Understanding and Mitigating Covert Channel and Side Channel Vulnerabilities Introduced by RowHammer Defenses
F. Nisa Bostancı, Oğuzhan Canpolat, Ataberk Olgun, İsmail Emir Yüksel, Konstantinos Kanellopoulos, Mohammad Sadrosadati, A. Giray Yağlıkçı, Onur Mutlu
TL;DR
This work reveals that state-of-the-art RowHammer defenses (PRAC and RFM) can introduce timing covert and side channels by creating defense-induced memory-latency differences that attackers can observe and exploit. It introduces LeakyHammer, demonstrates two covert channels with PRAC and RFM and a website fingerprinting side channel, and proposes three countermeasures (FR-RFM, RIAC, Bank-Level PRAC) with a detailed evaluation of trade-offs. The study uses gem5+Ramulator simulations to quantify channel capacity and leakage under near-future hardware configurations, showing substantial throughput (tens of kilobits per second) and robustness to noise. The findings underscore a need for defenses that decouple preventive actions from memory-access patterns or otherwise mitigate observable latency while preserving performance, pushing for design iterations toward more robust memory systems.
Abstract
DRAM chips are vulnerable to read disturbance phenomena (e.g., RowHammer and RowPress), where repeatedly accessing or keeping open a DRAM row causes bitflips in nearby rows. Attackers leverage RowHammer bitflips in real systems to take over systems and leak data. Consequently, many prior works propose defenses, including recent DDR specifications introducing new defenses (e.g., PRAC and RFM). For robust operation, it is critical to analyze other security implications of RowHammer defenses. Unfortunately, no prior work analyzes the timing covert and side channel vulnerabilities introduced by RowHammer defenses. This paper presents the first analysis and evaluation of timing covert and side channel vulnerabilities introduced by state-of-the-art RowHammer defenses. We demonstrate that RowHammer defenses' preventive actions have two fundamental features that enable timing channels. First, preventive actions reduce DRAM bandwidth availability, resulting in longer memory latencies. Second, preventive actions can be triggered on demand depending on memory access patterns. We introduce LeakyHammer, a new class of attacks that leverage the RowHammer defense-induced memory latency differences to establish communication channels and leak secrets. First, we build two covert channel attacks exploiting two state-of-the-art RowHammer defenses, achieving 39.0 Kbps and 48.7 Kbps channel capacity. Second, we demonstrate a website fingerprinting attack that identifies visited websites based on the RowHammer-preventive actions they cause. We propose and evaluate three countermeasures against LeakyHammer. Our results show that fundamentally mitigating LeakyHammer induces large performance overheads in highly RowHammer-vulnerable systems. We believe and hope our work can enable and aid future work on designing better solutions and more robust systems in the presence of such new vulnerabilities.