Heterogeneous SoCs integrate FPGAs and microprocessor cores on the same fabric to accelerate applications such as cryptography and deep learning. Since FPGAs share resources with the microprocessor cores, they can launch non-cacheable SDRAM transactions through direct FPGA-to-microprocessor SDRAM interface. Therefore, if the FPGA 3rd party IPs (3PIPs) are malicious, they can launch rowhammer attacks on the SDRAM. Today's countermeasures based on performance counters cannot detect these attacks because memory transactions from FPGAs do not pass through the cache. In addition, countermeasures that count the frequency of activation of memory rows require structural changes to the memory controller or DRAM chips. Moreover, today's countermeasures cannot identify the IP that launches the attack. We present a security solution that monitors the SDRAM transactions from IPs on the FPGA to each bank of the microprocessor SDRAM through the FPGA-to-microprocessor SDRAM interface. The proposed monitor is implemented on the FPGA fabric. It can detect attempts to launch a rowhammer attack before it causes bit flips in the SDRAM. It utilizes only 1% of the adaptive logic modules (ALMs) available in an Intel Cyclone V FPGA to monitor the transactions from one IP.
[1]
Sumanta Chaudhuri,et al.
A Security Vulnerability Analysis of SoCFPGA Architectures
,
2018,
2018 55th ACM/ESDA/IEEE Design Automation Conference (DAC).
[2]
Chris Fallin,et al.
Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors
,
2014,
2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).
[3]
Reetuparna Das,et al.
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
,
2016,
ASPLOS.
[4]
Debdeep Mukhopadhyay,et al.
Rapid detection of rowhammer attacks using dynamic skewed hash tree
,
2018,
HASP@ISCA.