VRL-DRAM: Improving DRAM Performance via Variable Refresh Latency

Das, Anup; Hassan, Hasan; Mutlu, Onur

doi:10.1109/dac.2018.8465769

Cited by 20 publications

(29 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the timing slack in the specified precharge timing parameter or the refresh latency parameter can be exploited by the DRAM chip itself to internally issue refresh operations to targeted rows with some probability. Even though such timing slack exists in DRAM chips, as shown by many recent experimental studies [57,69,125,147,151], we do not believe this is a robust solution since 1) the timing slack may not exist under all operating conditions or for all chips, 2) many studies would like to reduce the timing slack as much as possible to improve DRAM performance and energy [57,69,125,147,151]. asynchronous with the processor, a simple controller that is tightly coupled with the memory chip can freely and easily implement PARA internally to the memory chip.…”

Section: Modulementioning

confidence: 99%

RowHammer: A Retrospective

Mutlu

Kim

2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

161

129

View full text Add to dashboard Cite

This retrospective paper describes the RowHammer problem in Dynamic Random Access Memory (DRAM), which was initially introduced by Kim et al. at the ISCA 2014 conference [133]. RowHammer is a prime (and perhaps the first) example of how a circuit-level failure mechanism can cause a practical and widespread system security vulnerability. It is the phenomenon that repeatedly accessing a row in a modern DRAM chip causes bit flips in physically-adjacent rows at consistently predictable bit locations. RowHammer is caused by a hardware failure mechanism called DRAM disturbance errors, which is a manifestation of circuit-level cell-to-cell interference in a scaled memory technology.Researchers from Google Project Zero demonstrated in 2015 that this hardware failure mechanism can be effectively exploited by user-level programs to gain kernel privileges on real systems. Many other follow-up works demonstrated other practical attacks exploiting RowHammer. In this article, we comprehensively survey the scientific literature on RowHammer-based attacks as well as mitigation techniques to prevent RowHammer. We also discuss what other related vulnerabilities may be lurking in DRAM and other types of memories, e.g., NAND flash memory or Phase Change Memory, that can potentially threaten the foundations of secure systems, as the memory technologies scale to higher densities. We conclude by describing and advocating a principled approach to memory reliability and security research that can enable us to better anticipate and prevent such vulnerabilities.

show abstract

Section: Modulementioning

confidence: 99%

RowHammer: A Retrospective

Mutlu

Kim

2020

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

Self Cite

161

129

View full text Add to dashboard Cite

show abstract

“…For each DRAM module, we use a different number of hammers per aggressor that results in the highest percentage of vulnerable rows in the corresponding module (see §7.2). 18 In many (i.e., 8, 7, and 6, respectively) modules from vendor A, B, and C we see bit flips in more than 99.9% of the rows. This shows that the custom access patterns we use are effective at circumventing the 𝐴 𝑇 𝑅𝑅𝑥 , 𝐵 𝑇 𝑅𝑅𝑥 , and 𝐶 𝑇 𝑅𝑅𝑥 implementations.…”

Section: Effect On Individual Rowsmentioning

confidence: 95%

Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications

Hassan

Can

Kim

et al. 2021

MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

Self Cite

View full text Add to dashboard Cite

The RowHammer vulnerability in DRAM is a critical threat to system security. To protect against RowHammer, vendors commit to security-through-obscurity: modern DRAM chips rely on undocumented, proprietary, on-die mitigations, commonly known as Target Row Refresh (TRR). At a high level, TRR detects and refreshes potential RowHammer-victim rows, but its exact implementations are not openly disclosed. Security guarantees of TRR mechanisms cannot be easily studied due to their proprietary nature.To assess the security guarantees of recent DRAM chips, we present Uncovering TRR (U-TRR), an experimental methodology to analyze in-DRAM TRR implementations. U-TRR is based on the new observation that data retention failures in DRAM enable a side channel that leaks information on how TRR refreshes potential victim rows. U-TRR allows us to (i) understand how logical DRAM rows are laid out physically in silicon; (ii) study undocumented on-die TRR mechanisms; and (iii) combine (i) and (ii) to evaluate the RowHammer security guarantees of modern DRAM chips. We show how U-TRR allows us to craft RowHammer access patterns that successfully circumvent the TRR mechanisms employed in 45 DRAM modules of the three major DRAM vendors. We find that the DRAM modules we analyze are vulnerable to RowHammer, having bit flips in up to 99.9% of all DRAM rows. CCS Concepts• Hardware → Dynamic memory; • Security and privacy → Hardware reverse engineering.

show abstract

“…Consequently, any effort to counter and mitigate such HTs would need to be based on a comprehensive analysis of the attributes of unpredictability in DRAM latency. Several publications have attempted to characterize and model the highly variable latency of DRAMs, albeit for the primary purpose of reducing latency [6] [7] or for detecting DRAM errors and failures [8] [9] [10] [11]. None, however, focused on characterizing DRAM latency for the purpose of detecting DoS HTs or developed a universal and device-agnostic DRAM latency characterization and modelling technique that could be used with all types of DRAMS.…”

Section: Motivation and Related Workmentioning

confidence: 99%

Detecting denial-of-service hardware Trojans in DRAM-based memory systems

Salem

Topham

2021

2021 28th IEEE International Conference on Electronics, Circuits, and Systems (ICECS)

View full text Add to dashboard Cite

DRAM latencies are inherently variable, potentially allowing a denial-of-service hardware Trojan (DoS HT) to degrade memory performance without becoming immediately obvious. This paper addresses the challenge of detecting a DoS HT that may have been inserted into a DRAM-based memory system, without requiring detailed internal knowledge of the DRAM device. We present a real-time machine-learning based DoS HT detection technique based on a low-cost hardware monitor at the interface to the DRAM controller, coupled with periodic software based analysis of monitoring output.

show abstract

VRL-DRAM: Improving DRAM Performance via Variable Refresh Latency

Cited by 20 publications

References 8 publications

RowHammer: A Retrospective

RowHammer: A Retrospective

Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications

Detecting denial-of-service hardware Trojans in DRAM-based memory systems

Contact Info

Product

Resources

About