LightRoAD: Lightweight Rowhammer Attack Detector

Dynamic Random Access Memory (DRAM)-based systems are widely used in mobile and portable applications where low-cost and high-storage memory capability are required. However, such systems are prone to attacks. A latent threat to DRAM-based system security is the so-called Rowhammer attacks. By repeatedly accessing memory, an attacker is able to perform unauthorized data modifications into physically adjacent memory locations. As a consequence, powerful privilege-escalation attacks can be achieved. Although most of the known countermeasures are based on refresh strategies or intensive address monitoring, their efficient and low-cost realization is still a challenge. In this work, we present LightRoad, a lightweight and flexible hardware detector for Rowhammer attacks. Additionally, we propose two variants that further extend the LightRoad security, namely LightRoAD+Sec and LightRoAD+PARA. Our experiments show that LightRoad and its variants are very efficient and effective to detect attacks while having an affordable cost that varies according to the desired security level.

[1]  Rei-Fu Huang,et al.  Alternate hammering test for application-specific DRAMs and an industrial case study , 2012, DAC Design Automation Conference 2012.

[2]  Onur Mutlu,et al.  Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques , 2020, 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA).

[3]  Luca Benini,et al.  The Cost of Application-Class Processing: Energy and Performance Analysis of a Linux-Ready 1.7-GHz 64-Bit RISC-V Core in 22-nm FDSOI Technology , 2019, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[4]  Ahmad-Reza Sadeghi,et al.  CAn't Touch This: Practical and Generic Software-only Defenses Against Rowhammer Attacks , 2016, ArXiv.

[5]  Herbert Bos,et al.  Flip Feng Shui: Hammering a Needle in the Software Stack , 2016, USENIX Security Symposium.

[6]  Herbert Bos,et al.  Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[7]  Onur Mutlu,et al.  The RowHammer problem and other issues we may face as memory becomes denser , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[8]  Rui Qiao,et al.  A new approach for rowhammer attacks , 2016, 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[9]  Herbert Bos,et al.  Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[10]  Wei He,et al.  Persistent Fault Analysis on Block Ciphers , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[11]  Alec Wolman,et al.  Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[12]  Yuval Yarom,et al.  Another Flip in the Wall of Rowhammer Defenses , 2017, 2018 IEEE Symposium on Security and Privacy (SP).

[13]  Fan Zhang,et al.  Understanding Rowhammer Attacks through the Lens of a Unified Reference Framework , 2019, ArXiv.

[14]  Taesoo Kim,et al.  SGX-Bomb: Locking Down the Processor via Rowhammer Attack , 2017, SysTEX@SOSP.

[15]  G. Edward Suh,et al.  TWiCe: Preventing Row-hammering by Exploiting Time Window Counters , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[16]  Yuan Xiao,et al.  One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation , 2016, USENIX Security Symposium.

[17]  Todd M. Austin,et al.  When good protections go bad: Exploiting anti-DoS measures to accelerate rowhammer attacks , 2017, 2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).

[18]  Onur Mutlu,et al.  BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows , 2021, International Symposium on High-Performance Computer Architecture.

[19]  Dae-Hyun Kim,et al.  Architectural Support for Mitigating Row Hammering in DRAM Memories , 2015, IEEE Computer Architecture Letters.

[20]  Christopher Krügel,et al.  GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM , 2018, DIMVA.

[21]  Reetuparna Das,et al.  ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks , 2016, ASPLOS.

[22]  Daniel Gruss,et al.  Nethammer: Inducing Rowhammer Faults through Network Requests , 2018, 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[23]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[24]  Debdeep Mukhopadhyay,et al.  Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis , 2016, CHES.

[25]  Onur Mutlu,et al.  RowHammer: A Retrospective , 2019, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[26]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[27]  Herbert Bos,et al.  Throwhammer: Rowhammer Attacks over the Network and Defenses , 2018, USENIX ATC.

[28]  Yanick Fratantonio,et al.  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms , 2016, CCS.