research-article

Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rows

Authors:

Gururaj Saileshwar,

Moinuddin Qureshi,

Prashant J. NairAuthors Info & Claims

ASPLOS '22: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Pages 1056 - 1069

https://doi.org/10.1145/3503222.3507716

Published: 22 February 2022 Publication History

Abstract

Row Hammer is a fault-injection attack in which rapid activations to a single DRAM row causes bit-flips in nearby rows. Several recent defenses propose tracking aggressor-rows and applying mitigating action on neighboring victim rows by refreshing them. However, all such proposals using victim-focused mitigation preserve the spatial connection between victim and aggressor rows. Therefore, these proposals are susceptible to access patterns causing bit-flips in rows beyond the immediate neighbor. For example, the Half-Double attack causes bit-flips in the presence of victim-focused mitigation.

We propose Randomized Row-Swap (RRS), a novel mitigation action that breaks the spatial connection between the aggressor and victim DRAM rows. This enables RRS to provide robust defense against even complex Row Hammer access patterns. RRS is an aggressor-focused mitigation that periodically swaps aggressor-rows with other randomly selected rows in memory. This limits the possible damage in any one locality within the DRAM memory. While RRS can be used with any tracking mechanism, we implement it with a Misra-Gries tracker and target a Row Hammer Threshold of 4.8K activations (similar to the state-of-the-art attacks). Our evaluations show that RRS has negligible slowdown (0.4% on average) and provides strong security guarantees for avoiding Row Hammer bit flips even under several years of continuous attack.

References

[1]

2012. 3rd JILP Workshop on Computer Architecture Competitions (JWAC-3): Memory Scheduling Championship (MSC). https://www.cs.utah.edu/ rajeev/jwac12/

[2]

Kursad Albayraktaroglu, Aamer Jaleel, Xue Wu, Manoj Franklin, Bruce Jacob, Chau-Wen Tseng, and Donald Yeung. 2005. Biobench: A benchmark suite of bioinformatics applications. In IEEE International Symposium on Performance Analysis of Systems and Software, 2005. ISPASS 2005. 2–9. https://doi.org/10.1109/ISPASS.2005.1430554

Digital Library

[3]

Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd Austin. 2016. ANVIL: Software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Notices, 51, 4 (2016), 743–755. https://doi.org/10.1145/2954679.2872390

Digital Library

[4]

Christian Bienia, Sanjeev Kumar, Jaswinder Pal Singh, and Kai Li. 2008. The PARSEC Benchmark Suite: Characterization and Architectural Implications. In Proceedings of the 17th International Conference on Parallel Architectures and Compilation Techniques (PACT ’08). Association for Computing Machinery, New York, NY, USA. 72–81. https://doi.org/10.1145/1454115.1454128

Digital Library

[5]

Carsten Bock, Ferdinand Brasser, David Gens, Christopher Liebchen, and Ahamd-Reza Sadeghi. 2019. RIP-RH: Preventing rowhammer-based inter-process attacks. In Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security. 561–572.

Digital Library

[6]

Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. CAn’ t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC. 117–130. isbn:978-1-931971-40-9 https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/brasser

[7]

Niladrish Chatterjee, Rajeev Balasubramonian, Manjunath Shevgoor, S Pugsley, A Udipi, Ali Shafiee, Kshitij Sudan, Manu Awasthi, and Zeshan Chishti. 2012. Usimm: the utah simulated memory module. University of Utah, Tech. Rep.

[8]

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos. 2019. Exploiting correcting codes: On the effectiveness of ecc memory against rowhammer attacks. In 2019 IEEE Symposium on Security and Privacy (SP). 55–71. https://doi.org/10.1109/SP.2019.00089

[9]

Standard Performance Evaluation Corporation. 2006. SPEC CPU2006 Benchmark Suite. http://www.spec.org/cpu2006/

[10]

Ali Fakhrzadehgan, Yale Patt, Prashant J. Nair, and Moin Qureshi. 2022. SafeGuard: Reducing the Security Risk from Row-Hammer via Low-Cost Integrity Protection. In Proceedings of the 28th IEEE International Symposium on High-Performance Computer Architecture (HPCA). IEEE.

[11]

Pietro Frigo, Emanuele Vannacc, Hasan Hassan, Victor Van Der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the many sides of target row refresh. In 2020 IEEE Symposium on Security and Privacy (SP). 747–762. https://doi.org/10.1109/SP40000.2020.00090

[12]

Google. 2021. Half-Double: Next-Row-Over Assisted RowHammer. https://github.com/google/hammer-kit/blob/main/20210525_half_double.pdf

[13]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O’Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of rowhammer defenses. In 2018 IEEE Symposium on Security and Privacy (SP). 245–261. https://doi.org/10.1109/SP.2018.00031

[14]

Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer. js: A remote software-induced fault attack in javascript. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 300–321.

Digital Library

[15]

Dae-Hyun Kim, Prashant J Nair, and Moinuddin K Qureshi. 2014. Architectural support for mitigating row hammering in DRAM memories. IEEE CAL, 14, 1 (2014), 9–12. https://doi.org/10.1109/LCA.2014.2332177

Digital Library

[16]

Jeremie S Kim, Minesh Patel, A Giray Yağlıkçı, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu. 2020. Revisiting rowhammer: An experimental analysis of modern dram devices and mitigation techniques. In 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). 638–651. https://doi.org/10.1109/ISCA45697.2020.00059

Digital Library

[17]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News, 42, 3 (2014), 361–372. https://doi.org/10.1109/ISCA.2014.6853210

Digital Library

[18]

Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2018. ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). USENIX Association, Carlsbad, CA. 697–710. isbn:978-1-939133-08-3 https://www.usenix.org/conference/osdi18/presentation/konoth

Digital Library

[19]

Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. Rambleed: Reading bits in memory without accessing them. In 2020 IEEE Symposium on Security and Privacy (SP). 695–711. https://doi.org/10.1109/SP40000.2020.00020

[20]

Eojin Lee, Ingab Kang, Sukhan Lee, G Edward Suh, and Jung Ho Ahn. 2019. TWiCe: preventing row-hammering by exploiting time window counters. In Proceedings of the 46th International Symposium on Computer Architecture. 385–396. https://doi.org/10.1145/3307650.3322232

Digital Library

[21]

Lenovo. 2015. Row Hammer Privilege Escalation - Lenovo Security Advisory: LEN-2015-009. https://support.lenovo.com/us/en/product_security/row_hammer

[22]

Kevin Loughlin, Stefan Saroiu, Alec Wolman, and Baris Kasikci. 2021. Stop! Hammer time: rethinking our approach to rowhammer mitigations. In Proceedings of the Workshop on Hot Topics in Operating Systems. 88–95. https://doi.org/10.1145/3458336.3465295

Digital Library

[23]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. SIGPLAN Not., 40, 6 (2005), jun, 190–200. issn:0362-1340 https://doi.org/10.1145/1064978.1065034

Digital Library

[24]

Naveen Muralimanohar, Rajeev Balasubramonian, and Norman P Jouppi. 2009. CACTI 6.0: A tool to model large caches. HP laboratories, 27 (2009), 28.

[25]

Yeonhong Park, Woosuk Kwon, Eojin Lee, Tae Jun Ham, Jung Ho Ahn, and Jae W. Lee. 2020. Graphene: Strong yet Lightweight Row Hammer Protection. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, Athens, Greece. 1–13. isbn:9781728173832 https://doi.org/10.1109/MICRO50266.2020.00014

[26]

K. Asanovic S. Beamer and D. Patterson. 2015. The GAP benchmark suite. In arXiv preprint arXiv:1508.03619.

[27]

Gururaj Saileshwar, Prashant J Nair, Prakash Ramrakhyani, Wendy Elsasser, and Moinuddin K Qureshi. 2018. Synergy: Rethinking secure-memory design for error-correcting memories. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA). 454–465. https://doi.org/10.1109/HPCA.2018.00046

[28]

Gururaj Saileshwar and Moinuddin Qureshi. 2021. MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 1379–1396. isbn:978-1-939133-24-3 https://www.usenix.org/conference/usenixsecurity21/presentation/saileshwar

[29]

Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Black Hat, 15 (2015), 71.

[30]

Vivek Seshadri, Yoongu Kim, Chris Fallin, Donghyuk Lee, Rachata Ausavarungnirun, Gennady Pekhimenko, Yixin Luo, Onur Mutlu, Phillip B Gibbons, and Michael A Kozuch. 2013. RowClone: Fast and energy-efficient in-DRAM bulk data copy and initialization. In Proceedings of the 46th Annual IEEE/ACM International Symposium on Microarchitecture. 185–197. https://doi.org/10.1145/2540708.2540725

Digital Library

[31]

Seyed Mohammad Seyedzadeh, Alex K Jones, and Rami Melhem. 2018. Mitigating wordline crosstalk using adaptive trees of counters. In 2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA). 612–623. https://doi.org/10.1109/ISCA.2018.00057

Digital Library

[32]

Mungyu Son, Hyunsun Park, Junwhan Ahn, and Sungjoo Yoo. 2017. Making DRAM stronger against row hammering. In Proceedings of the 54th Annual Design Automation Conference 2017. 1–6.

Digital Library

[33]

Standard Performance Evaluation Corporation. 2017. SPEC CPU2017 Benchmark Suite. http://www.spec.org/cpu2017/

[34]

UBC Advanced Research Computing. 2019. UBC ARC Sockeye. https://doi.org/10.14288/SOCKEYE

[35]

Victor Van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi. 2018. GuardION: Practical mitigation of DMA-based rowhammer attacks on ARM. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 92–113. https://doi.org/10.1007/978-3-319-93411-2_5

[36]

Xin-Chuan Wu, Timothy Sherwood, Frederic T. Chong, and Yanjing Li. 2019. Protecting Page Tables from RowHammer Attacks Using Monotonic Pointers in DRAM True-Cells. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS ’19). Association for Computing Machinery, New York, NY, USA. 645–657. isbn:9781450362405 https://doi.org/10.1145/3297858.3304039

Digital Library

[37]

A Giray Yağlikçi, Minesh Patel, Jeremie S Kim, Roknoddin Azizi, Ataberk Olgun, Lois Orosa, Hasan Hassan, Jisung Park, Konstantinos Kanellopoulos, and Taha Shahroodi. 2021. BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows. In 2021 IEEE International Symposium on High Performance Computer Architecture (HPCA). 345–358. https://doi.org/10.1109/HPCA51647.2021.00037

[38]

Fan Yao, Adnan Siraj Rakin, and Deliang Fan. 2020. DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1463–1480. isbn:978-1-939133-17-5 https://www.usenix.org/conference/usenixsecurity20/presentation/yao

[39]

Jung Min You and Joon-Sung Yang. 2019. MRLoc: Mitigating Row-hammering based on memory Locality. In 2019 56th ACM/IEEE Design Automation Conference (DAC). 1–6.

Digital Library

[40]

Zhi Zhang, Yueqiang Cheng, Dongxi Liu, Surya Nepal, Zhi Wang, and Yuval Yarom. 2020. PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 28–41. https://doi.org/10.1109/MICRO50266.2020.00016

Cited By

M PMutyam MTavva V(2024)Cache Line Pinning for Mitigating Row Hammer AttackProceedings of the 53rd International Conference on Parallel Processing10.1145/3673038.3673114(802-811)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3673038.3673114
Zhang ZChen DQi JCheng YJiang SLin YGao YNepal SZou YZhang JXiang YQuek TGao DZhou JCardenas A(2024)SoK: Rowhammer on Commodity Operating SystemsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3656998(436-452)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3656998
Saxena AMathur SQureshi MTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Rubix: Reducing the Overhead of Secure Rowhammer Mitigations via Randomized Line-to-Row MappingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640404(1014-1028)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640404
Show More Cited By

Index Terms

Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rows
1. Security and privacy
  1. Security in hardware

Recommendations

Cache Line Pinning for Mitigating Row Hammer Attack
ICPP '24: Proceedings of the 53rd International Conference on Parallel Processing

RowHammer attack is a serious security threat to DRAM-based memory that causes bit flips in nearby rows when a DRAM row is accessed frequently. Many mitigation strategies are proposed against the RowHammer attack, and a few of the mitigation strategies ...
Towards Enhanced System Efficiency while Mitigating Row Hammer

In recent years, DRAM-based main memories have become susceptible to the Row Hammer (RH) problem, which causes bits to flip in a row without accessing them directly. Frequent activation of a row, called an aggressor row, causes its adjacent rows’ (victim)...
A Case for Amplifying Row Hammer Attacks via Cell-Coupling in DRAM Devices
MEMSYS '22: Proceedings of the 2022 International Symposium on Memory Systems

Main memory technologies have been largely dominated by Dynamic Random Access Memory (DRAM) for several decades. However, the recurring issue of higher latency has compelled researchers to propose In-DRAM based caching techniques. In-DRAM caches have ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASPLOS '22: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

February 2022

1164 pages

ISBN:9781450392051

DOI:10.1145/3503222

General Chairs:
Babak Falsafi
EPFL, Switzerland
,
Michael Ferdman
Stony Brook University, USA
,
Program Chairs:
Shan Lu
University of Chicago, USA
,
Tom Wenisch
University of Michigan, USA / Google, USA

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Author Tags

Qualifiers

Research-article

Funding Sources

SRC/DARPA Center for Research on Intelligent Storage and Processing-in-memory (CRISP)
Natural Sciences and Engineering Research Council of Canada

Conference

ASPLOS '22

Sponsor:

ASPLOS '22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

February 28 - March 4, 2022

Lausanne, Switzerland

Acceptance Rates

Overall Acceptance Rate 535 of 2,713 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
558
Total Downloads

Downloads (Last 12 months)115
Downloads (Last 6 weeks)18

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

M PMutyam MTavva V(2024)Cache Line Pinning for Mitigating Row Hammer AttackProceedings of the 53rd International Conference on Parallel Processing10.1145/3673038.3673114(802-811)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.1145/3673038.3673114
Zhang ZChen DQi JCheng YJiang SLin YGao YNepal SZou YZhang JXiang YQuek TGao DZhou JCardenas A(2024)SoK: Rowhammer on Commodity Operating SystemsProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3656998(436-452)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3656998
Saxena AMathur SQureshi MTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Rubix: Reducing the Overhead of Secure Rowhammer Mitigations via Randomized Line-to-Row MappingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640404(1014-1028)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640404
Cai KChowdhuryy MZhang ZYao F(2024)DeepVenom: Persistent DNN Backdoors Exploiting Transient Weight Perturbations in Memories2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00223(2067-2085)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00223
Luo YRakin AFan DXu X(2024)DeepShuffle: A Lightweight Defense Framework against Adversarial Fault Injection Attacks on Deep Neural Networks in Multi-Tenant Cloud-FPGA2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00034(3293-3310)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00034
Luo HTuğrul YBostancı FOlgun AYağlıkçı AMutlu O(2024)Ramulator 2.0: A Modern, Modular, and Extensible DRAM SimulatorIEEE Computer Architecture Letters10.1109/LCA.2023.333375923:1(112-116)Online publication date: Jan-2024
https://doi.org/10.1109/LCA.2023.3333759
France LBruguier FNovo DMushtaq MBenoit P(2024)Reducing the Silicon Area Overhead of Counter-Based Rowhammer MitigationsIEEE Computer Architecture Letters10.1109/LCA.2023.332882423:1(61-64)Online publication date: Jan-2024
https://doi.org/10.1109/LCA.2023.3328824
Jaleel ASaileshwar GKeckler SQureshi M(2024)PrIDE: Achieving Secure Rowhammer Mitigation with Low-Cost In-DRAM Trackers2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00087(1157-1172)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00087
Nam HBaek SWi MKim MPark JSong CKim NAhn J(2024)DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00083(1097-1111)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00083
Bostanci FYüksel IOlgun AKanellopoulos KTuğrul YYağliçi ASadrosadati MMutlu O(2024)CoMeT: Count-Min-Sketch-based Row Tracking to Mitigate RowHammer at Low Cost2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00050(593-612)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00050
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents