TRRespass: Exploiting the Many Sides of Target Row Refresh

Frigo, Pietro; Vannacc, Emanuele; Hassan, Hasan; Veen, Victor van der; Mutlu, Onur; Giuffrida, Cristiano; Bos, Herbert; Razavi, Kaveh

doi:10.1109/sp40000.2020.00090

Cited by 119 publications

(232 citation statements)

References 49 publications

Supporting

Mentioning

228

Contrasting

Order By: Relevance

“…While DRAM occasionally remaps two logically-adjacent rows to different internal locations [11], these remaps (and thus, internal adjacency) can be revealed via established methods. In particular, prior work [11,15,30,34] uses the success or failure of Rowhammer attacks themselves-which require physicallyproximate rows-to infer row adjacency.…”

Section: Dram+rowhammer: a Crash Coursementioning

confidence: 99%

“…Refresh-Centric. Finally, refresh-centric mitigations (e.g., [4,15,32,37,48,60,62]) seek to refresh potential victim rows before they experience bit flips. More specifically, these defenses use a set of hardware and-in some cases-software mechanisms to identify potential victim rows.…”

Section: Rowhammer Mitigations: a Taxonomymentioning

confidence: 99%

“…To date, DRAM vendors have shown years of unwillingness (perhaps due to economic reasons) to provide a comprehensive solution to Rowhammer. Despite vendor claims that their defenses prevent all Rowhammer attacks [38,42], recent work [14,15] demonstrates that Rowhammer exploits remain viable. Given the blackbox nature of vendor mitigations, system administrators are left largely powerless to prevent these attacks, just as they were the original exploits.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Stop! Hammer time

Loughlin

Saroiu

Wolman

et al. 2021

Proceedings of the Workshop on Hot Topics in Operating Systems

View full text Add to dashboard Cite

Rowhammer attacks exploit electromagnetic interference among nearby DRAM cells to flip bits, corrupting data and altering system behavior. Unfortunately, DRAM vendors have opted for a blackbox approach to preventing these bit flips, exposing little information about in-DRAM mitigations. Despite vendor claims that their mitigations prevent Rowhammer, recent work bypasses these defenses to corrupt data. Further work shows that the Rowhammer problem is actually worsening in emerging DRAM and posits that system-level support is needed to produce adaptable and scalable defenses. Accordingly, we argue that the systems community can and must drive a fundamental change in Rowhammer mitigation techniques. In the short term, cloud providers and CPU vendors must work together to supplement limited in-DRAM mitigations-ill-equipped to handle rising susceptibilitywith their own mitigations. We propose novel hardware primitives in the CPU's integrated memory controller that would enable a variety of efficient software defenses, offering flexible safeguards against future attacks. In the long term, we assert that major consumers of DRAM must persuade DRAM vendors to provide precise information on their defenses, limitations, and necessary supplemental solutions. CCS CONCEPTS• Security and privacy → Systems security; Security in hardware.

show abstract

Section: Dram+rowhammer: a Crash Coursementioning

confidence: 99%

Section: Rowhammer Mitigations: a Taxonomymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Stop! Hammer time

Loughlin

Saroiu

Wolman

et al. 2021

Proceedings of the Workshop on Hot Topics in Operating Systems

View full text Add to dashboard Cite

show abstract

“…The confluence of DRAM ubiquity, increasing RH susceptibility, and the possibility to use this unique disturb to gain unauthorized access has created a major hardware security concern across all modern computing systems [7] from cloud servers [8] through personal computers [4], [9] to mobile phones [10].…”

mentioning

confidence: 99%

“…Such approaches are regarded as competitive advantages by the DRAM manufacturers and so remain opaque to the users. The problem is that every mitigation up until now has been hacked [7], [11], [12] leaving all compute systems in jeopardy.…”

mentioning

confidence: 99%

On DRAM Rowhammer and the Physics of Insecurity

Walker¹,

Lee

Beery³

2021

IEEE Trans. Electron Devices

View full text Add to dashboard Cite

The dynamic random access memory (DRAM) disturb known as rowhammer (RH) has come to dominate the insecurity of computing systems worldwide. Several studies have concentrated on electron injection from a switching cell select transistor and capture by nearby storage node junctions as being the main mechanism for the effect. This article for the first time looks in-depth at RH from the point of view of both electron injection and capture, and capacitive crosstalk. The absence of such comprehensive studies at the silicon level in the literature can be attributed to its sensitive nature within the industry and highlights the difficulty of DRAM scaling. This review article, therefore, forms a broad foundation to extend understanding of this dangerous disturb mechanism and in so doing provides an informed view on the ability of future DRAM technologies to solve RH once and for all. Index Terms-Crosstalk, dynamic random access memory (DRAM), electron injection, rowhammer (RH). I. INTRODUCTION T HE story of dynamic random access memory (DRAM) is that of the semiconductor industry itself [1], [2]. Fifty years of scaling a field-effect transistor and a capacitor has resulted in DRAM as the "main memory" in all compute systems from cloud servers through laptops to mobile phones. This success makes such systems prone to any security weakness that may lurk within DRAM itself. The DRAM disturb known as rowhammer (RH) has been causing increasing concern since its public unmasking in [3]. It is characterized by corrupted data in cells close to a row that is turned on and off many times between data refresh. Although the actual problem seems to have been known since 2010, and most probably before that within DRAM Research and Development, with some patent applications in 2012, RH was propelled to the forefront of hardware security issues when it was used to gain computer kernel privileges [4]. After ten years from the first inkling of a problem, the RH disturb varies widely between Manuscript

show abstract

Accessing Secure Data on Android Through Application Analysis

Buurke,

Le-Khac

2022

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

TRRespass: Exploiting the Many Sides of Target Row Refresh

Cited by 119 publications

References 49 publications

Stop! Hammer time

Stop! Hammer time

On DRAM Rowhammer and the Physics of Insecurity

Accessing Secure Data on Android Through Application Analysis

Contact Info

Product

Resources

About