SpyHammer Understanding and Exploiting RowHammer under Fine-Grained Temperature Variations

2025-05-03 0 0 2.38MB 15 页 10玖币

侵权投诉

SpyHammer:

Understanding and Exploiting RowHammer

under Fine-Grained Temperature Variations

Lois Orosa1,2Ulrich Rührmair3,4A. Giray Yağlıkçı1Haocong Luo1Ataberk Olgun1

Patrick Jattke1Minesh Patel1Jeremie Kim1Kaveh Razavi1Onur Mutlu1

1ETH Zürich 2Galicia Supercomputing Center (CESGA)

3LMU München 4University of Connecticut

RowHammer is a DRAM vulnerability that can cause bit er-

rors in a victim DRAM row solely by accessing its neighboring

DRAM rows at a high-enough rate. Recent studies demonstrate

that new DRAM devices are becoming increasingly vulnerable to

RowHammer, and many works demonstrate system-level attacks

for privilege escalation or information leakage. In this work,

we perform the rst rigorous ne-grained characterization and

analysis of the correlation between RowHammer and tempera-

ture. We show that RowHammer is very sensitive to temperature

variations, even if the variations are very small (e.g.,

±1◦C

We leverage two key observations from our analysis to spy on

DRAM temperature: 1) RowHammer-induced bit error rate con-

sistently increases (or decreases) as the temperature increases,

and 2) some DRAM cells that are vulnerable to RowHammer

exhibit bit errors only at a particular temperature. Based on

these observations, we propose a new RowHammer attack, called

SpyHammer, that spies on the temperature of DRAM on critical

systems such as industrial production lines, vehicles, and medical

systems. SpyHammer is the rst practical attack that can spy on

DRAM temperature. Our evaluation in a controlled environment

shows that SpyHammer can infer the temperature of the victim

DRAM modules with an error of less than

±2.5◦C

at the

90th

percentile of all tested temperatures, for 12 real DRAM modules

(120 DRAM chips) from four main manufacturers.

1. Introduction

RowHammer is a DRAM vulnerability where a DRAM cell

experiences a bitip when its nearby cells are rapidly and fre-

quently accessed [1]. Recent works [2, 3] demonstrate that

modern DDR4 DRAM devices are more vulnerable to Row-

Hammer than their predecessor DDR3 devices, suggesting that

RowHammer is an important DRAM system design concern

that is becoming increasingly severe as DRAM manufactur-

ing technology nodes scale down. Using RowHammer, many

works demonstrate attacks that escalate privilege at system-

level, leak secret information, and manipulate critical applica-

tion outputs [3–33].

We perform the rst rigorous ne-grained characterization

and analysis of the correlation between RowHammer and tem-

perature, which lead to eight insightful observations and three

key takeaways. Based on our observations and takeaways, we

demonstrate SpyHammer, a new attack that uses RowHammer

to spy on DRAM temperature with high accuracy. Our attack

can be performed with minimal knowledge of the target com-

puting system and can be used to compromise the security,

condentiality and privacy of critical systems that use DRAM.

SpyHammer can compromise a victim computing system to

achieve two goals. First, it can identify the utilization of a

computer system, as the compute and memory intensity of a

workload can change the temperature of the system. For ex-

ample, an attacker can use SpyHammer to infer when a server

is at its peak utilization by spying on its temperature. Second,

SpyHammer can measure the ambient temperature, which may

convey information about the state of a larger system that con-

tains the target computing system (e.g., a car, a drone, or an

industrial manufacturing machinery). For example, the tem-

perature of a car’s engine may rise if the engine is operating

at high revolutions per minute.

SpyHammer not only compromises security and conden-

tiality, but also privacy. For example, by spying the tempera-

ture of a house (or dierent rooms of a house), an attacker can

infer the habits of the person(s) living in that house. Tracking

the temperature could give information about at which times

the person(s) leave or enter a room in the house.

SpyHammer leverages two key observations about Row-

Hammer to spy on DRAM temperature: 1) RowHammer-

induced bit error rate consistently increases (or decreases)

when temperature increases, and 2) some DRAM cells that

are vulnerable to RowHammer experience bit errors only at a

specic temperature. Using these observations, SpyHammer

infers the temperature of DRAM chips by only characterizing

DRAM cells that exhibit RowHammer-induced bit errors in the

address space of the attacker without requiring any hardware

or system software modications. We propose two variants of

the SpyHammer attack, each with a dierent threat model.

The rst variant of SpyHammer can identify relative tem-

perature changes, and it does not require prior physical access

to or knowledge about the victim DRAM module. We observe

that the correlation between Bit Errors per Row (

BER

) and

temperature follows a similar trend in dierent DRAM mod-

ules of the same model and manufacturing date. We use this

observation to spy on relative temperature changes. The key

idea is to infer the model and manufacturing date of the victim

DRAM module, and use a module with the same characteris-

arXiv:2210.04084v2 [cs.CR] 2 Jun 2024

tics (to which the attacker has physical access and can control

the operating temperature of) to infer the correlation between

BER

and temperature of the victim DRAM module. Since

the attacker has no prior information about the victim DRAM

module, the attacker must reverse engineer the victim DRAM

module using remote RowHammer-based techniques [18, 34].

To estimate the temperature of the victim DRAM module, we

propose to build a polynomial regression model using a DRAM

module that has similar characteristics as the victim DRAM

module.

The second variant of SpyHammer spies on absolute temper-

atures, which requires characterizing the victim DRAM module

before the attack. The key idea is to build an accurate polyno-

mial regression model using the characterization data of the

victim DRAM module. This model is then used in the attack

to accurately infer the victim DRAM module’s temperature.

Reliably monitoring the

BER

of a DRAM module requires

the attacker to hammer a large region of memory, which might

increase the complexity of the attack. To reduce the number

of DRAM accesses to the victim DRAM module, we propose a

SpyHammer optimization that leverages the observation that

some DRAM cells experience bitips only at one particular

temperature. We call these cells canary cells.1

The enrollment phase identies the canary cells of the

DRAM module. In this process, the cells that ip at only one

temperature are added to the canary cell set. After the enroll-

ment phase, an attacker can estimate the temperature of the

victim DRAM by monitoring only a few selected canary cells,

which reduces the number of memory accesses required to

perform the attack.

To evaluate SpyHammer, we perform an extensive and thor-

ough DRAM RowHammer characterization on 12 real DRAM

modules (120 DRAM chips) using a temperature resolution of

1◦C

in a controlled environment. Our results show that our

methodology can infer 1) absolute temperatures (with prior

characterization of the victim DRAM module) with an error of

±2.5◦C

, and 2) relative temperature changes (without prior

characterization of the victim DRAM module) with an error

±3.5◦C

, for all 12 DRAM modules we test, at the

90th

per-

centile of tested temperature points (i.e., from

50 ◦C

95 ◦C

with 1◦Cstep size).

We make the following main contributions:

•

We perform the rst rigorous ne-grained characterization

and analysis of the correlation between RowHammer and

temperature using 12 real DDR4 DRAM modules (120 DRAM

chips).

•

We show that RowHammer is very sensitive to temperature

variations, even if the variations are very small (e.g.,

±1◦C

•

We propose SpyHammer, the rst RowHammer attack that

can spy on DRAM temperature without any modication

to the victim system. SpyHammer uses only the attacker’s

memory space to perform the attack (i.e., it does not corrupt

In all possible temperature points within a temperature range (given a

particular temperature resolution), a canary cell experiences a bitip at one

and only one temperature point.

the victim’s memory space).

•

We propose two variants of SpyHammer: 1) a variant that

can spy on relative temperature changes without any prior

information about or changes to the victim DRAM module,

and 2) a variant that can spy on absolute temperature changes

when the attacker has physical access to the victim DRAM

module before deploying the attack.

•

We perform a detailed study of the accuracy of the two

SpyHammer variants, which shows that an attacker can spy

with a maximum error of 1)

±2.5◦C

on absolute temperature

values, and 2)

±3.5◦C

on relative temperature changes, in

all 12 DRAM modules (120 DRAM chips) from the four major

manufacturers we test.2

2. Background

We provide a brief introduction to DRAM organization and

RowHammer vulnerability. For more detailed background, we

refer the reader to prior works [1–3,35–77].

2.1. DRAM Organization

The memory controller communicates with DRAM modules

over one or more DRAM channels. Each module contains

a set of DRAM chips that operate in lockstep. The DRAM

cells within a DRAM chip are organized hierarchically. A

DRAM chip comprises multiple DRAM banks that can operate

independently. DRAM cells in a DRAM bank are laid out in a

two-dimensional structure of rows and columns. Each DRAM

cell on a DRAM row is connected to a common wordline via

access transistors. A bitline connects a column of DRAM cells

to a DRAM sense amplier to access data.

Accesses to DRAM devices are typically performed in cache

block granularity (64-bytes) in contemporary systems. An

access to a DRAM cache block works in three steps. First,

the memory controller sends an ACT command to activate a

specic row within a DRAM bank, which prepares the row

for a columns access (i.e., copies the row to the sense ampli-

ers). Second, the memory controller sends a READ (WRITE)

command to read (write) a column in the row. Third, once all

operations to the active row are completed, the memory con-

troller sends a PRE command that closes the row and prepares

the DRAM bank to open a new DRAM row (i.e., it precharges

the bank).

2.2. RowHammer

Modern DRAM devices are subject to disturbance failures

caused by high frequency accesses (i.e., hammer) to DRAM

rows (i.e., aggressor rows) that result in bitips in physically

nearby rows that are not being accessed (i.e., victim rows). This

phenomenon is referred to as RowHammer [1,2, 15, 23, 78

–

81].

RowHammer-induced bitips are exacerbated as DRAM tech-

nology nodes shrink and DRAM cells come closer to each

other. This results in newer, higher-density DRAM chips to

become more vulnerable to RowHammer [2] and other read

disturbance eects [75]. These bitips manifest after a row’s

2At the 90th percentile of tested temperature points

activation count reaches a certain threshold value within a

refresh window (usually denoted as MAC [82] or

HCf irst

[2]).

Prior works devise many dierent RowHammer-based at-

tacks, such as denial of service [17, 18], privilege escala-

tion [4

–

7, 9, 17, 18, 22, 31, 83, 84], secret data leakage [25, 32, 33],

manipulation of the application correctness [24, 30] or private

key recovery [85,86]. A subset of these attacks require no phys-

ical access to a victim computing system; for example, attacks

leveraging RDMA [34] or attacks in JavaScript programs [6].

3. Methodology

In order to thoroughly characterize the correlation between

RowHammer and temperature and analyze the potential of the

SpyHammer attack, we use an FPGA-based infrastructure that

allows us to avoid uncontrolled interference in the system that

might skew the results and lead to wrong insights and conclu-

sions. To perform a SpyHammer attack on a real commodity

computer system, we can use the methodology proposed in

previous works [3,31, 87] (not demonstrated in this paper).

3.1. Testing Infrastructure

We experimentally study DDR4 DRAM chips across a wide

range of temperatures. We use the DRAM Bender frame-

work [88, 89], which supports DDR4 modules, and a highly

accurate temperature controller infrastructure.

3.1.1. DRAM Bender. Figure 1 shows the DRAM Bender setup

for testing DDR4 DRAM modules. We use the Xilinx Alveo

U200 [90] FPGA board in all of our tests.

(a)$Temperature$

Controller

(b)$DRAM$+$Heater

(c)$FPGA

Figure 1: DRAM Bender Infrastructure: (a) temperature con-

troller, (b) DRAM module clamped with heater pads, and

[88].

We use an FPGA board with DRAM Bender (Figure 1c) to

perform all our RowHammer tests. We monitor and adjust the

temperature of DRAM chips under test with a temperature

controller (Figure 1a). This infrastructure provides us with ne-

grained control over the timing between DRAM commands.

We enforce all timing parameters dened by JEDEC [82] to

ensure reliable operation.

3.1.2. Temperature Controller. To regulate the temperature

in DRAM modules, we use silicone rubber heaters pressed to

both sides of the DDR4 module (Figure 1c). To reduce the

heat leakage, we apply two layers of insulation around the

DRAM module under test and the heater pads: 1) a layer of

reective aluminum sheets covering the DRAM and the heater

pads and 2) a layer of insulation sheets made of PTFE, a heat-

resistant material. To measure the actual temperature of DRAM

chips, we use a thermocouple, which we place between the

rubber heaters and the DDR4 chips. We connect the heater

pads and the thermocouple to a Maxwell FT200 temperature

controller (Figure 1a), which keeps the temperature stable by

implementing a closed-loop PID controller. Our host machine

communicates with the temperature controller via an RS485

channel. Using this feature, we build custom software that

enables us to automate the management of the temperature

and integrate it into our testing infrastructure. In our tests

using this infrastructure, we measure temperature with an

accuracy of ±0.1◦C.

3.2. Testing Methodology

Disabling Sources of Interference. We disable all DRAM

self-regulation events except the calibration signals, such as

ZQ, for signal integrity so that we ensure that the observed

errors are solely caused by RowHammer. We also make sure

that our tests nish before retention errors manifest.

To the best of our knowledge, we also disable all DRAM-

level (e.g., TRR [82]) and system-level RowHammer mitigation

mechanisms (e.g., pTRR [91]) along with all forms of rank-level

error-correction codes (ECC), which could obscure RowHam-

mer bitips. Based on the prior work’s observations [2, 3],

on-DRAM-die RowHammer mitigation mechanisms (i.e., TRR)

take action when the DRAM services a refresh (REF) command.

The DRAM modules we test do not implement error correction

internally.

RowHammer Access Sequence. We use a common access

sequence used in previous works [1, 2, 78] as the worst-case

access pattern, in which we 1) hammer the two rows that are

adjacent to the victim row (i.e., aggressor rows), and 2) access

the aggressor rows as frequently as possible. In our tests, we

perform a double-sided RowHammer attack [1, 2].

Data Pattern. We conduct our experiments on a DRAM mod-

ule by using the module’s worst-case data pattern (

W CDP

We identify the

W CDP

as the pattern that experiences the

largest number of bitips among seven dierent data patterns

that prior research on DRAM characterization uses [2,36, 46

–

49, 58], presented in Table 1: colstripe, checkered, rowstripe,

and random (we also test the complements of the rst three).

For each RowHammer test, we write the corresponding data

pattern to the victim row (

in Table 1), and to the 8 previous

(V−[1...8]) and next (V+ [1...8]) physically-adjacent rows.

Table 1: Data patterns used in our RowHammer analyses.

Row Address Colstripe†Checkered†Rowstripe†Random

V∗±[0,2,4,6,8] 0x55 0x55 0x00 random

V∗±[1,3,5,7] 0x55 0xaa 0xff random

∗Vis the physical address of the victim row

†We also test the complements of these patterns

Metrics. We compare the

BER

across all our tests at a con-

stant hammer count of 150K per aggressor row. We also iden-

tify the DRAM cells that ip only at a particular temperature

point (i.e., canary cells).

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

10 玖币 0人已下载

立即下载

摘要：

SpyHammer:UnderstandingandExploitingRowHammerunderFine-GrainedTemperatureVariationsLoisOrosa1,2UlrichRührmair3,4A.GirayYağlıkçı1HaocongLuo1AtaberkOlgun1PatrickJattke1MineshPatel1JeremieKim1KavehRazavi1OnurMutlu11ETHZürich2GaliciaSupercomputingCenter(CESGA)3LMUMünchen4UniversityofConnecticutRowHammer...

展开>> 收起<<

SpyHammer Understanding and Exploiting RowHammer under Fine-Grained Temperature Variations.pdf

共15页,预览3页

还剩页未读，继续阅读

声明：本站为文档C2C交易模式，即用户上传的文档直接被用户下载，本站只是中间服务平台，本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私，请立即通知玖贝云文库，我们立即给予删除！

SpyHammer Understanding and Exploiting RowHammer under Fine-Grained Temperature Variations

相关推荐

开通VIP享超值会员特权

作者详情

相关内容

热门标签

举报选择: