Scribd Logo
Upload

Welcome to Scribd!

  • EU 22 Kogler CSI Rowhammer

    Uploaded by

    Henrik Dalhof Jensen
    21 views222 pages
    This document summarizes a presentation on closing the case of Rowhammer attacks on DRAM memory. It explains that Rowhammer is a hardware fault where frequent accesses to aggressor rows can flip bits in a victim row in neighboring DRAM. Existing mitigations have been ineffective, but the presentation will propose transparently correcting bitflips if the OS can reconstruct the data from another source.

    Original Description:

    Original Title

    EU-22-Kogler-CSI-Rowhammer

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a presentation on closing the case of Rowhammer attacks on DRAM memory. It explains that Rowhammer is a hardware fault where frequent accesses to aggressor rows can flip bits in a victim row in neighboring DRAM. Existing mitigations have been ineffective, but the presentation will propose transparently correcting bitflips if the OS can reconstruct the data from another source.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views222 pages

    EU 22 Kogler CSI Rowhammer

    Uploaded by

    Henrik Dalhof Jensen
    This document summarizes a presentation on closing the case of Rowhammer attacks on DRAM memory. It explains that Rowhammer is a hardware fault where frequent accesses to aggressor rows can flip bits in a victim row in neighboring DRAM. Existing mitigations have been ineffective, but the presentation will propose transparently correcting bitflips if the OS can reconstruct the data from another source.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 222

    CSI:Rowhammer

    Closing the Case of Half-Double and Beyond


    BlackHat Europe 2022
    7th December 2022

    Andreas Kogler Jonas Juffinger


    Graz University of Technology Graz University of Technology
    Motivation - Rowhammer

    Something
    Mitigations
    Since 2014 Numerous exploits fundamentally
    ineffektive
    better?

    1 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    What if we could transparently correct arbitrary bitflips if
    we know that the OS can reconstruct the data from a
    different source?
    Introduction
    Dynamic Random Access Memory (DRAM)

    • Large, cheap and energy efficient

    2 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Dynamic Random Access Memory (DRAM)

    • Large, cheap and energy efficient wordline

    • Cell: one transistor & one capacitor

    bitline
    2 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )
    Dynamic Random Access Memory (DRAM)

    • Large, cheap and energy efficient wordline

    • Cell: one transistor & one capacitor


    • Capacitor looses charge over time

    bitline
    2 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )
    Dynamic Random Access Memory (DRAM)

    • Large, cheap and energy efficient wordline

    • Cell: one transistor & one capacitor


    • Capacitor looses charge over time

    bitline
    • Periodic refreshes required

    2 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Dynamic Random Access Memory (DRAM)

    • Large, cheap and energy efficient wordline

    • Cell: one transistor & one capacitor


    • Capacitor looses charge over time

    bitline
    • Periodic refreshes required
    • Organized in rows

    2 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    3 ∗ aggressor2 ;
    Victim
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    Victim 3 ∗ aggressor2 ;
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows
    • Worse with every new DRAM generation

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    Victim 3 ∗ aggressor2 ;
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer

    • Hardware fault of the DRAM [3]


    • Frequent accesses flip bits in neighboring rows
    • Worse with every new DRAM generation
    • Enables attacks, many countermeasures proposed

    1 f o r ( i = 0 ; i < N ; ++i ) {
    aggressor1 2 ∗ aggressor1 ;
    Victim 3 ∗ aggressor2 ;
    4 flush ( aggressor1 ) ;
    aggressor2
    5 flush ( aggressor2 ) ;
    6 }

    3 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rowhammer Patterns

    aggressor1 aggressor1 aggressor1


    Victim Victim Victim
    aggressor2
    aggressor2

    4 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Mitigations focus on the characteristics of Rowhammer
    Characteristics 1: Flips are Infrequent
    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes


    • Additional hardware redundancy

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes


    • Additional hardware redundancy
    • Catch low number of flips in HW

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes


    • Additional hardware redundancy
    • Catch low number of flips in HW
    • Increase the refresh rate

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes


    • Additional hardware redundancy
    • Catch low number of flips in HW
    • Increase the refresh rate
    • Reduce the attackers time window

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 1: Flips are Infrequent

    • ECC Error Correcting Codes


    • Additional hardware redundancy
    • Catch low number of flips in HW
    • Increase the refresh rate
    • Reduce the attackers time window
    • Default 64ms

    5 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 2: Attacks are Detectable
    Characteristics 2: Attacks are Detectable

    • Use Performance Monitoring Counters (PMCs)

    6 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 2: Attacks are Detectable

    • Use Performance Monitoring Counters (PMCs)


    • Monitor DRAM activity

    6 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 2: Attacks are Detectable

    • Use Performance Monitoring Counters (PMCs)


    • Monitor DRAM activity
    • Stop suspicious applications

    6 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Characteristics 3: Flips happen at Distance 1
    Characteristics 3: Flips happen at Distance 1

    • Flips only happen in neighboring rows


    • Mitigations based row layout
    • Guard rows
    • Targeted Row Refresh

    7 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard
    Victim
    Guard
    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Guard Rows

    • Allocate guard rows


    • Can not reach victim

    Agressor
    Guard

    Victim
    Guard

    Agressor

    8 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V)
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Target Row Refresh (TRR)

    • Additional victim refreshes


    • Standardized in LPDDR4x

    Near Aggressor (N+ )


    Victim (V) TRR
    Near Aggressor (N− )

    9 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Let’s start the cat and mouse game!
    The Problem with Rowhammer Mitigations
    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate [3]

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate [3]


    • Detectable with Performance Counters - ANVIL, HexPADS

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate [3]


    • Detectable with Performance Counters - ANVIL, HexPADS [2]

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate [3]


    • Detectable with Performance Counters - ANVIL, HexPADS [2]
    • Hammer Distance is 1 - TRR, ZebRAM, B-CATT

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Problem with Rowhammer Countermeasures

    • Bit Flips are infrequent - ECC, Increased Refresh Rate [3]


    • Detectable with Performance Counters - ANVIL, HexPADS [2]
    • Hammer Distance is 1 - TRR, ZebRAM, B-CATT [4]

    10 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Would perfect TRR fix Rowhammer?
    No
    The Half-Double Effect
    Distance 1

    • Distance-1
    Far Aggressor (F+ ) • (N+ → N− )∞
    Near Aggressor (N+ ) • Classic double-sided Rowhammer
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    11 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Distance 1

    • Distance-1
    Far Aggressor (F+ ) • (N+ → N− )∞
    Near Aggressor (N+ ) • Classic double-sided Rowhammer
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 18 000 hammers in 1.2 ms

    11 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Distance 1

    • Distance-1
    Far Aggressor (F+ ) • (N+ → N− )∞
    Near Aggressor (N+ ) • Classic double-sided Rowhammer
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 18 000 hammers in 1.2 ms
    3 Within the refresh window
    7 Mitigated by TRR

    11 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Distance 2

    Far Aggressor (F+ )


    • Distance-2
    Near Aggressor (N+ ) • (F+ → F− )∞
    Victim (V) • Distance two double-sided Rowhammer
    Near Aggressor (N− )
    Far Aggressor (F− )

    12 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Distance 2

    Far Aggressor (F+ )


    • Distance-2
    Near Aggressor (N+ ) • (F+ → F− )∞
    Victim (V) • Distance two double-sided Rowhammer
    Near Aggressor (N− ) • First flip after:
    Far Aggressor (F− ) • 4 000 000 hammers in 270 ms

    12 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Distance 2

    Far Aggressor (F+ )


    • Distance-2
    Near Aggressor (N+ ) • (F+ → F− )∞
    Victim (V) • Distance two double-sided Rowhammer
    Near Aggressor (N− ) • First flip after:
    Far Aggressor (F− ) • 4 000 000 hammers in 270 ms
    7 Not within the refresh windows

    12 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Half-Double

    • Half-Double
    • ((F+ → F− )β → N+ → N− )∞
    Far Aggressor (F+ ) • Many distance-2 accesses with a few distance-1
    Near Aggressor (N+ ) accesses
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    13 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Half-Double

    • Half-Double
    • ((F+ → F− )β → N+ → N− )∞
    Far Aggressor (F+ ) • Many distance-2 accesses with a few distance-1
    Near Aggressor (N+ ) accesses
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 296 960 hammers in 20 ms
    • Dilution β = 57 (5120 distance-1 accesses)

    13 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Half-Double

    • Half-Double
    • ((F+ → F− )β → N+ → N− )∞
    Far Aggressor (F+ ) • Many distance-2 accesses with a few distance-1
    Near Aggressor (N+ ) accesses
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 296 960 hammers in 20 ms
    • Dilution β = 57 (5120 distance-1 accesses)
    3 Within the refresh window

    13 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Half-Double

    • Half-Double
    • ((F+ → F− )β → N+ → N− )∞
    Far Aggressor (F+ ) • Many distance-2 accesses with a few distance-1
    Near Aggressor (N+ ) accesses
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 296 960 hammers in 20 ms
    • Dilution β = 57 (5120 distance-1 accesses)
    3 Within the refresh window
    3 Assisted by TRR

    13 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Half-Double

    • Half-Double
    • ((F+ → F− )β → N+ → N− )∞
    Far Aggressor (F+ ) • Many distance-2 accesses with a few distance-1
    Near Aggressor (N+ ) accesses
    Victim (V)
    • First flip after:
    Near Aggressor (N− )
    Far Aggressor (F− )
    • 296 960 hammers in 20 ms
    • Dilution β = 57 (5120 distance-1 accesses)
    3 Within the refresh window
    3 Assisted by TRR

    13 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ ) TRR
    Victim (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim (V)
    Near Aggressor (N− ) TRR
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    TRR Assisted Half-Double

    Far Aggressor (F+ )


    Near Aggressor (N+ )
    Victim
    (V)
    Near Aggressor (N− )
    Far Aggressor (F− )

    14 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Exploitable in the Wild?
    End-to-End Exploit – Overview

    • Target PFN in Page Table Entry [6]

    15 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    End-to-End Exploit – Overview

    • Target PFN in Page Table Entry [6]


    • C1: Allocation of Contiguous Memory

    15 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    End-to-End Exploit – Overview

    • Target PFN in Page Table Entry [6]


    • C1: Allocation of Contiguous Memory
    • C2: Alternative to Memory Templating

    15 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    End-to-End Exploit – Overview

    • Target PFN in Page Table Entry [6]


    • C1: Allocation of Contiguous Memory
    • C2: Alternative to Memory Templating
    • C3: Memory Massaging

    15 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    End-to-End Exploit – Overview

    • Target PFN in Page Table Entry [6]


    • C1: Allocation of Contiguous Memory
    • C2: Alternative to Memory Templating
    • C3: Memory Massaging
    • C4: Bit-Flip Verification

    15 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    C4 – Bit-Flip Verification

    • Corrupt page table entries can kill the attacker process

    16 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    C4 – Bit-Flip Verification

    • Corrupt page table entries can kill the attacker process

    if ( /*misprediction*/ ) {
    • Verify if address save to
    access(probe + (*ptr & 1));
    access
    }
    if ( is_cached(probe) ) { • Spectre gadget
    // ptr[0-4] valid
    }

    16 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    C4 – Bit-Flip Verification

    • Corrupt page table entries can kill the attacker process

    if ( /*misprediction*/ ) {
    • Verify if address save to
    access(probe + (*ptr & 1));
    access
    }
    if ( is_cached(probe) ) { • Spectre gadget
    // ptr[0-4] valid • Cached → accessible
    }

    16 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    C4 – Bit-Flip Verification

    • Corrupt page table entries can kill the attacker process

    if ( /*misprediction*/ ) {
    • Verify if address save to
    access(probe + (*ptr & 1));
    access
    }
    if ( is_cached(probe) ) { • Spectre gadget
    // ptr[0-4] valid • Cached → accessible
    } • Suppresses corruption faults

    16 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    End-to-End Exploit - Timings

    C2

    C1 C3 ≈23m root

    10s ... 4m < 1m C4 C4

    ≈22m ≈11m

    17 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    18 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )
    Rowhammer is still not fixed

    ECC HexPADS
    ChipKill ARMOR
    TRR NO OOM
    PARA B-CATT
    PRA G-CATT
    Refresh Rate ZebRAM
    MASCAT MemGuard

    19 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Rethinking Rowhammer Mitigations
    General approach to data integrity
    protection
    CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

    • General approach to data integrity protection

    20 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

    • General approach to data integrity protection


    • Detect all data integrity failures with a MAC

    20 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

    • General approach to data integrity protection


    • Detect all data integrity failures with a MAC
    • Best effort correction

    20 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Cryptographic Security and Integrity against Rowhammer

    • General approach to data integrity protection


    • Detect all data integrity failures with a MAC
    • Best effort correction
    • All Rowhammer attacks are DoS in the worst case

    20 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )
    MC

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    MC MAC
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    MC MAC
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    ?

    MC MAC
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    ?

    MC MAC
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    OS

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    Corruption Exception

    OS

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    Corruption Exception

    OS
    Exception Handler

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    Corruption Exception

    OS
    Exception Handler

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC =
    Compute No
    Correct
    1 Flip

    Corruption Exception

    OS
    Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No
    Correct
    1 Flip

    Corruption Exception

    OS
    Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core


    Compute No MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core Secure


    Compute No Memory
    MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Integrity Information

    MC MAC = CPU Core Secure


    Compute No Memory
    MAC
    Correct Compute
    1 Flip

    Corruption Exception

    OS
    Advanced Correction Exception Handler
    e.g. Reload from Disk Correction
    as a Search

    21 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – MAC Design

    M1 M2 M3 M4
    64 64 64 64

    Phys Addr1 QK PA2 QK PA3 QK PA4 QK
    56
    ⊕ ⊕
    MAC

    22 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – MAC Design

    M1 M2 M3 M4
    64 64 64 64

    Phys Addr1 QK PA2 QK PA3 QK PA4 QK
    56
    ⊕ ⊕
    MAC

    • Pipelined PMAC construction

    22 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – MAC Design

    M1 M2 M3 M4
    64 64 64 64

    Phys Addr1 QK PA2 QK PA3 QK PA4 QK
    56
    ⊕ ⊕
    MAC

    • Pipelined PMAC construction


    • QARMA5 -64-σ0 block cipher [1]

    22 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – MAC Design

    M1 M2 M3 M4
    64 64 64 64

    Phys Addr1 QK PA2 QK PA3 QK PA4 QK
    56
    ⊕ ⊕
    MAC

    • Pipelined PMAC construction • 256-bit data 5.13 ns


    • QARMA5 -64-σ0 block cipher [1]

    22 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – MAC Design

    M1 M2 M3 M4
    64 64 64 64

    Phys Addr1 QK PA2 QK PA3 QK PA4 QK
    56
    ⊕ ⊕
    MAC

    • Pipelined PMAC construction • 256-bit data 5.13 ns


    • QARMA5 -64-σ0 block cipher [1] • 512-bit data 6.60 ns

    22 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Error Correction in Software
    CSI:Rowhammer – Corruption Exception

    23 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Corruption Exception

    • Physical address in CR2

    23 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Corruption Exception

    • Physical address in CR2


    • Load corrupted data with csi load

    23 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Corruption Exception

    • Physical address in CR2


    • Load corrupted data with csi load
    • Compute MAC with csi mac

    23 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Corruption Exception

    • Physical address in CR2


    • Load corrupted data with csi load
    • Compute MAC with csi mac
    • Write back corrected data with csi xchg

    23 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    MACs cannot correct bit flips
    CSI:Rowhammer – Correction as a Search

    • MACs cannot correct bit flips

    24 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction as a Search

    • MACs cannot correct bit flips


    • Brute force search with approximate equality

    24 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction as a Search

    • MACs cannot correct bit flips


    • Brute force search with approximate equality
    0010110100101101 → 01011010

    24 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction as a Search

    • MACs cannot correct bit flips


    • Brute force search with approximate equality
    0010110100101101 → 01011010
    0010110100101101 → 01010010 3

    24 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction as a Search

    • MACs cannot correct bit flips


    • Brute force search with approximate equality
    0010110100101101 → 01011010
    0010110100101101 → 01010010 3
    • Parity bits to shrink search space

    24 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction Time

    11.6 d
    2.7 h
    1.7 min
    Correction Time

    1s
    10 ms
    100 µs
    1 µs
    10 ns HW Avg SW ECC

    1 2 3 4 5 6 7 8
    Number of Flips

    25 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Evaluation

    26 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Evaluation

    • Implemented CSI:Rowhammer in gem5

    26 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Evaluation

    • Implemented CSI:Rowhammer in gem5


    • Modified Linux kernel

    26 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Evaluation

    • Implemented CSI:Rowhammer in gem5


    • Modified Linux kernel
    • Evaluated correct functionality

    26 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Evaluation

    • Implemented CSI:Rowhammer in gem5


    • Modified Linux kernel
    • Evaluated correct functionality
    • Evaluated performance overhead

    26 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    27
    Overhead
    bl
    ac

    0%
    2%
    4%
    ks
    bo cho
    dy les
    tr
    ca ack
    nn
    e
    de al
    du
    flu p
    id fer
    an re
    im t
    st fre at

    PARSEC
    re qm e
    am i
    c n
    sw lus e
    ap ter
    tio
    ba ns
    ch rne
    ol s
    es
    ky
    ff
    lu t
    CSI:Rowhammer – Performance Overhead

    l b c
    oc u n
    c
    oc ean b
    ea cp
    n
    ra nc
    di p
    os
    SPLASH-2x

    it
    Andreas Kogler (7@0xhilbert)

    wa ra y
    te vo ix d
    r l
    wa nsq rend
    te ua
    r re
    gm spa d
    ti
    ge gm par al
    om sp se
    et las c
    ric h2
    m x
    ea
    GMEAN

    n
    6.60 ns (512-bit data)
    5.13 ns (256-bit data)

    Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Security Evaluation

    28 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Security Evaluation

    • Approximate Equality

    28 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Security Evaluation

    • Approximate Equality

    Data Flips log2 (p) d MAC Strength


    5 26.0 3 41.2
    6 31.5 2 45.4
    7 38.8 1 50.2
    8 42.4 0 56.0

    28 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Security Evaluation

    • Approximate Equality
    • Silent Data Corruption rate less than once per 109 billion years.

    Data Flips log2 (p) d MAC Strength


    5 26.0 3 41.2
    6 31.5 2 45.4
    7 38.8 1 50.2
    8 42.4 0 56.0

    28 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Security Evaluation

    • Approximate Equality
    • Silent Data Corruption rate less than once per 109 billion years.
    • Rowhammer second preimage after one year: 9.75 · 10−5 %

    Data Flips log2 (p) d MAC Strength


    5 26.0 3 41.2
    6 31.5 2 45.4
    7 38.8 1 50.2
    8 42.4 0 56.0

    28 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Virtual Environments

    29 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Virtual Environments

    • Only host support required

    29 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Virtual Environments

    • Only host support required


    • Guest support optional

    29 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Virtual Environments

    • Only host support required


    • Guest support optional
    • Makes upgrading easy

    29 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    The Possibilities
    CSI:Rowhammer – Advanced Error Correction

    Correction in software opens up many new possibilities

    30 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Correction in software opens up many new possibilities


    • Data correction as a service (DCaaS)

    30 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Correction in software opens up many new possibilities


    • Data correction as a service (DCaaS)
    • Correction by ChatGPTTM

    30 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Correction by ChatGPT
    CSI:Rowhammer – Correction by ChatGPT
    CSI:Rowhammer – Correction by ChatGPT
    CSI:Rowhammer – Advanced Error Correction

    Hardware acceleration

    31 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Hardware acceleration
    • Ice Lake SP Xeon Server die size: 628 mm2

    31 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Hardware acceleration
    • Ice Lake SP Xeon Server die size: 628 mm2
    • Fits roughly 500 000 QARMA blocks

    31 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Hardware acceleration
    • Ice Lake SP Xeon Server die size: 628 mm2
    • Fits roughly 500 000 QARMA blocks
    • 8 bit flips correction: 5.44 h → 40 ms

    31 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    • Multi-bit flips not happening often

    32 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    • Multi-bit flips not happening often


    • Specialized data correction nodes

    32 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Kernel data with known structures

    33 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Kernel data with known structures


    • Kernel code

    33 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Kernel data with known structures


    • Kernel code
    • Page tables

    33 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Advanced Error Correction

    Kernel data with known structures


    • Kernel code
    • Page tables
    • Task structs

    33 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Performance Improvements

    Performance impact caused by MAC computation

    34 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Performance Improvements

    Performance impact caused by MAC computation


    • Transient execution with unverified data

    34 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Performance Improvements

    Performance impact caused by MAC computation


    • Transient execution with unverified data
    • Can be made secure [7, 5]

    34 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Performance Improvements

    Performance impact caused by MAC computation


    • Transient execution with unverified data
    • Can be made secure [7, 5]
    → No performance impact

    34 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Final Remarks

    • Rowhammer mitigations assuming characteristics are broken.

    35 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Final Remarks

    • Rowhammer mitigations assuming characteristics are broken.


    • Software-based correction opens up a lot of flexibility.

    35 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Final Remarks

    • Rowhammer mitigations assuming characteristics are broken.


    • Software-based correction opens up a lot of flexibility.
    • Open Source ‡
    https://github.com/IAIK/halfdouble
    https://github.com/IAIK/csirowhammer

    35 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Final Remarks

    • Rowhammer mitigations assuming characteristics are broken.


    • Software-based correction opens up a lot of flexibility.
    • Open Source ‡
    https://github.com/IAIK/halfdouble
    https://github.com/IAIK/csirowhammer
    • Many more details in the papers

    35 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Final Remarks

    • Rowhammer mitigations assuming characteristics are broken.


    • Software-based correction opens up a lot of flexibility.
    • Open Source ‡
    https://github.com/IAIK/halfdouble
    https://github.com/IAIK/csirowhammer
    • Many more details in the papers

    Half-Double Rowhammer CSI:Rowhammer


    35 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )
    References i

    Roberto Avanzi. The QARMA Block Cipher Family: Almost MDS Matrices Over Rings
    With Zero Divisors, Nearly Symmetric Even-Mansour Constructions With Non-Involutory
    Central Rounds, and Search Heuristics for Low-Latency S-Boxes. In: IACR Transactions
    on Symmetric Cryptology 2017.1 (2017), pp. 4–44.
    Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger,
    Sioli O’Connell, Wolfgang Schoechl, and Yuval Yarom. Another Flip in the Wall of
    Rowhammer Defenses. In: S&P. 2018.
    Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, D607onghyuk Lee,
    Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory without accessing
    them: An experimental study of DRAM disturbance errors. In: ACM SIGARCH Computer
    Architecture News 42.3 (2014), pp. 361–372.

    36 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    References ii

    Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp,
    Nicolas Boichat, Eric Shiu, Mattias Nissler, and Daniel Gruss. Half-Double: Hammering
    From the Next Row Over. In: In major revision at USENIX Security Symposium. 2022.
    Tamara Silbergleit Lehman, Andrew D. Hilton, and Benjamin C. Lee. PoisonIvy: Safe
    speculation for secure memory. In: MICRO. 2016.
    Mark Seaborn and Thomas Dullien. Test DRAM for bit flips caused by the rowhammer
    problem. Retrieved on July 27, 2015. 2015. url:
    https://github.com/google/rowhammer-test.
    Weidong Shi and Hsien-Hsin S. Lee. Authentication Control Point and Its Implications
    For Secure Processor Design. In: MICRO. 2006.

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Additonal Slides
    Affected Devices

    • Tested 13 DIMMs & devices


    • 2 DIMMs affected
    • FPGA analysis
    • Exact numbers
    • 5 out of 7 mobile devices affected
    • Reversed addressing
    • Unprivileged flush
    • Uncachable memory (10x)

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    Affected Devices - Flip Numbers

    System RAM NHammers UC0→1 UC1→0 Flush0→1 Flush1→0


    Chromebook1 LPDDR4x 23 274 27 40 2 5
    Chromebook2 LPDDR4x 23 586 235 2379 12 101
    OnePlus 5T LPDDR4x 25 687 2 30 1 24
    Pixel 3 LPDDR4x 32 921 11 5 0 0
    HTC U11 LPDDR4x 21 840 - - 3 17

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips


    • 1 Page IDT

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips


    • 1 Page IDT
    • 1 Page GDT

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips


    • 1 Page IDT
    • 1 Page GDT
    • 2 Pages exception handler + correction

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips


    • 1 Page IDT
    • 1 Page GDT
    • 2 Pages exception handler + correction
    → Page table entries unprotected

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Secure On-Die Memory

    Protect exception handler against bit flips


    • 1 Page IDT
    • 1 Page GDT
    • 2 Pages exception handler + correction
    → Page table entries unprotected
    • 4 lockable TLB entries

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Nesting Detection

    Two conditions

    1. Bit must always be in register


    2. Bit must be unique for every process
    → CR3 register

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – Nesting Detection

    1 corruption exception handler () {


    2 i f ( h a s n e s t e d b i t s e t ( CR3 ) ) {
    3 enable interrupts () ;
    4 error correction as a search ( corruption address ) ;
    5 } else {
    6 s e t n e s t e d b i t ( CR3 ) ;
    7 enable interrupts () ;
    8 advanced error correction ( corruption address ) ;
    9 c l e a r n e s t e d b i t ( CR3 ) ;
    10 }
    11 }

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )


    CSI:Rowhammer – gem5 Proof of Concept CPU

    1. Out of Order CPU core


    2. MAC computation and check
    3. New instructions
    4. Modified Linux performing the correction as a search

    37 Andreas Kogler (7@0xhilbert) Jonas Juffinger (7@notimaginary )

    You might also like