research-article

ALARM: Active LeArning of Rowhammer Mitigations

Authors:

Amir Naseredini,

Matteo Sammartino,

Shale XiongAuthors Info & Claims

HASP '22: Proceedings of the 11th International Workshop on Hardware and Architectural Support for Security and Privacy

Pages 1 - 9

https://doi.org/10.1145/3569562.3569563

Published: 21 September 2023 Publication History

Abstract

Rowhammer is a serious security problem of contemporary dynamic random-access memory (DRAM) where reads or writes of bits can flip other bits. DRAM manufacturers add mitigations, but don’t disclose details, making it difficult for customers to evaluate their efficacy. We present a tool, based on active learning, that automatically infers parameter of Rowhammer mitigations against synthetic models of modern DRAM.

References

[1]

Fides Aarts, Bengt Jonsson, Johan Uijen, and Frits W. Vaandrager. 2010. Generating models of infinite-state communication protocols using regular inference with abstraction. Formal Methods in System Design 46 (2010), 1–41.

Digital Library

[2]

Dana Angluin. 1987. Learning regular sets from queries and counterexamples. Information and Computation 75, 2 (1987), 87–106.

Digital Library

[3]

Antmicro. 2022. RowhammerTester. https://github.com/antmicro/rowhammer-tester.

[4]

Joeri de Ruiter. 2016. A Tale of the OpenSSL State Machine: A Large-Scale Black-Box Analysis. In NordSec 2016(LNCS, Vol. 10014). 169–184.

[5]

Joeri de Ruiter and Erik Poll. 2015. Protocol State Fuzzing of TLS Implementations. In USENIX Security Symposium. USENIX Association, 193–206.

[6]

Tiago Ferreira, Harrison Brewton, Loris D’Antoni, and Alexandra Silva. 2021. Prognosis: closed-box analysis of network protocol implementations. In ACM SIGCOMM. 762–774.

[7]

Paul Fiterau-Brostean, Ramon Janssen, and Frits W. Vaandrager. 2016. Combining Model Learning and Model Checking to Analyze TCP Implementations. In CAV(LNCS, Vol. 9780). 454–471.

[8]

Paul Fiterau-Brostean, Bengt Jonsson, Robert Merget, Joeri de Ruiter, Konstantinos Sagonas, and Juraj Somorovsky. 2020. Analysis of DTLS Implementations Using Protocol State Fuzzing. In USENIX.

[9]

Paul Fiterau-Brostean, Toon Lenaerts, Erik Poll, Joeri de Ruiter, Frits W. Vaandrager, and Patrick Verleg. 2017. Model learning and model checking of SSH implementations. In SPIN. 142–151.

[10]

Loïc France, Maria Mushtaq, Florent Bruguier, David Novo, and Pascal Benoit. 2021. Vulnerability Assessment of the Rowhammer Attack Using Machine Learning and the Gem5 Simulator - Work in Progress. In Proc. SAT-CPS ’21. 104–109.

Digital Library

[11]

Markus Frohme, Falk Howar, and Malte Isberner. 2022. LearnLib. https://github.com/Learnlib/learnlib.

[12]

Daniel Gruss. 2017. Rowhammer Attacks: An Extended Walkthrough Guide. Guest Talk @ SBA Research, Vienna, Austria. https://gruss.cc/files/sba.pdf.

[13]

Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, and Onur Mutlu. 2021. Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO. 1198–1213.

[14]

Hasan Hassan, Nandita Vijaykumar, Samira Khan, Saugata Ghose, Kevin Chang, Gennady Pekhimenko, Donghyuk Lee, Oguz Ergin, and Onur Mutlu. 2018. SoftMC: Practical DRAM Characterization Using an FPGA-Based Infrastructure.

[15]

Malte Isberner, Falk Howar, and Bernhard Steffen. 2014. The TTT Algorithm: A Redundancy-Free Approach to Active Automata Learning. In RV, Vol. 8734. Springer, 307–322. https://doi.org/10.1007/978-3-319-11164-3_26

[16]

Malte Isberner, Falk Howar, and Bernhard Steffen. 2015. The Open-Source LearnLib - A Framework for Active Automata Learning. In CAV, Vol. 9206. Springer, 487–495.

[17]

Fujiwara Bochmann Khendek, S Fujiwara, GV Bochmann, F Khendek, M Amalou, and A Ghedamsi. 1991. Test selection based on finite state models. IEEE Transactions on software engineering 17, 591-603 (1991), 10–1109.

Digital Library

[18]

Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News 42, 3 (2014), 361–372.

Digital Library

[19]

Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, and Daniel Gruss. 2022. Half-Double: Hammering From the Next Row Over. In USENIX Security’22. USENIX Association, 3807–3824.

[20]

Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. RAMBleed: Reading Bits in Memory Without Accessing Them. In S&P.

[21]

Kevin Loughlin, Stefan Saroiu, Alec Wolman, Yatin A. Manerkar, and Baris Kasikci. 2022. MOESI-Prime: Preventing Coherence-Induced Hammering in Commodity Workloads. In Proc. ISCA 22. 670–684.

Digital Library

[22]

Arm Ltd. 2022. Arm Morello Program. https://www.arm.com/architecture/cpu/morello.

[23]

Bryon Moyer. 2021. Will Monolithic 3D DRAM Happen?Semiconductor Engineering. https://semiengineering.com/will-monolithic-3d-dram-happen/.

[24]

Lev Mukhanov, Dimitrios S. Nikolopoulos, and Georgios Karakonstantis. 2020. DStress: Automatic Synthesis of DRAM Reliability Stress Viruses using Genetic Algorithms. In Proc. MICRO’20. 298–312.

[25]

R. Nair, S. M. Thatte, and J. A. Abraham. 1978. Efficient Algorithms for Testing Semiconductor Random-Access Memories. IEEE Trans. Comput. 27, 6 (1978), 572–576.

Digital Library

[26]

Amir Naseredini. 2022. Implementation of ALARM. https://github.com/sahnaseredini/alarm.

[27]

Amir Naseredini and Martin Berger. 2022. A Simple Model of Rowhammer. (August 2022). Manuscript, in preparation.

[28]

Walter Rudin. 1976. Principles of mathematical analysis (third ed.). McGraw-Hill.

[29]

L. G. Valiant. 1984. A Theory of the Learnable. Commun. ACM 27, 11 (1984), 1134–1142.

Digital Library

[30]

Pepe Vila, Pierre Ganty, Marco Guarnieri, and Boris Köpf. 2020. CacheQuery: learning replacement policies from hardware caches. In PLDI. ACM, 519–532. https://doi.org/10.1145/3385412.3386008

Digital Library

[31]

Andrew Walker, Sungkwon Lee, and Dafna Beery. 2021. On DRAM Rowhammer and the Physics of Insecurity. IEEE Transactions on Electron Devices (2021), 1–11. https://doi.org/10.1109/TED.2021.3060362

[32]

Laung-Terng Wang, Cheng-Wen Wu, and Xiaoqing Wen. 2006. VLSI Test Principles and Architectures: Design for Testability (Systems on Silicon). Morgan Kaufmann Publishers Inc.

[33]

Robert N.M. Watson 2015. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization. In 2015 IEEE Symposium on Security and Privacy. 20–37. https://doi.org/10.1109/SP.2015.9

Digital Library

Cited By

Qian CZhang MNie YLu SCao H(2023)A Survey of Bit-Flip Attacks on Deep Neural Network and Corresponding Defense MethodsElectronics10.3390/electronics1204085312:4(853)Online publication date: 8-Feb-2023
https://doi.org/10.3390/electronics12040853
Sylvester SSandersan JHasan S(2023)Mitigation of Rowhammer Attack on DDR4 Memory: A Novel Multi-Table Frequent Element Algorithm Based Approach2023 IEEE 66th International Midwest Symposium on Circuits and Systems (MWSCAS)10.1109/MWSCAS57524.2023.10405885(1098-1102)Online publication date: 6-Aug-2023
https://doi.org/10.1109/MWSCAS57524.2023.10405885

Index Terms

ALARM: Active LeArning of Rowhammer Mitigations
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
    2. Hardware reverse engineering

Recommendations

Fundamentally Understanding and Solving RowHammer
ASPDAC '23: Proceedings of the 28th Asia and South Pacific Design Automation Conference

We provide an overview of recent developments and future directions in the RowHammer vulnerability that plagues modern DRAM (Dynamic Random Memory Access) chips, which are used in almost all computing systems as main memory.

RowHammer is the phenomenon ...
A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

RowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies ...
Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

HASP '22: Proceedings of the 11th International Workshop on Hardware and Architectural Support for Security and Privacy

October 2022

58 pages

ISBN:9781450398718

DOI:10.1145/3569562

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 September 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Engineering and Physical Sciences Research Council

Conference

HASP '22

HASP '22: Hardware and Architectural Support for Security and Privacy

October 1, 2022

IL, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
27
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 23 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Qian CZhang MNie YLu SCao H(2023)A Survey of Bit-Flip Attacks on Deep Neural Network and Corresponding Defense MethodsElectronics10.3390/electronics1204085312:4(853)Online publication date: 8-Feb-2023
https://doi.org/10.3390/electronics12040853
Sylvester SSandersan JHasan S(2023)Mitigation of Rowhammer Attack on DDR4 Memory: A Novel Multi-Table Frequent Element Algorithm Based Approach2023 IEEE 66th International Midwest Symposium on Circuits and Systems (MWSCAS)10.1109/MWSCAS57524.2023.10405885(1098-1102)Online publication date: 6-Aug-2023
https://doi.org/10.1109/MWSCAS57524.2023.10405885

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents