We present the new class of non-uniform Rowhammer access patterns that bypass undocumented, proprietary in-DRAM Target Row Refresh (TRR) while operating in a production setting. We show that these patterns trigger bit flips on all 40 DDR4 DRAM devices in our test pool. We make a key observation that all published Rowhammer access patterns always hammer “aggressor” rows uniformly. While uniform accesses maximize the number of aggressor activations, we find that in-DRAM TRR exploits this behavior to catch aggressor rows and refresh neighboring “victims” before they fail. There is no reason, however, to limit Rowhammer attacks to uniform access patterns: smaller technology nodes make underlying DRAM technologies more vulnerable, and significantly fewer accesses are nowadays required to trigger bit flips, making it interesting to investigate less predictable access patterns. 我们提出了一类新的非均匀 Rowhammer 访问模式,这些模式在生产环境中运行时绕过了未记录的专有 DRAM 内目标行刷新 (TRR)。我们表明,这些模式会触发测试池中所有 40 个 DDR4 DRAM 器件的位翻转。我们做了一个关键的观察,所有已发布的 Rowhammer 访问模式总是统一地锤击 “aggressor” 行。虽然统一访问最大限度地提高了 Aggressor 激活的数量,但我们发现 In-DRAM TRR 利用这种行为来捕获 Aggressor 行并在相邻的“受害者”失败之前刷新它们。然而,没有理由将 Rowhammer 攻击限制在统一的访问模式中:较小的技术节点使底层 DRAM 技术更容易受到攻击,并且现在触发位翻转所需的访问要少得多,这使得研究不太可预测的访问模式变得有趣。
The search space for non-uniform access patterns, however, is tremendous. We design experiments to explore this space with respect to the deployed mitigations, highlighting the importance of the order, regularity, and intensity of accessing aggressor rows in non-uniform access patterns. We show how randomizing parameters in the frequency domain captures these aspects and use this insight in the design of Blacksmith, a scalable Rowhammer fuzzer that generates access patterns that hammer aggressor rows with different phases, frequencies, and amplitudes. Blacksmith finds complex patterns that trigger Rowhammer bit flips on all 40 of our recently purchased DDR4 DIMMs, 2.6 xx2.6 \times more than state of the art, and generating on average 87 xx87 \times more bit flips. We also demonstrate the effectiveness of these patterns on Low Power DDR4X devices. Our extensive analysis using Blacksmith further provides new insights on the properties of currently deployed TRR mitigations. We conclude that after almost a decade of research and deployed in-DRAM mitigations, we are perhaps in a worse situation than when Rowhammer was first discovered. 但是,非统一访问模式的搜索空间是巨大的。我们设计了实验来探索这一空间与部署的缓解措施有关,强调了在非统一访问模式中访问 Aggressor 行的顺序、规律和强度的重要性。我们展示了频域中的随机化参数如何捕获这些方面,并在 Blacksmith 的设计中使用这一见解,Blacksmith 是一种可扩展的 Rowhammer 模糊测试器,可生成访问模式,以不同相位、频率和幅度敲击攻击者行。Blacksmith 在我们最近购买的所有 40 个 DDR4 DIMM 上发现了触发 Rowhammer 位翻转的复杂模式, 2.6 xx2.6 \times 这比最先进的技术水平还要多,并且平均 87 xx87 \times 会产生更多的位翻转。我们还演示了这些模式在低功耗 DDR4X 设备上的有效性。我们使用 Blacksmith 的广泛分析进一步提供了有关当前部署的 TRR 缓解措施特性的新见解。我们得出的结论是,经过近十年的研究和部署 DRAM 缓解措施,我们的处境可能比 Rowhammer 首次被发现时更糟糕。
I. Introduction I. 引言
A dangerous mistake when designing a mitigation is assuming that attackers will operate the same way after the deployment of the new mitigation. This is especially true for in-DRAM Target Row Refresh (TRR), a selection of defense mechanisms for stopping the ever-worsening Rowhammer effect in the DRAM substrate. Proprietary, undocumented in-DRAM TRR is currently the only mitigation that stands between Rowhammer and attackers exploiting it in various scenarios such as browsers, mobile phones, the cloud, and even over the network [1]-[11]. In this paper, we show how deviations from known uniform Rowhammer access patterns allow attackers to flip bits on all 40 recently-acquired DDR4 DIMMs, 2.6 xx2.6 \times more than the state of the art [12]. The effectiveness of these new non-uniform patterns in bypassing TRR highlights the need for a more principled approach to address Rowhammer. 设计缓解措施时的一个危险错误是假设攻击者在部署新的缓解措施后将以相同的方式作。对于 DRAM 内目标行刷新 (TRR) 尤其如此,TRR 是一种用于阻止 DRAM 衬底中不断恶化的 Rowhammer 效应的防御机制。专有的、未记录的 DRAM 内 TRR 是目前唯一介于 Rowhammer 和攻击者之间,攻击者在各种场景中利用它,例如浏览器、手机、云,甚至通过网络 [1]-[11]。在本文中,我们展示了与已知的统一 Rowhammer 访问模式的偏差如何允许攻击者在所有 40 个最近获得的 DDR4 DIMM 上翻转位, 2.6 xx2.6 \times 这比最先进的 [12] 还要多。这些新的非均匀模式在绕过 TRR 方面的有效性凸显了需要一种更有原则的方法来解决 Rowhammer。
Existing Rowhammer patterns. Data in DRAM is stored in rows of cells. These cells consist of capacitors that leak charge over time. For preserving the data, the charge needs to be restored by refreshing the cells regularly. However, it is possible to leak charge from these cells with the Rowhammer vulnerability before they have a chance to get refreshed [13]. Existing approaches trigger Rowhammer by selecting one to many different “aggressor” rows to hammer [1], [12], [14]. These aggressor rows are repeatedly accessed in a short duration before cells get refreshed, causing bit flips in “victim” rows that are adjacent to these aggressors. As an example, the doublesided Rowhammer access pattern sandwiches a victim row with two aggressor rows, maximizing charge leakage in the victim row. To leak as much charge from victim rows as possible, such patterns hammer aggressors as often as possible before their victims have a chance to get refreshed. 现有的 Rowhammer 模式。DRAM 中的数据存储在 cells 行中。这些电池由随着时间的推移泄漏电荷的电容器组成。为了保留数据,需要通过定期刷新单元格来恢复费用。然而,这些电池有可能在有机会刷新之前通过 Rowhammer 漏洞泄漏电荷 [13]。现有的方法通过选择一对多不同的 “攻击者” 行来敲击 [1]、[12]、[14] 来触发 Rowhammer。在 cells 刷新之前,这些 aggressor 行会在短时间内被重复访问,从而导致与这些 aggressor 相邻的 “victim” 行发生位翻转。例如,双面 Rowhammer 访问模式将受害者行与两个攻击者行夹在一起,从而最大限度地提高了受害者行中的电荷泄漏。为了尽可能多地从受害者行中泄漏电荷,这种模式在受害者有机会恢复之前尽可能频繁地打击攻击者。
Target Row Refresh. Target Row Refresh (TRR) is an umbrella term for hardware mitigations against the Rowhammer vulnerability, with recent variants operating entirely inside DRAM chips [12]. At a high level, TRR aims to detect rows that are frequently accessed (i.e., hammered) and refresh their neighbors before their charge leak results in data corruptions. The challenge is finding the frequent items in a stream of DRAM accesses. However, as precise frequent item counting is expensive in hardware, TRR implementations try to estimate the frequent items (i.e., the aggressors). Recent work shows that by increasing the number of aggressors, certain implementations of TRR are unable to keep track of all aggressors and corruptions resurface [12]. A majority of TRR implementations (roughly 70%), however, remain secure since they can detect all aggressors given that they are hammered frequently enough. Target 行刷新。目标行刷新 (TRR) 是针对 Rowhammer 漏洞的硬件缓解的总称,最近的变体完全在 DRAM 芯片中运行 [12]。在高级别上,TRR 旨在检测经常访问(即锤击)的行,并在其电荷泄漏导致数据损坏之前刷新它们的邻居。挑战在于在 DRAM 访问流中查找常用项目。然而,由于精确的频繁项目计数在硬件中很昂贵,因此 TRR 实现尝试估计频繁的项目(即攻击者)。最近的研究表明,通过增加攻击者的数量,TRR 的某些实现无法跟踪所有攻击者,并且损坏会再次出现 [12]。然而,大多数 TRR 实现(大约 70%)仍然是安全的,因为它们可以检测到所有攻击者,因为它们受到的攻击频率足够高。
Non-uniform Rowhammer patterns. We make the key observation that prior Rowhammer attacks always access aggressors uniformly. From a frequent item counting perspective, this is a straightforward case for estimating frequent items. However, there is, of course, no need for attackers to hammer in the space where TRR implementations operate effectively. Given the increasing (physical) susceptibility of DRAM to Rowhammer [15], aggressors no longer need many accesses: attackers are free to choose from many hammering strategies between the times a victim row is refreshed. While this provides many possibilities to fool the TRR’s estimation of the frequent items, at the same time, it creates a problem for attackers since the search space for non-uniform patterns is huge. 不均匀的 Rowhammer 模式。我们做出了一个关键的观察,即之前的 Rowhammer 攻击总是统一地访问攻击者。从频繁项目计数的角度来看,这是估计频繁项目的简单情况。但是,当然,攻击者没有必要在 TRR 实现有效运行的空间内进行打击。鉴于 DRAM 对 Rowhammer [15] 的(物理)敏感性越来越高,攻击者不再需要多次访问:攻击者可以在刷新受害者行之间自由选择多种锤击策略。虽然这提供了许多可能性来欺骗 TRR 对频繁项目的估计,但与此同时,它给攻击者带来了问题,因为非统一模式的搜索空间很大。
We design a series of experiments that start by randomizing 我们设计了一系列实验,从随机化开始
the patterns and gradually discovering the essential properties that make them successful. This exploration ultimately results in a set of parameters for constructing non-uniform patterns that can effectively explore the weaknesses in existing TRR mechanisms. Notably, we find three temporal properties, namely order, regularity, and intensity, play a crucial role in constructing non-uniform patterns that can escape various TRR mechanisms. 模式并逐渐发现使它们成功的基本属性。这种探索最终产生了一组用于构建非均匀模式的参数,这些参数可以有效地探索现有 TRR 机制的弱点。值得注意的是,我们发现三个时间属性,即顺序、规律性和强度,在构建可以逃避各种 TRR 机制的非均匀模式中起着至关重要的作用。
Rowhammering in the frequency domain. To capture these temporal parameters, we propose constructing non-uniform patterns in the frequency domain. Signal properties such as phase, frequency, and amplitude conveniently map to the parameters that are important in exploring the blind spots of TRR. Based on this insight, we build Blacksmith - a scalable Rowhammer fuzzer capable of generating access patterns by randomizing parameters in the frequency domain for randomly selected aggressors. In contrast to previous work [12], our novel patterns are highly complex, making it difficult for humans to explore manually. Furthermore, our scalable fuzzing-based approach makes it easy to test a large number of DRAM devices against Rowhammer, without the need for time-consuming reverse engineering. On top of generating non-uniform patterns, we can distinguish interesting DRAM-dependent temporal properties by analyzing patterns that triggered bit flips. 频域中的 rowhammering。为了捕获这些时间参数,我们建议在频域中构建非均匀模式。相位、频率和幅度等信号特性可以方便地映射到探索 TRR 盲点时非常重要的参数。基于这一见解,我们构建了 Blacksmith - 一个可扩展的 Rowhammer 模糊测试器,能够通过在频域中随机化随机选择的攻击者的参数来生成访问模式。与以前的工作 [12] 相比,我们的新模式非常复杂,使人类难以手动探索。此外,我们基于模糊测试的可扩展方法可以轻松地针对 Rowhammer 测试大量 DRAM 设备,而无需耗时的逆向工程。除了生成非均匀模式之外,我们还可以通过分析触发位翻转的模式来区分有趣的 DRAM 相关时间属性。
Our evaluation shows that Blacksmith can generate patterns that can trigger bit flips on all 40 recently purchased DRR4 DIMMs from the three major DRAM vendors (Samsung, Micron, and Hynix), a factor of 2.6 xx2.6 \times more than state-of-the-art many-sided patterns [12]. We also demonstrate the effectiveness of these patterns on 16 out of 19 Low Power DDR4X devices. These results show that instead of obscure TRR mitigations, we need to invest in principled mitigations with clear guarantees. To gain more insights into these non-uniform patterns, we systematically evaluate how Blacksmith converges to the specific values of the different spatial and temporal parameters. Using the bit flips triggered by these patterns, we uncover interesting new properties of deployed TRR mitigations such as the number of aggressors that they track, the importance of the aggressors’ addresses, and significant differences in the number of triggered bit flips on different chips of the same device. Furthermore, we reverse-engineer properties of the TRR implementation on one of the Low Power DDRX devices where Blacksmith could not trigger bit flips and show how a different configuration of Blacksmith could trigger bit flips on these devices. 我们的评估表明,Blacksmith 可以在最近从三大 DRAM 供应商(三星、美光和海力士)购买的所有 40 个 DRR4 DIMM 上生成触发位翻转的模式,这一数字比最先进的多面模式 2.6 xx2.6 \times 要高得多 [12]。我们还在 19 款低功耗 DDR4X 器件中的 16 款上演示了这些模式的有效性。这些结果表明,我们需要投资于有明确保证的原则性缓解措施,而不是模糊的 TRR 缓解措施。为了更深入地了解这些非均匀模式,我们系统地评估了 Blacksmith 如何收敛到不同空间和时间参数的特定值。利用这些模式触发的位翻转,我们揭示了已部署的 TRR 缓解措施的有趣新属性,例如它们跟踪的攻击者数量、攻击者地址的重要性以及同一设备不同芯片上触发的位翻转数量的显着差异。此外,我们在 Blacksmith 无法触发位翻转的低功耗 DDRX 器件之一上对 TRR 实现的属性进行了逆向工程,并展示了 Blacksmith 的不同配置如何在这些器件上触发位翻转。
Contributions. We make the following contributions: 贡献。我们做出以下贡献:
(1) We present novel non-uniform Rowhammer patterns that make it difficult for TRR to estimate the potential aggressor rows accurately. (1) 我们提出了新颖的非均匀 Rowhammer 模式,这使得 TRR 难以准确估计潜在的攻击者行。
(2) We design Blacksmith, a new Rowhammer fuzzer that can effectively explore the important parameters of these nonuniform patterns by hammering in the frequency domain. (2) 我们设计了 Blacksmith,一种新的 Rowhammer 模糊测试器,可以通过在频域中敲击来有效地探索这些非均匀模式的重要参数。
(3) We evaluate Blacksmith on 40 DDR4 DIMMs from all three major DRAM vendors, showing that it is possible to trigger bit flips on 100%100 \% of them by using non-uniform (3) 我们在来自所有三大 DRAM 供应商的 40 个 DDR4 DIMM 上评估了 Blacksmith,结果表明,使用非均匀 DIMM 可以触发它们的位 100%100 \% 翻转
Fig. 1: DRAM structure. Low-level view on a DRAM bank. 图 1: DRAM 结构。DRAM bank 上的低级视图。
patterns. We also show Blacksmith’s ability to trigger bit flips on 16 out of 19 LPDDR4X DRAM chips. 模式。我们还展示了 Blacksmith 在 19 个 LPDDR4X DRAM 芯片中的 16 个上触发位翻转的能力。
(4) We conduct an extensive analysis of the effective patterns and bit flips found by Blacksmith to gain insights on patterns and deployed mitigations. Furthermore, we reverseengineer the TRR mechanism of one of the LPDDR4X devices where Blacksmith could not trigger any bit flips to show how it can better be configured. (4) 我们对 Blacksmith 发现的有效模式和位翻转进行了广泛的分析,以深入了解模式和部署的缓解措施。此外,我们对 Blacksmith 无法触发任何位翻转的LPDDR4X设备之一的 TRR 机制进行了逆向工程,以展示如何更好地配置它。
Reproducibility. To enable reproducibility, we publish the source code of Blacksmith on this URL: https://github.com/ comsec-group/blacksmith. 再现性。为了实现可重现性,我们在此 URL 上发布了 Blacksmith 的源代码:https://github.com/ comsec-group/blacksmith。
Responsible disclosure. We reported our findings to affected parties by following a responsible disclosure process. In Q12021, we initiated the process with the NCSC Switzerland (NCSC-CH). In Q2-2021, NCSC-CH informed affected parties and shared our results with DRAM vendors, OEMs, and cloud providers. In Q3-2021, NCSC-CH sent affected parties an updated version of our work and announced the public disclosure date. In Q4-2021, we have been assigned a CVE (CVE-202142114) and publicly disclosed Blacksmith on November 15, 2021. The three DRAM manufacturers (Samsung, SK Hynix, and Micron), Intel, AMD, Microsoft, Oracle, and Google confirmed the receipt of our findings. SK Hynix got in touch with us to discuss the LPDDR4X results. We discussed a possible mitigation with Intel and our findings more in detail with Google. None of the contacted parties informed us of their mitigation plans. 负责任的披露。我们遵循负责任的披露流程,向受影响的各方报告了我们的调查结果。在 Q12021,我们与瑞士 NCSC (NCSC-CH) 启动了该流程。在 2021 年第 2 季度,NCSC-CH 通知了受影响的各方,并与 DRAM 供应商、OEM 和云提供商分享了我们的结果。在 2021 年第 3 季度,NCSC-CH 向受影响的各方发送了我们工作的更新版本,并宣布了公开披露日期。在 2021 年第 4 季度,我们被分配了一个 CVE (CVE-202142114),并于 2021 年 11 月 15 日公开披露了 Blacksmith。三家 DRAM 制造商(三星、SK 海力士和美光)、英特尔、AMD、Microsoft、Oracle 和 Google 确认收到了我们的调查结果。SK 海力士与我们联系,讨论LPDDR4X结果。我们与 Intel 讨论了可能的缓解措施,并与 Google 更详细地讨论了我们的调查结果。没有一个被联系的方告诉我们他们的缓解计划。
II. Background 二、背景
This section gives an overview of DRAM, including its internal organization and interaction with the memory controller. We also introduce the Rowhammer attack, widely-deployed mitigations against it, and describe common access patterns. 本节概述了 DRAM,包括其内部组织和与内存控制器的交互。我们还介绍了 Rowhammer 攻击、广泛部署的缓解措施,并描述了常见的访问模式。
A. DRAM Organization A. DRAM 组织
While there are different DRAM types for PCs, servers, and laptops, they share a common organization discussed here. 虽然 PC、服务器和笔记本电脑有不同的 DRAM 类型,但它们共享一个相同的组织,此处讨论。
Addressing & Geometry. A DRAM address is composed of a channel, bank, rank, row, and column. Each channel is connected to one or multiple DIMMs, of which each can operate independently. A DIMM is equipped with multiple DRAM chips that are grouped into ranks and these, in turn, consist of multiple banks that can operate in parallel [16]. A bank is made of many DRAM cells, of which each contains a capacitor, which stores a single data bit as electrical charge, 寻址和几何。DRAM 地址由通道、bank、rank、row 和 column 组成。每个通道都连接到一个或多个 DIMM,每个 DIMM 都可以独立运行。DIMM 配备了多个 DRAM 芯片,这些芯片被分组为 Rank,而这些芯片又由多个可以并行运行的 bank 组成 [16]。一个 bank 由许多 DRAM 单元组成,每个单元都包含一个电容器,该电容器将单个数据位存储为电荷。
and an access transistor. These cells are arranged in a twodimensional grid (see Figure 1) and connected row- and columnwise by a word- and a bitline, respectively. Every bank has a row buffer, an array of sense amplifiers connected to the bit lines involved in reading/writing data from/to rows. 和一个访问晶体管。这些单元格排列在二维网格中(参见图 1),并分别通过字和位线逐行和按列连接。每个 bank 都有一个行缓冲区,一个连接到从行读/写数据的位行的 sense amplifiers 数组。
DRAM Commands [16]. Before reading or writing data to a DRAM address, the memory controller (MC) puts the associated bank in a precharged state by issuing the PRECHARGE command to DRAM, deactivating the row buffer. Next, the MC issues an ACTIVATE command, after which the requested row is loaded into the row buffer. Now, data can be read (READ) or written (WRITE); both require specifying the targeted column(s) of the loaded row. Additionally, the MC must issue REFRESH commands regularly, on average every 7.8 mu7.8 \mu (the refresh interval or tREFI) [17], to preserve a cell’s value since the capacitors leak charge over time [18]. The REFRESH only refreshes a small subset of rows at a time, which are determined by the DRAM chip, based a row’s last refresh time. Related to that is the retention time, typically 64 ms in DDR4 [18], [19], the minimum time that DRAM cells must be able to hold data without losing information. DRAM 命令 [16]。在向 DRAM 地址读取或写入数据之前,内存控制器 (MC) 通过向 DRAM 发出 PRECHARGE 命令,停用行缓冲区,将关联的 bank 置于预充电状态。接下来,MC 发出 ACTIVATE 命令,然后将请求的行加载到行缓冲区中。现在,数据可以读取 (READ) 或写入 (WRITE);两者都需要指定 loaded 行的目标列。此外,MC 必须定期发出 REFRESH 命令,平均平均每隔 7.8 mu7.8 \mu 一次(刷新间隔或 tREFI)[17],以保持电池的值,因为电容器会随着时间的推移泄漏电荷 [18]。REFRESH 一次只刷新一小部分行,这些行由 DRAM 芯片根据行的上次刷新时间确定。与此相关的是保留时间,在 DDR4 [18]、[19] 中通常为 64 毫秒,这是 DRAM 单元必须能够在不丢失信息的情况下保存数据的最小时间。
B. Rowhammer B. 罗哈默
While the industry has been aware of the Rowhammer vulnerability in DRAM since at least 2012 [20], Kim et al. [13] studied the problem rigorously for the first time in their seminal paper in 2014. They observed that commodity DRAM chips from all major vendors suffer from disturbance errors induced by repeatedly opening (ACTIVATE) and closing (PRECHARGE) a DRAM row (i.e., aggressor row) in a short period of time. This action causes some cells in neighboring rows (i.e., victim rows) to leak charge at a faster pace than usual. Consequently, these cells can no longer retain their charge for the period they are supposed to before the cell is refreshed, resulting in their bits flipping. 虽然至少从 2012 年开始,业界就已经意识到 DRAM 中的 Rowhammer 漏洞 [20],但 Kim 等人 [13] 在 2014 年的开创性论文中首次对这个问题进行了严格的研究。他们观察到,所有主要供应商的商用 DRAM 芯片都会因在短时间内反复打开 (ACTIVATE) 和关闭 (PRECHARGE) DRAM 行(即攻击者行)而出现干扰错误。此作会导致相邻行(即受害者行)中的一些单元格以比平时更快的速度泄漏电荷。因此,这些 cell 在刷新 cell 之前不能再保留其电荷,从而导致它们的位翻转。
The Rowhammer attack attracted much attention due to its devastating impact on systems security. Follow-up research showed how Rowhammer can be used to compromise users via JavaScript [2], [3], [8], [11], in the cloud [4], [5] on mobile phones [6], [7], and even over the network [9], [10]. Rowhammer 攻击因其对系统安全的破坏性影响而引起了广泛关注。后续研究表明,Rowhammer 如何通过 JavaScript [2]、[3]、[8]、[11]、云端 [4]、[5]、手机上的 [6]、[7],甚至网络 [9]、[10] 来入侵用户。
Target Row Refresh. The industry has responded to Rowhammer by deploying a mitigation known as Target Row Refresh (TRR). Frigo et al. [12] analyzed TRR and found that it refers to a variety of different solutions with the recent variants all operating inside the DRAM chips. They further show that inDRAM TRR tries to detect which rows are being hammered using a sampling mechanism and internally refreshes their victims before these receive their regular refresh. An ideal TRR sampler needs to keep track of every row that receives an ACTIVATE command but doing so is expensive in hardware. Instead, existing TRR mechanisms estimate the rows that are activated most often. The TRRespass fuzzer [12] shows gaps in this estimation by increasing the number of aggressor rows, causing Rowhammer bit flips to resurface on roughly 30%30 \% of modern DDR4 DIMMs. The question that we are trying to Target 行刷新。该行业通过部署一种称为 Target Row Refresh (TRR) 的缓解措施来应对 Rowhammer。Frigo 等人 [12] 分析了 TRR,发现它指的是各种不同的解决方案,最近的变体都在 DRAM 芯片内部运行。它们进一步表明,inDRAM TRR 尝试使用采样机制检测哪些行正在被敲击,并在这些行收到定期刷新之前在内部刷新受害者。理想的 TRR 采样器需要跟踪接收 ACTIVATE 命令的每一行,但这样做在硬件上成本很高。相反,现有的 TRR 机制会估计最常激活的行。TRRespass 模糊测试 [12] 通过增加 aggressor 行的数量来显示此估计中的差距,导致 Rowhammer 位翻转在大致 30%30 \% 现代 DDR4 DIMM 上重新出现。我们试图解决的问题
(a) Spatial arrangement of aggressor (a) 侵略者的空间布局
(b) Relative activation frequency, i.e., number (b) 相对激活频率,即数字
rows ( ◻\square ) and victim rows (◻)(\square) in DRAM DRAM 中的行 ( ◻\square ) 和受害者行 (◻)(\square)
of ACTIVATEs per aggressor in a Rowhammemory. mer pattern. Rowhammemory 中每个攻击者的 ACTIVATEs 数。mer 模式。
Fig. 2: Common Rowhammer access patterns. Overview of the most common Rowhammer access patterns from prior work. 图 2:常见的 Rowhammer 访问模式。之前工作中最常见的 Rowhammer 访问模式概述。
answer in this paper is whether there are more effective ways of discovering gaps in the estimation of aggressor rows. 本文的答案是是否有更有效的方法来发现 Aggressor 行估计中的差距。
Rowhammer Access Patterns. We use the term pattern to describe memory access sequences and denote patterns as being effective when they can trigger bit flips. In search of effective patterns for more DIMMs, we must understand how existing instances work. Figure 2a shows the three common Rowhammer access patterns. In the original work [13], the authors used two far apart aggressor rows for hammering, later termed as single-sided because, from the victim row’s point of view, their charge is being leaked from one side. Later, Seaborn and Dullien [1] showed that if a victim row is sandwiched by two aggressors, it increases the chance of bit flips (i.e., doublesided). Frigo et al. [12] introduced nn-sided Rowhammer, where nn refers to n-1n-1 victims being hammered by nn aggressors from both sides. Figure 2a shows an example with n=4n=4. The recent SMASH attack [11] shows that it can trigger bit flips in JavaScript by synchronizing n-sided patterns with the DRAM REFRESH command. Our experiments with SMASH patterns, as discussed in Appendix A, show that while aligning with REFRESH increases the number of effective patterns found on certain DIMMs, overall, it does not compromise TRR on more devices than the original nn-sided patterns. Rowhammer 访问模式。我们使用术语 pattern 来描述内存访问序列,并将模式表示为在它们可以触发 bit flip 时有效。为了寻找更多 DIMM 的有效模式,我们必须了解现有实例的工作原理。图 2a 显示了三种常见的 Rowhammer 访问模式。在原著 [13] 中,作者使用了两个相距很远的攻击者行进行锤击,后来被称为单面,因为从受害者行的角度来看,他们的电荷是从一侧泄漏的。后来,Seaborn 和 Dullien [1] 表明,如果一个受害者行被两个攻击者夹在中间,它会增加比特翻转(即双面)的机会。Frigo等[12]引入了 nn -side Rowhammer,其中 nn 指的是 n-1n-1 受害者被 nn 来自双方的攻击者锤击。图 2a 显示了一个带有 n=4n=4 .最近的 SMASH 攻击 [11] 表明,它可以通过使用 DRAM REFRESH 命令同步 n 侧模式来触发 JavaScript 中的位翻转。如附录 A 中所述,我们对 SMASH 模式的实验表明,虽然与 REFRESH 保持一致会增加某些 DIMM 上发现的有效模式的数量,但总体而言,它不会比原始 nn 侧模式在更多设备上影响 TRR。
We make a key observation that the aggressors in all these previous patterns are hammered uniformly as shown in Figure 2b. While hammering uniformly maximizes the chance of triggering a Rowhammer bit flip, since it maximizes the frequency in which the aggressors are hammered, it is also the easiest case for TRR to estimate the rows that are accessed the most (i.e., hammered). Given the increasing degree of vulnerability to Rowhammer, the aggressors no longer need to be hammered as frequently as possible, and a significantly smaller number of accesses is enough to trigger Rowhammer [15]. This provides an opportunity to better exercise the TRR’s estimation of aggressor rows by hammering non-uniformly. This paper explores the design of non-uniform patterns against in-DRAM TRR. 我们做了一个关键的观察,即所有这些先前模式中的攻击者都是均匀的,如图 2b 所示。虽然 uniform hammer 敲击最大限度地提高了触发 Rowhammer 钻头翻转的机会,因为它最大限度地提高了攻击者被锤击的频率,但它也是 TRR 最容易估计访问最多的行(即锤击)的情况。鉴于 Rowhammer 的脆弱性越来越高,攻击者不再需要尽可能频繁地被锤击,并且明显较少的访问次数就足以触发 Rowhammer [15]。这提供了一个机会,可以通过不均匀地锤击来更好地练习 TRR 对攻击者行的估计。本文探讨了针对 in-DRAM TRR 的非均匀模式的设计。
III. Properties of Effective Non-uniform Patterns III. 有效非均匀图案的特性
While non-uniform access patterns will likely make it more challenging for TRR to estimate the aggressors, at the same 虽然非统一访问模式可能会使 TRR 估计攻击者更具挑战性,但同时
