Rapid detection of rowhammer attacks using dynamic skewed hash tree

RowHammer attacks pose a security threat to DRAM chips by causing bit-flips in sensitive memory regions. We propose a technique that combines a sliding window protocol and a dynamic integrity tree to rapidly detect multiple bit-flips caused by RowHammer attacks. Sliding window protocol monitors the frequent accesses made to the same bank in short intervals to identify the vulnerable rows. Dynamic integrity tree relies on SHA-3 Keccak hash function while maintaining the minimal number of vulnerable rows at any particular time to enable detection of bit flips. We demonstrate the effectiveness of the proposed approach by performing RowHammer attacks using the prime and probe method with a DDR3 DRAM. We show that the dynamic tree structure only needs to maintain a small number of vulnerable rows at a time, thus notably reducing the height of the integrity tree to enable rapid detection of the bit-flips.

[1]  Moinuddin K. Qureshi,et al.  A case for Refresh Pausing in DRAM memory systems , 2013, 2013 IEEE 19th International Symposium on High Performance Computer Architecture (HPCA).

[2]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[3]  Reetuparna Das,et al.  ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks , 2016, ASPLOS.

[4]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[5]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[6]  Rami G. Melhem,et al.  Counter-Based Tree Structure for Row Hammering Mitigation in DRAM , 2017, IEEE Computer Architecture Letters.

[7]  Yanick Fratantonio,et al.  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms , 2016, CCS.

[8]  Chris Fallin,et al.  RowHammer: Reliability Analysis and Security Implications , 2016, ArXiv.

[9]  Debdeep Mukhopadhyay,et al.  Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis , 2016, CHES.

[10]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[11]  Lionel Torres,et al.  Hardware Mechanisms for Memory Authentication: A Survey of Existing Techniques and Engines , 2009, Trans. Comput. Sci..

[12]  Steven Pigeon,et al.  A memory-efficient adaptive Huffman coding algorithm for very large sets of symbols , 1998, Proceedings DCC '98 Data Compression Conference (Cat. No.98TB100225).

[13]  Dae-Hyun Kim,et al.  Architectural Support for Mitigating Row Hammering in DRAM Memories , 2015, IEEE Computer Architecture Letters.

[14]  Guido Bertoni,et al.  Keccak sponge function family main document , 2009 .