• Corpus ID: 235422569

Security Analysis of the Silver Bullet Technique for RowHammer Prevention

@article{Yagliki2021SecurityAO,
  title={Security Analysis of the Silver Bullet Technique for RowHammer Prevention},
  author={Abdullah Giray Yaglikçi and Jeremie S. Kim and Fabrice Devaux and Onur Mutlu},
  journal={ArXiv},
  year={2021},
  volume={abs/2106.07084}
}
The purpose of this document is to study the security properties of the Silver Bullet algorithm against worst-case RowHammer attacks. We mathematically demonstrate that Silver Bullet, when properly configured and implemented in a DRAM chip, can securely prevent RowHammer attacks. The demonstration focuses on the most representative implementation of Silver Bullet, the patent claiming many implementation possibilities not covered in this demonstration. Our study concludes that Silver Bullet is a… 
View PDF on arXiv
9 Citations
Background Citations
5
Methods Citations
2
Results Citations
1

Figures and Tables from this paper

9 Citations

Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications

U-TRR is presented, an experimental methodology to analyze in-DRAM TRR implementations and shows how it allows us to craft RowHammer access patterns that successfully circumvent the TRR mechanisms employed in 45 DRAM modules of the three major DRAM vendors.

A Retrospective and Futurespective of Rowhammer Attacks and Defenses on DRAM

This work characterize rowhammer attacks comprehensively, shedding lights on possible new attack vectors that have not yet been explored, and summarizes and classify existing software defenses, from which new defense strategies are identified and worth future exploring.

A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses

An experimental characterization using 248 DDR4 and 24 DDR3 modern DRAM chips from four major DRAM manufacturers demonstrating how the RowHammer effects vary with three fundamental properties: 1) DRAM chip temperature, 2) aggressor row active time, and 3) victim DRAM cell’s physical location is presented.

SpyHammer: Using RowHammer to Remotely Spy on Temperature

This work proposes a new RowHammer attack, called SpyHammer, that spies on the temperature of critical systems such as industrial production lines, vehicles, and medical systems.

Understanding RowHammer Under Reduced Wordline Voltage: An Experimental Study Using Real DRAM Devices

This is the first work to experimentally demonstrate on 272 real DRAM chips that lowering VPP reduces a DRAM chip’s RowHammer vulnerability and concludes that reducing VPP is a promising strategy for reducing aDRAM chip's RowHammers vulnerability without requiring modifications toDRAM chips.

A Case for Transparent Reliability in DRAM Systems

A two-step approach is introduced that reevaluates DRAM standards with a focus on transparency of reliability characteristics so that system designers are encouraged to make the most of commodity DRAM technology for both current and future DRAM chips.

HiRA: Hidden Row Activation for Reducing Refresh Latency of Off-the-Shelf DRAM Chips

Hidden Row Activation (HiRA) is proposed, a new operation that can reliably parallelize a DRAM row’s refresh operation with refresh or activation of any of the 32% of the rows within the same bank and reduces the overall latency of two refresh operations.

A Case for Self-Managing DRAM Chips: Improving Performance, Efficiency, Reliability, and Security via Autonomous in-DRAM Maintenance Operations

Self-Managing DRAM is proposed, a new low-cost DRAM architecture that enables implementing new in-DRAM maintenance mechanisms with no further changes in the DRAM interface, memory controller, or other system components and enables easy adoption of efficient maintenance mechanisms that significantly improve the system performance and energy efficiency while providing higher reliability.

Fundamentally Understanding and Solving RowHammer

Two major directions are argued for to amplify research and development efforts in building a much deeper understanding of the RowHammer problem and its many dimensions, in both cutting-edge DRAM chips and computing systems deployed in the field, and the design and development of extremely efficient and fully-secure solutions via system-memory cooperation.

References

SHOWING 1-10 OF 21 REFERENCES

RowHammer: A Retrospective

  • O. MutluJeremie S. Kim
  • Computer Science
    IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
  • 2020
A principled approach to memory reliability and security research is described and advocated that can enable us to better anticipate and prevent vulnerabilities in DRAM and other types of memories, as the memory technologies scale to higher densities.

The RowHammer problem and other issues we may face as memory becomes denser

  • O. Mutlu
  • Computer Science
    Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017
  • 2017
This work discusses the RowHammer problem in DRAM, which is a prime (and perhaps the first) example of how a circuit-level failure mechanism can cause a practical and widespread system security vulnerability, and describes and advocates a principled approach to memory reliability and security research that can enable us to better anticipate and prevent such vulnerabilities.

TWiCe: Preventing Row-hammering by Exploiting Time Window Counters

This paper proposes a new counter-based RH prevention solution named Time Window Counter (TWiCe) based row refresh, which accurately detects potential RH attacks only using a small number of counters with a minimal performance impact.

TRRespass: Exploiting the Many Sides of Target Row Refresh

The inner workings of TRR are demystified, which shows that what is advertised as a single mitigation mechanism is actually a series of different solutions coalesced under the umbrella term Target Row Refresh, and it is demonstrated that modern implementations operate entirely inside DRAM chips.

BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows

The key idea of BlockHammer is to track row activation rates using area-efficient Bloom filters, and use the tracking data to ensure that no row is ever activated rapidly enough to induce RowHammer bit-flips.

Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques

Five state-of-the-art RowHammer mitigation mechanisms are evaluated using cycle-accurate simulation in the context of real data taken from chips to study how the mitigation mechanisms scale with chip vulnerability, and it is found that existing mechanisms either are not scalable or suffer from prohibitively large performance overheads in projected future devices.

Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors

  • Yoongu KimRoss Daly O. Mutlu
  • Computer Science
    2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA)
  • 2014
This paper exposes the vulnerability of commodity DRAM chips to disturbance errors, and shows that it is possible to corrupt data in nearby addresses by reading from the same address in DRAM by activating the same row inDRAM.

Experiments and root cause analysis for active-precharge hammering fault in DDR3 SDRAM under 3 × nm technology

Trap-Assisted DRAM Row Hammer Effect

Through 3D TCAD simulations with single charge traps, we discovered a direct evidence to the mechanism of DRAM row hammer effect. It is governed by a charge pumping process, consisting of charge

Tiered-latency DRAM: A low latency and low cost DRAM architecture

This work introduces Tiered-Latency DRAM (TL-DRAM), which achieves both low latency and low cost-per-bit, and proposes mechanisms that use the low-latency segment as a hardware-managed or software-managed cache.