RowPress Vulnerability in Modern DRAM Chips

Haocong Luo,Ataberk Olgun,A. Giray Yağlıkçı,Yahya Can Tuğrul,Steve Rhyner,Meryem Banu Cavlak,Joël Lindegger,Mohammad Sadrosadati,Onur Mutlu
2024-08-20
Abstract:Memory isolation is a critical property for system reliability, security, and safety. We demonstrate RowPress, a DRAM read disturbance phenomenon different from the well-known RowHammer. RowPress induces bitflips by keeping a DRAM row open for a long period of time instead of repeatedly opening and closing the row. We experimentally characterize RowPress bitflips, showing their widespread existence in commodity off-the-shelf DDR4 DRAM chips. We demonstrate RowPress bitflips in a real system that already has RowHammer protection, and propose effective mitigation techniques that protect DRAM against both RowHammer and RowPress.
Hardware Architecture,Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is the memory isolation problem in DRAM (Dynamic Random - Access Memory), especially the security and reliability issues related to read disturbance. Specifically, the paper presents the RowPress phenomenon, which is a new type of DRAM read - disturbance phenomenon different from the known RowHammer attack. ### RowPress Phenomenon RowPress induces bit flips by keeping a DRAM row (i.e., the attacking row) open for a long time, rather than repeatedly opening and closing the row as in RowHammer. This phenomenon is widespread in commercial DDR4 DRAM chips and can cause bit flips in systems that already have RowHammer protection mechanisms. ### Main Contributions 1. **Experimental Verification**: For the first time, the paper experimentally proves the RowPress phenomenon and its wide existence in mainstream DDR4 DRAM chips. 2. **Proof - of - Concept Program**: A user - level program has been developed to induce bit flips in an actual system using RowPress, even if the system already has RowHammer protection. 3. **Mitigation Techniques**: Effective mitigation techniques have been proposed to protect DRAM from RowHammer and RowPress. ### Experimental Results - **Sensitivity Analysis**: The sensitivity of RowPress to different temperatures and access patterns has been studied, and it has been found that as the temperature rises, the RowPress phenomenon becomes more severe. - **Comparative Analysis**: RowPress has been compared with RowHammer and data retention failure, and it has been found that their fault mechanisms are different and have almost no overlap. - **Performance Impact**: Simulation experiments show that the proposed mitigation methods can effectively deal with RowPress and RowHammer with a small performance overhead. ### Practical Impact The RowPress phenomenon reveals a new attack surface in the DRAM memory system, which poses new challenges to DRAM manufacturers and system designers. Existing read - disturbance mitigation techniques that only consider RowHammer need to be adaptively adjusted to deal with the threat posed by RowPress. Future DRAM standards should formally incorporate the evaluation of RowPress vulnerability. ### Research Significance This research provides new research directions for researchers at all levels of the computing stack, including: 1. Using RowPress to construct new attack means to break memory isolation. 2. Designing new low - cost mitigation techniques to better protect DRAM from read - disturbance. 3. Conducting in - depth research on the silicon - level mechanism of RowPress to establish a more comprehensive understanding. In conclusion, the paper reveals a new dimension of the DRAM read - disturbance phenomenon and provides important theoretical and technical support for building a more secure, reliable, and efficient memory system.