Graphene: Strong yet Lightweight Row Hammer Protection

Park, Yeonhong; Kwon, Woosuk; Lee, Eojin; Ham, Tae Jun; Ahn, Jung Ho; Lee, Jae Woo

doi:10.1109/micro50266.2020.00014

Cited by 62 publications

(123 citation statements)

References 37 publications

Supporting

Mentioning

122

Contrasting

Order By: Relevance

“…The authors show that proposed hardware mitigations [32,37,60] struggle to scale or cannot provide comprehensive protection given increasing DRAM density. Consistent with these findings, state-of-theart follow-up defenses [44,59] are limited by worsening performance overhead and a need for increasing SRAM or CAM area (i.e., relatively-expensive memory) as density increases.…”

Section: Introductionmentioning

confidence: 82%

“…Finally, in an ideal world with support from DRAM, the DDR standard would include a REF_NEIGHBORS command, similar to that proposed in prior work [37,44]. However, in addition to taking an aggressor row address as an argument, we propose that the command should also accept a blast radius for adaptability to emerging threats.…”

Section: Refresh-centric: a Refreshing Takementioning

confidence: 99%

See 1 more Smart Citation

Stop! Hammer time

Loughlin

Saroiu

Wolman

et al. 2021

Proceedings of the Workshop on Hot Topics in Operating Systems

View full text Add to dashboard Cite

Rowhammer attacks exploit electromagnetic interference among nearby DRAM cells to flip bits, corrupting data and altering system behavior. Unfortunately, DRAM vendors have opted for a blackbox approach to preventing these bit flips, exposing little information about in-DRAM mitigations. Despite vendor claims that their mitigations prevent Rowhammer, recent work bypasses these defenses to corrupt data. Further work shows that the Rowhammer problem is actually worsening in emerging DRAM and posits that system-level support is needed to produce adaptable and scalable defenses. Accordingly, we argue that the systems community can and must drive a fundamental change in Rowhammer mitigation techniques. In the short term, cloud providers and CPU vendors must work together to supplement limited in-DRAM mitigations-ill-equipped to handle rising susceptibilitywith their own mitigations. We propose novel hardware primitives in the CPU's integrated memory controller that would enable a variety of efficient software defenses, offering flexible safeguards against future attacks. In the long term, we assert that major consumers of DRAM must persuade DRAM vendors to provide precise information on their defenses, limitations, and necessary supplemental solutions. CCS CONCEPTS• Security and privacy → Systems security; Security in hardware.

show abstract

Section: Introductionmentioning

confidence: 82%

Section: Refresh-centric: a Refreshing Takementioning

confidence: 99%

Stop! Hammer time

Loughlin

Saroiu

Wolman

et al. 2021

Proceedings of the Workshop on Hot Topics in Operating Systems

View full text Add to dashboard Cite

show abstract

“…SIMDRAM and other similar in-DRAM computation mechanisms that use dedicated DRAM rows to perform computation may increase vulnerability to RowHammer attacks [36,68,72,103,106]. We believe, and the literature suggests, that there should be robust and scalable solutions to RowHammer, orthogonally to our work (e.g., BlockHammer [150], PARA [71], TWiCe [86], Graphene [116]). Exploring RowHammer prevention and mitigation mechanisms in conjunction with SIMDRAM (or other PIM approaches) requires special attention and research, which we leave for future work.…”

Section: Security Implicationsmentioning

confidence: 77%

SIMDRAM: a framework for bit-serial SIMD processing using DRAM

Hajinazar

Oliveira

Gregorio

et al. 2021

Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

Processing-using-DRAM has been proposed for a limited set of basic operations (i.e., logic operations, addition). However, in order to enable full adoption of processing-using-DRAM, it is necessary to provide support for more complex operations. In this paper, we propose SIMDRAM, a flexible general-purpose processing-using-DRAM framework that (1) enables the efficient implementation of complex operations, and (2) provides a flexible mechanism to support the implementation of arbitrary user-defined operations. The SIMDRAM framework comprises three key steps. The first step builds an efficient MAJ/NOT representation of a given desired operation. The second step allocates DRAM rows that are reserved for computation to the operation's input and output operands, and generates the required sequence of DRAM commands to perform the MAJ/NOT implementation of the desired operation in DRAM. The third step uses the SIMDRAM control unit located inside the memory controller to manage the computation of the operation from start to end, by executing the DRAM commands generated in the second step of the framework. We design the hardware and ISA support for SIMDRAM framework to (1) address key system integration challenges, and (2) allow programmers to employ new SIMDRAM operations without hardware changes.We evaluate SIMDRAM for reliability, area overhead, throughput, and energy efficiency using a wide range of operations and seven real-world applications to demonstrate SIMDRAM's generality. Our evaluations using a single DRAM bank show that (1) over 16 operations, SIMDRAM provides 2.0× the throughput and 2.6× the energy efficiency of Ambit, a state-of-the-art processing-using-DRAM mechanism; (2) over seven real-world applications, SIM-DRAM provides 2.5× the performance of Ambit. Using 16 DRAM banks, SIMDRAM provides (1) 88× and 5.8× the throughput, and 257× and 31× the energy efficiency, of a CPU and a high-end GPU, respectively, over 16 operations; (2) 21× and 2.1× the performance of the CPU and GPU, over seven real-world applications. SIMDRAM incurs an area overhead of only 0.2% in a high-end CPU.

show abstract

“…A limitation of these mechanisms is that they are configured for the smallest (worst-case) HC first across all rows in a DRAM bank even though an overwhelming majority of rows exhibit significantly larger HC first values. This is an important limitation because, when configured for a smaller HC first value, the performance, energy, and area overheads of many RowHammer defense mechanisms significantly increase [71,112,163]. To overcome this limitation, a system designer can configure a RowHammer defense mechanism to use different HC first values for different DRAM rows.…”

Section: Potential Defense Improvementsmentioning

confidence: 99%

“…To overcome this limitation, a system designer can configure a RowHammer defense mechanism to use different HC first values for different DRAM rows. For example, BlockHammer's [163] and Graphene's [112] area costs can reach approximately 0.6% and 0.5% of a high-end processor's die area [163]. However, based on our Obsv.…”

Section: Potential Defense Improvementsmentioning

confidence: 99%

A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses

Orosa

Yağlıkçı

Luo

et al. 2021

MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

View full text Add to dashboard Cite

RowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies demonstrate that modern DRAM chips, including chips previously marketed as RowHammer-safe, are even more vulnerable to RowHammer than older chips such that the required hammer count to cause a bit flip has reduced by more than 10X in the last decade. Therefore, it is essential to develop a better understanding and in-depth insights into the RowHammer vulnerability of modern DRAM chips to more effectively secure current and future systems.Our goal in this paper is to provide insights into fundamental properties of the RowHammer vulnerability that are not yet rigorously studied by prior works, but can potentially be 𝑖) exploited to develop more effective RowHammer attacks or 𝑖𝑖) leveraged to design more effective and efficient defense mechanisms. To this end, we present an experimental characterization using 248 DDR4 and 24 DDR3 modern DRAM chips from four major DRAM manufacturers demonstrating how the RowHammer effects vary with three fundamental properties: 1) DRAM chip temperature, 2) aggressor row active time, and 3) victim DRAM cell's physical location. Among our 16 new observations, we highlight that a RowHammer bit flip 1) is very likely to occur in a bounded range, specific to each DRAM cell (e.g., 5.4% of the vulnerable DRAM cells exhibit errors in the range 70 °C to 90 °C), 2) is more likely to occur if the aggressor row is active for longer time (e.g., RowHammer vulnerability increases by 36% if we keep a DRAM row active for 15 column accesses), and 3) is more likely to occur in certain physical regions of the DRAM module under attack (e.g., 5% of the rows are 2x more vulnerable than the remaining 95% of the rows). Our study has important practical implications on future RowHammer attacks and defenses. We describe and analyze the implications of our new findings by proposing three future RowHammer attack and six future RowHammer defense improvements.

show abstract

Graphene: Strong yet Lightweight Row Hammer Protection

Cited by 62 publications

References 37 publications

Stop! Hammer time

Stop! Hammer time

SIMDRAM: a framework for bit-serial SIMD processing using DRAM

A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses

Contact Info

Product

Resources

About