Google Scholar
- A. G. Yağlıkcı et al., "HiRA: Hidden Row Activation for Reducing Refresh Latency of Off-the-Shelf DRAM Chips," in MICRO, 2022.Google Scholar
- A. G. Yağlıkcı et al., "BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows," in HPCA, 2021.Google Scholar
- T. Yang and X.-W. Lin, "Trap-Assisted DRAM Row Hammer Effect," EDL, 2019.Google Scholar
- F. Yao et al., "Deephammer: Depleting the Intelligence of Deep Neural Networks Through Targeted Chain of Bit Flips," in USENIX Security, 2020.Google Scholar
- J. M. You and J.-S. Yang, "MRLoc: Mitigating Row-Hammering Based on Memory Locality," in DAC, 2019.Google Scholar
- D. Yun et al., "Study of TID Effects on One Row Hammering using Gamma in DDR4 SDRAMs," in IRPS, 2018.Google Scholar
- Z. Zhang et al., "Triggering Rowhammer Hardware Faults on ARM: A Revisit," in ASHES, 2018.Google ScholarDigital Library
- Z. Zhang et al., "Leveraging EM Side-Channel Information to Detect Rowhammer Attacks," in S&P, 2020.Google ScholarCross Ref
- Z. Zhang et al., "PTHammer: Cross-User-Kernel-Boundary Rowhammer Through Implicit Accesses," in MICRO, 2020.Google Scholar
- Z. Zhang et al., "SoftTRR: Protect Page Tables against Rowhammer Attacks using Software-only Target Row Refresh," in USENIX ATC, 2022.Google Scholar
- Z. Zhang et al., "Implicit Hammer: Cross-Privilege-Boundary Rowhammer through Implicit Accesses," IEEE TDSC, 2022.Google Scholar
- M. Zheng et al., "TrojViT: Trojan Insertion in Vision Transformers," arXiv:2208.13049, 2022.Google Scholar
- R. Zhou et al., "LT-PIM: An LUT-based Processing-in-DRAM Architecture with RowHammer Self-Tracking," IEEE CAL, 2022.Google Scholar
Index Terms
- Fundamentally Understanding and Solving RowHammer
Recommendations
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer ArchitectureMemory isolation is critical for system reliability, security, and safety. Unfortunately, read disturbance can break memory isolation in modern DRAM chips. For example, RowHammer is awell-studied read-disturb phenomenon where repeatedly opening and ...
A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on MicroarchitectureRowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies ...
Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on MicroarchitectureThe RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target ...
Comments