Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DRAM-Profiler: An Experimental DRAM RowHammer Vulnerability Profiling Mechanism

Ranyang Zhou, Jacqueline T. Liu, Nakul Kochar, Sabbir Ahmed, Adnan Siraj Rakin, Shaahin Angizi

TL;DR

The paper addresses the limitations of static threat models in RowHammer by introducing DRAM-Profiler, a low-overhead mechanism that profiles DRAM vulnerabilities under dynamic attack vectors. By formulating SG, DB, and VC attack models and classifying cells into a four-level DRAM Security Level, the approach reveals substantial variability across 128 DDR4 chips and across attack patterns. Experimental results show that vulnerability is highly chip-dependent and pattern-sensitive, with DNN weight attacks requiring widely varying iterations across devices. The work advocates for topology- and chip-specific defenses, demonstrating that a dynamic profiling framework can guide more effective RowHammer mitigations in future DRAM designs.

Abstract

RowHammer stands out as a prominent example, potentially the pioneering one, showcasing how a failure mechanism at the circuit level can give rise to a significant and pervasive security vulnerability within systems. Prior research has approached RowHammer attacks within a static threat model framework. Nonetheless, it warrants consideration within a more nuanced and dynamic model. This paper presents a low-overhead DRAM RowHammer vulnerability profiling technique termed DRAM-Profiler, which utilizes innovative test vectors for categorizing memory cells into distinct security levels. The proposed test vectors intentionally weaken the spatial correlation between the aggressors and victim rows before an attack for evaluation, thus aiding designers in mitigating RowHammer vulnerabilities in the mapping phase. While there has been no previous research showcasing the impact of such profiling to our knowledge, our study methodically assesses 128 commercial DDR4 DRAM products. The results uncover the significant variability among chips from different manufacturers in the type and quantity of RowHammer attacks that can be exploited by adversaries.

DRAM-Profiler: An Experimental DRAM RowHammer Vulnerability Profiling Mechanism

TL;DR

The paper addresses the limitations of static threat models in RowHammer by introducing DRAM-Profiler, a low-overhead mechanism that profiles DRAM vulnerabilities under dynamic attack vectors. By formulating SG, DB, and VC attack models and classifying cells into a four-level DRAM Security Level, the approach reveals substantial variability across 128 DDR4 chips and across attack patterns. Experimental results show that vulnerability is highly chip-dependent and pattern-sensitive, with DNN weight attacks requiring widely varying iterations across devices. The work advocates for topology- and chip-specific defenses, demonstrating that a dynamic profiling framework can guide more effective RowHammer mitigations in future DRAM designs.

Abstract

RowHammer stands out as a prominent example, potentially the pioneering one, showcasing how a failure mechanism at the circuit level can give rise to a significant and pervasive security vulnerability within systems. Prior research has approached RowHammer attacks within a static threat model framework. Nonetheless, it warrants consideration within a more nuanced and dynamic model. This paper presents a low-overhead DRAM RowHammer vulnerability profiling technique termed DRAM-Profiler, which utilizes innovative test vectors for categorizing memory cells into distinct security levels. The proposed test vectors intentionally weaken the spatial correlation between the aggressors and victim rows before an attack for evaluation, thus aiding designers in mitigating RowHammer vulnerabilities in the mapping phase. While there has been no previous research showcasing the impact of such profiling to our knowledge, our study methodically assesses 128 commercial DDR4 DRAM products. The results uncover the significant variability among chips from different manufacturers in the type and quantity of RowHammer attacks that can be exploited by adversaries.
Paper Structure (11 sections, 6 figures, 2 tables, 1 algorithm)

This paper contains 11 sections, 6 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Overview
  3. DRAM-Profiler
  4. Formulating the Problem
  5. DRAM Security Level
  6. Experiments
  7. Prerequisites
  8. Programming
  9. Analysis of the Results
  10. DNN Weight Attack
  11. Conclusion

Figures (6)

  • Figure 1: (a) Targeted bit-flipping vs. random bit-flipping for an 8-bit quantized ResNet-34 on ImageNet deng2009imagenet dataset, (a) RowHammer thresholds woo2022scalablemarazzi2023rega.
  • Figure 2: (a) Hierarchical organization of DRAM, (b) Double-sided RowHammer attack kim2014flipping.
  • Figure 3: Single-Sided (SG), Double-Sided (DB), and Victim-Clone (VC) attack models.
  • Figure 4: The vulnerability of cells associated with the HC
  • Figure 5: Our testing infrastructure for DDR4 modules.
  • ...and 1 more figures