Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Multicore DRAM Bank-& Row-Conflict Bomb for Timing Attacks in Mixed-Criticality Systems

Antonio Savino, Gautam Gala, Marcello Cinque, Gerhard Fohler

TL;DR

The paper addresses the vulnerability of timing guarantees in multicore mixed-criticality systems due to shared DRAM resources. It introduces the Navigate algorithm to map DRAM request handling and a DRAM Bank-&-Row-Conflict Bomb to create targeted contention, validating the approach on a Cascade Lake Xeon with a DDR4-2666 DIMM and showing up to a $WCET$ increase of ~150%. The contributions include a detailed methodology for stress testing DRAM behavior, quantitative demonstrations of interference, and a comparative discussion with prior work. The work highlights the need for DRAM-aware runtime protections to preserve safety-critical performance and suggests directions toward mitigations and extensions to newer memory technologies such as DDR5.

Abstract

With the increasing use of multicore platforms to realize mixed-criticality systems, understanding the underlying shared resources, such as the memory hierarchy shared among cores, and achieving isolation between co-executing tasks running on the same platform with different criticality levels becomes relevant. In addition to safety considerations, a malicious entity can exploit shared resources to create timing attacks on critical applications. In this paper, we focus on understanding the shared DRAM dual in-line memory module and created a timing attack, that we named the "bank & row conflict bomb", to target a victim task in a multicore platform. We also created a "navigate" algorithm to understand how victim requests are managed by the Memory Controller and provide valuable inputs for designing the bank & row conflict bomb. We performed experimental tests on a 2nd Gen Intel Xeon Processor with an 8GB DDR4-2666 DRAM module to show that such an attack can produce a significant increase in the execution time of the victim task by about 150%, motivating the need for proper countermeasures to help ensure the safety and security of critical applications.

Multicore DRAM Bank-& Row-Conflict Bomb for Timing Attacks in Mixed-Criticality Systems

TL;DR

The paper addresses the vulnerability of timing guarantees in multicore mixed-criticality systems due to shared DRAM resources. It introduces the Navigate algorithm to map DRAM request handling and a DRAM Bank-&-Row-Conflict Bomb to create targeted contention, validating the approach on a Cascade Lake Xeon with a DDR4-2666 DIMM and showing up to a increase of ~150%. The contributions include a detailed methodology for stress testing DRAM behavior, quantitative demonstrations of interference, and a comparative discussion with prior work. The work highlights the need for DRAM-aware runtime protections to preserve safety-critical performance and suggests directions toward mitigations and extensions to newer memory technologies such as DDR5.

Abstract

With the increasing use of multicore platforms to realize mixed-criticality systems, understanding the underlying shared resources, such as the memory hierarchy shared among cores, and achieving isolation between co-executing tasks running on the same platform with different criticality levels becomes relevant. In addition to safety considerations, a malicious entity can exploit shared resources to create timing attacks on critical applications. In this paper, we focus on understanding the shared DRAM dual in-line memory module and created a timing attack, that we named the "bank & row conflict bomb", to target a victim task in a multicore platform. We also created a "navigate" algorithm to understand how victim requests are managed by the Memory Controller and provide valuable inputs for designing the bank & row conflict bomb. We performed experimental tests on a 2nd Gen Intel Xeon Processor with an 8GB DDR4-2666 DRAM module to show that such an attack can produce a significant increase in the execution time of the victim task by about 150%, motivating the need for proper countermeasures to help ensure the safety and security of critical applications.
Paper Structure (16 sections, 1 equation, 11 figures, 6 tables, 1 algorithm)

This paper contains 16 sections, 1 equation, 11 figures, 6 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. Related Work
  4. Shared Resource Vulnerability
  5. Reverse Engineering
  6. Memory Contention Mitigation
  7. Design of Attack
  8. Threat Model
  9. Navigate Algorithm
  10. DRAM Bank & Row-Conflict Bomb
  11. Experimental Results
  12. Design of Experiment: Navigate Algorithm
  13. Discussion Data: Navigate Algorithm
  14. Comparison
  15. Comparision with Previous Work
  16. ...and 1 more sections

Figures (11)

  • Figure 1: 8GB DDR4-2666 ECC RDIMM (1Rx8): a) front side ; b) back side
  • Figure 2: 8GB DDR4-2666 ECC RDIMM (1Rx8): focus on the front side
  • Figure 3: Request handling by a DRAM chip with high-order interleaving
  • Figure 4: High-order interleaving
  • Figure 5: Kmalloc()
  • ...and 6 more figures