TL;DR
This paper introduces U-TRR, a novel methodology to analyze undocumented DRAM TRR mechanisms, revealing vulnerabilities in modern DRAM modules to RowHammer attacks by exploiting data retention failures as a side channel.
Contribution
The paper presents U-TRR, an experimental approach to uncover and evaluate in-DRAM TRR protections, demonstrating their weaknesses against crafted RowHammer patterns.
Findings
U-TRR successfully uncovers undocumented TRR mechanisms.
Modern DRAM modules are vulnerable to RowHammer with up to 99.9% of rows affected.
U-TRR source code is openly available for further research.
Abstract
The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but its exact implementations are not openly disclosed. Security guarantees of TRR mechanisms cannot be easily studied due to their proprietary nature. To assess the security guarantees of recent DRAM chips, we present Uncovering TRR (U-TRR), an experimental methodology to analyze in-DRAM TRR implementations. U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows. U-TRR allows us to (i) understand how logical DRAM rows are laid out…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
