Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Cojocar, Lucian; Razavi, Kaveh; Giuffrida, Cristiano; Bos, Herbert

doi:10.1109/sp.2019.00089

Cited by 120 publications

(143 citation statements)

References 38 publications

(58 reference statements)

Supporting

Mentioning

124

Contrasting

Order By: Relevance

“…RowHammer is a critical problem that manifests in the difficulties in DRAM scaling and is expected to only become worse in the future [177,182,183]. As we discussed, some recent reports suggest that new-generation DRAM chips are vulnerable to RowHammer (e.g., DDR4 [12,17,141,198], ECC [66,133], LPDDR3 and LPDDR2 [241]). This indicates that effectively mitigating the RowHammer problem with low overhead is difficult and becomes more difficult as process technology scales further.…”

Section: Ongoing and Future Workmentioning

confidence: 86%

“…This is illustrated in Figure 1, which shows the error rates we found in all 129 modules we tested where modules are categorized based on manufacturing date. 2 In particular, all DRAM modules from 2012-2013 were vulnerable to RowHammer, indicating that RowHammer is a recent phenomenon affecting more advanced process technology generations (as also demonstrated repeatedly by various works that come after our ISCA 2014 paper [12,17,66,141,198,241]…”

Section: The Rowhammer Problem: a Summarymentioning

confidence: 90%

“…We believe there is a lot more to come in this direction: as systems security researchers understand more about RowHammer, and as the RowHammer phenomenon continues to fundamentally affect memory chips due to technology scaling problems [176], researchers and practitioners will develop different types of attacks to exploit RowHammer in various contexts and in many more creative ways. Various recent reports suggest that new-generation DDR4 DRAM and other DRAM chips are vulnerable to RowHammer [12,17,66,141,198], as we examine further in Section III-G, so the fundamental security research on RowHammer is likely to continue into the future.…”

Section: A Exploits Using Rowhammermentioning

confidence: 99%

See 2 more Smart Citations

RowHammer: A Retrospective

Mutlu

Kim

2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

154

129

View full text Add to dashboard Cite

This retrospective paper describes the RowHammer problem in Dynamic Random Access Memory (DRAM), which was initially introduced by Kim et al. at the ISCA 2014 conference [133]. RowHammer is a prime (and perhaps the first) example of how a circuit-level failure mechanism can cause a practical and widespread system security vulnerability. It is the phenomenon that repeatedly accessing a row in a modern DRAM chip causes bit flips in physically-adjacent rows at consistently predictable bit locations. RowHammer is caused by a hardware failure mechanism called DRAM disturbance errors, which is a manifestation of circuit-level cell-to-cell interference in a scaled memory technology.Researchers from Google Project Zero demonstrated in 2015 that this hardware failure mechanism can be effectively exploited by user-level programs to gain kernel privileges on real systems. Many other follow-up works demonstrated other practical attacks exploiting RowHammer. In this article, we comprehensively survey the scientific literature on RowHammer-based attacks as well as mitigation techniques to prevent RowHammer. We also discuss what other related vulnerabilities may be lurking in DRAM and other types of memories, e.g., NAND flash memory or Phase Change Memory, that can potentially threaten the foundations of secure systems, as the memory technologies scale to higher densities. We conclude by describing and advocating a principled approach to memory reliability and security research that can enable us to better anticipate and prevent such vulnerabilities.

show abstract

Section: Ongoing and Future Workmentioning

confidence: 86%

Section: The Rowhammer Problem: a Summarymentioning

confidence: 90%

Section: A Exploits Using Rowhammermentioning

confidence: 99%

See 1 more Smart Citation

RowHammer: A Retrospective

Mutlu

Kim

2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

154

129

View full text Add to dashboard Cite

show abstract

“…[22] showed that by creating a profile for the bit flips in a DRAM, row hammer attack can effectively flip a single bit at any address in the software stack. According to the state-of-the-art investigations, common error detection and correction techniques, such as Error-Correcting Code (ECC) [23] and Intel SGX [24], are broken defense mechanism to RHA. Such existing memory bit-flip attack (i.e.…”

Section: Related Workmentioning

confidence: 99%

Bit-Flip Attack: Crushing Neural Network With Progressive Bit Search

Rakin

Fan

2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

144

View full text Add to dashboard Cite

Several important security issues of Deep Neural Network (DNN) have been raised recently associated with different applications and components. The most widely investigated security concern of DNN is from its malicious input, a.k.a adversarial example. Nevertheless, the security challenge of DNN's parameters is not well explored yet. In this work, we are the first to propose a novel DNN weight attack methodology called Bit-Flip Attack (BFA) which can crush a neural network through maliciously flipping extremely small amount of bits within its weight storage memory system (i.e., DRAM). The bit-flip operations could be conducted through well-known Row-Hammer attack, while our main contribution is to develop an algorithm to identify the most vulnerable bits of DNN weight parameters (stored in memory as binary bits), that could maximize the accuracy degradation with a minimum number of bit-flips. Our proposed BFA utilizes a Progressive Bit Search (PBS) method which combines gradient ranking and progressive search to identify the most vulnerable bit to be flipped. With the aid of PBS, we can successfully attack a ResNet-18 fully malfunction (i.e., top-1 accuracy degrade from 69.8% to 0.1%) only through 13 bit-flips out of 93 million bits, while randomly flipping 100 bits merely degrades the accuracy by less than 1%.

show abstract

“…It can be launched remotely over the network [32,42]. Rowhammer is even applicable on ECC chips [11] and DDR4 memories with Target Row Refresh (TRR) mitigations [18].…”

Section: Background 21 Rowhammer Attackmentioning

confidence: 99%

QuantumHammer

Mus

Islam

Sunar

2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Post-quantum schemes are expected to replace existing public-key schemes within a decade in billions of devices. To facilitate the transition, the US National Institute for Standards and Technology (NIST) is running a standardization process. Multivariate signatures is one of the main categories in NIST's post-quantum cryptography competition. Among the four candidates in this category, the LUOV and Rainbow schemes are based on the Oil and Vinegar scheme, first introduced in 1997 which has withstood over two decades of cryptanalysis. Beyond mathematical security and efficiency, security against side-channel attacks is a major concern in the competition. The current sentiment is that post-quantum schemes may be more resistant to fault-injection attacks due to their large key sizes and the lack of algebraic structure. We show that this is not true. We introduce a novel hybrid attack, QuantumHammer, and demonstrate it on the constant-time implementation of LUOV currently in Round 2 of the NIST post-quantum competition. The QuantumHammer attack is a combination of two attacks, a bittracing attack enabled via Rowhammer fault injection and a divide and conquer attack that uses bit-tracing as an oracle. Using bittracing, an attacker with access to faulty signatures collected using Rowhammer attack, can recover secret key bits albeit slowly. We employ a divide and conquer attack which exploits the structure in the key generation part of LUOV and solves the system of equations for the secret key more efficiently with few key bits recovered via bit-tracing. We have demonstrated the first successful in-the-wild attack on LUOV recovering all 11K key bits with less than 4 hours of an active Rowhammer attack. The post-processing part is highly parallel and thus can be trivially sped up using modest resources. QuantumHammer does not make any unrealistic assumptions, only requires software co-location (no physical access), and therefore can be used to target shared cloud servers or in other sandboxed environments.

show abstract

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks

Cited by 120 publications

References 38 publications

RowHammer: A Retrospective

RowHammer: A Retrospective

Bit-Flip Attack: Crushing Neural Network With Progressive Bit Search

QuantumHammer

Contact Info

Product

Resources

About