

## Learning to Trust DRAM in the Era of Worsening Rowhammer Attacks

### **Gururaj Saileshwar**

Assistant Professor, University of Toronto 4 September, 2024

**DRAM Scaling for Increased Capacity** 



DRAM Scaling for Increased Capacity More Inter-Cell Interference



#### DRAM Scaling for Increased Capacity More Inter-Cell Interference

DRAM (old)



#### DRAM Scaling for Increased Capacity More Inter-Cell Interference





## **Rowhammer Vulnerability is Worsening**

#### Rowhammer Threshold (Number of Activations Needed to Induce Bit-flip) has Dropped by 30X in 8 years from 2014 to 2022

| DRAM Generation | Rowhammer Threshold (TRH)              |
|-----------------|----------------------------------------|
| DDR3 (old)      | 139K <sup>[1]</sup>                    |
| DDR3 (new)      | 22.4K <sup>[2]</sup>                   |
| DDR4 (old)      | 17.5K <sup>[2]</sup>                   |
| DDR4 (new)      | 10K <sup>[2]</sup>                     |
| LPDDR4 (old)    | 16.8K <sup>[2]</sup>                   |
| LPDDR4 (new)    | 4.8K <sup>[2]</sup> -9K <sup>[3]</sup> |

Source: [1] - Kim+ (ISCA'14), [2] - Kim+ (ISCA'20), [3] - Kogler+ (SEC'22)

#### Need Defenses that are Scalable to Dropping Rowhammer Thresholds

## **In-DRAM Mitigation in DDR4**

#### Targeted Row Refresh (TRR) in DDR4 (2015)



## **In-DRAM Mitigation in DDR4**

Targeted Row Refresh (TRR) in DDR4 (2015)

**1** Track Aggressor Rows



## **In-DRAM Mitigation in DDR4**



### **Challenge-1: In-DRAM Tracking Solutions Broken!**



### Challenge-1: In-DRAM Tracking Solutions Broken!



### Challenge-2: New Attacks on Victim-Focused Mitigation

![](_page_12_Figure_1.jpeg)

### **Challenge-2: New Attacks on Victim-Focused Mitigation**

![](_page_13_Figure_1.jpeg)

#### **Need New Mitigative Actions to Mitigate Rowhammer**

#### **Our Scalable & Practical Defenses Against Rowhammer**

![](_page_14_Figure_1.jpeg)

for Targets of Rowhammer (Page-Tables)

# Agenda

#### Introduction

#### **New Mitigative Actions for Rowhammer**

Randomized Row-Swaps [ASPLOS 2022, HPCA 2023]

### **Secure In-DRAM Tracking**

PrIDE: Probabilistic In-DRAM Tracker [ISCA 2024]

### **Defense in Depth Solutions**

PT-Guard [DSN 2023]

### Conclusion

### Motivation: Attacks On Victim-Focused Mitigation

![](_page_16_Figure_1.jpeg)

Source: ArsTechnica

### **Motivation: Attacks On Victim-Focused Mitigation**

![](_page_17_Figure_1.jpeg)

Need New Mitigative Action Resilient to New Attack Patterns (without requiring knowledge of DRAM mapping function) Randomized Row-Swap: Mitigating Row Hammer By Breaking Spatial Correlation Between Aggressor and Victim Rows

#### ASPLOS 2022, Lausanne, Switzerland

![](_page_18_Picture_2.jpeg)

Gururaj Saileshwar, Bolin Wang, Moinuddin Qureshi, Prashant Nair

![](_page_18_Picture_4.jpeg)

#### **Aggressor Focused Mitigation: Randomized Row-Swap**

![](_page_19_Figure_1.jpeg)

![](_page_21_Figure_2.jpeg)

![](_page_22_Figure_2.jpeg)

![](_page_23_Figure_2.jpeg)

TRH=4800 → Minimum Activations in 64ms on Row for Rowhammer via Any Pattern (Single-sided, Double-Sided, Half-Double)

![](_page_24_Figure_2.jpeg)

Random

Guess?

**Buckets and Balls Problem** 

## **Implementation of Randomized Row Swap**

![](_page_25_Figure_1.jpeg)

### Implementation of Randomized Row Swap

![](_page_26_Figure_1.jpeg)

RIT Stores Tuples of Swapped Rows  $\rightarrow$  RIT + HRT = 45 KB Per DRAM Bank  $\rightarrow$  700KB Per Rank

# **Performance Impact of Row Swaps**

Config: 8-core OOO, 16GB DRAM (1 Rank). Rowhammer Threshold of 4.8K.

#### **Frequency of Row Swaps Per 64ms**

(1.5 microseconds per swap)

![](_page_27_Figure_4.jpeg)

#### **Negligible Performance Impact**

(0.4% slowdown on average)

![](_page_27_Figure_7.jpeg)

# **Performance Impact of Row Swaps**

Config: 8-core OOO, 16GB DRAM (1 Rank). Rowhammer Threshold of 4.8K.

#### **Frequency of Row Swaps Per 64ms**

(1.5 microseconds per swap)

#### **Negligible Performance Impact**

(0.4% slowdown on average)

![](_page_28_Figure_6.jpeg)

Randomized Row Swap has negligible performance impact due to infrequent swaps

## **Takeways from Randomized Row Swap**

![](_page_29_Figure_1.jpeg)

**New Aggressor-Focused Mitigation** CPU-side Implementation, compatible with commodity DRAM

Incurs Modest Costs at TRH of 4.8K (0.4% slowdown, 45KB SRAM/bank)

Scalable and Secure Row-Swap: Efficient and Safe Rowhammer Mitigation in Memory Systems

#### HPCA 2023, Montreal, Canada Best Paper Award

Jeonghyun Woo, Gururaj Saileshwar, Prashant Nair

![](_page_30_Picture_3.jpeg)

![](_page_30_Picture_4.jpeg)

# **RRS Security Pitfall: Latent Activations**

![](_page_31_Figure_1.jpeg)

# **RRS Security Pitfall: Latent Activations**

![](_page_32_Figure_1.jpeg)

## **Juggernaut Attack**

![](_page_33_Figure_1.jpeg)

## **Juggernaut Attack**

![](_page_34_Figure_1.jpeg)

# **RRS Suffers Vulnerability Due to Unswaps**

![](_page_35_Figure_1.jpeg)

Unswaps in RRS Required Due to Tracking Complexity

![](_page_35_Figure_3.jpeg)

# Secure Row Swap

![](_page_36_Figure_1.jpeg)

# Secure Row-Swap (SRS)

#### Key Idea: Delay unswaps using two separate tables Unswap Rows Unswap Rows **Unswap Rows** in Epoch 2 in Epoch 3 in Epoch 1 Odd Table Epoch 1 Epoch 2 Epoch 3 Epoch 4 Time Even Table Refresh Refresh Refresh Refresh Refresh Idle Storing General Mapping For Unswap

No Performance Overhead Due to Unswaps

## Scalable and Secure Row-Swap

![](_page_38_Figure_1.jpeg)

**Reduces the Swap Threshold from TRH/6 to TRH/3** 

# Scale-SRS: SRAM Overhead

### Overhead Per Bank for TRH = 1K

| Row<br>Hammer<br>Threshold | RRS    | Scale-SRS |
|----------------------------|--------|-----------|
| 4800                       | 36 KB  | 18.7 KB   |
| 2400                       | 131 KB | 44.4 KB   |
| 1200                       | 251 KB | 76.9 KB   |

![](_page_39_Picture_3.jpeg)

## Scale-SRS: Performance

![](_page_40_Figure_1.jpeg)

Less than 1% performance overhead

# **Takeways from Secure Row Swap**

![](_page_41_Figure_1.jpeg)

**Enables a Secure Implementation of a Aggressor-Focused Mitigation** 

#### Scalable Solution at TRH of 1K (Less than 1% Slowdown, 70KB SRAM/bank)

# Agenda

#### Introduction

New Mitigative Actions for Rowhammer Randomized Row-Swaps [ASPLOS 2022, HPCA 2023]

### **Secure In-DRAM Tracking**

PrIDE: Probabilistic In-DRAM Tracker [ISCA 2024]

### **Defense in Depth Solutions**

PT-Guard [DSN 2023]

### Conclusion

### **Problem: Commercial In-DRAM Trackers Insecure**

![](_page_43_Figure_1.jpeg)

### PrIDE: Achieving Secure RowHammer Mitigation Using Low Cost In-DRAM Trackers

### **ISCA 2024**

Aamer Jaleel (NVIDIA), Gururaj Saileshwar (Toronto), Steve Keckler (NVIDIA), Moinuddin Qureshi (GT)

![](_page_44_Picture_3.jpeg)

### Why Do Existing Low Cost In-DRAM Trackers Fail?

Taxonomy of Tracker Management Policies and Failure Modes

![](_page_45_Figure_2.jpeg)

Failure from DISCARDING address

### Why Do Existing Low Cost In-DRAM Trackers Fail?

**Current Trackers Use Counters to Track Frequently Activated Rows** 

![](_page_46_Figure_2.jpeg)

Existing Tracker Policies are Access Pattern Dependent

Carefully Crafted Access Patterns (e.g. TRRespass) Induce Tracker Retention Failures!

### Insight: Secure In-DRAM Tracker Requires Access-Pattern Independence

![](_page_47_Figure_1.jpeg)

### PrIDE = Probabilistic Insertion + Access-Pattern Independent Tracker Management

![](_page_48_Figure_1.jpeg)

**Bounds Failure Rate** 

#### PrIDE = Probabilistic Insertion + Access-Pattern Independent Tracker Management

![](_page_49_Figure_1.jpeg)

For a MTTF of 10,000 years, PrIDE can support TRH = 1575 with 16-entry FIFO

#### **Benefits of PrIDE – Secure & Low Cost In-DRAM Tracker**

![](_page_50_Figure_1.jpeg)

# **Takeways from PrIDE**

![](_page_51_Figure_1.jpeg)

FIRST Low-Cost and Secure In-DRAM Defense for Future DRAM

Scalable to TRH of 400 at Negligible Cost (1% Slowdown, 16 Bytes SRAM/bank)

# Agenda

#### Introduction

New Mitigative Actions for Rowhammer Randomized Row-Swaps [ASPLOS 2022, HPCA 2023]

Secure In-DRAM Tracking Solutions PrIDE: Probabilistic In-DRAM Tracker [ISCA 2024]

## **Defense in Depth Solutions**

PT-Guard [DSN 2023]

### Conclusion

# Be Paranoid: Defenses can be Broken

![](_page_53_Picture_1.jpeg)

## **Privilege Escalation Exploit with Rowhammer**

![](_page_54_Figure_1.jpeg)

![](_page_54_Figure_2.jpeg)

Bit-Flips in page tables enables privilege escalation, breaking system security

### PT-Guard: Integrity-Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks

### DSN 2023, Spain

Anish Saxena, Gururaj Saileshwar, Jonas Juffinger, Andreas Kogler, Daniel Gruss, Moinuddin Qureshi

![](_page_55_Picture_3.jpeg)

## **Mac-Based Integrity Protection**

![](_page_56_Figure_1.jpeg)

MAC provides cryptographic integrity protection but has high overheads

## **Embedding MAC** within the PTE cacheline

![](_page_57_Figure_1.jpeg)

PT-Guard embeds a 96-bit MAC within the PTE line, obviating storage and access overheads

# **Evaluation Results**

![](_page_58_Figure_1.jpeg)

PT-Guard provides integrity for page tables at 1.3% slowdown. PT-Guard also has best-effort correction (corrects about 90% of errors at 0.5% bit error rate)

# Agenda

#### Introduction

New Mitigative Actions for Rowhammer Randomized Row-Swaps [ASPLOS 2022, HPCA 2023]

Secure In-DRAM Tracking PrIDE: Probabilistic In-DRAM Tracker [ISCA 2024]

**Defense in Depth Solutions** PT-Guard [DSN 2023]

### Conclusion

# Conclusions

#### **Rowhammer Vulnerability is Becoming Worse!**

• New attack patterns likely to emerge as attacker capability increases.

#### Defenses Need to be Practical & Resilient to Old & New Attacks

- RRS, SRS → New Mitigative Actions focused on Aggressors
- PrIDE → First Secure and Low-Cost In-DRAM Defense
- PTGuard  $\rightarrow$  Defense in Depth

#### Looking Forward: Long Way to Go!

- Explore Threat Landscape on Emerging DRAM (DDR5, HBM, GDDR)
- Make Critical SW Applications (e.g., ML Models) Resilient to Rowhammer
- Address Vulnerability at Low-Cost in Future DRAM (sub-100 thresholds)

### **Thank you! Questions?**

![](_page_61_Picture_1.jpeg)

1.11

![](_page_61_Picture_2.jpeg)

ta taula da taita de