DRAM’s Persistent Threat To Chip Security
By: Bryon Moyer
Rowhammer attack on memory could create significant issues for systems; possible solution emerges.
“Some notable demonstrations of the attack are elevating to higher system level rights (like to administrator), rooting an Android phone, or taking control of what should be a protected virtual machine,” said John Hallman, product manager for trust and security at OneSpin Solutions.
Looking from the top of a system down and the bottom of the chip up, there are two big challenges. One lies in knowing where critical system data is located in memory. The other requires knowledge of which rows are physically adjacent. The specific layout of the chip important, and this is usually kept confidential by chipmakers. You can’t assume that the physical arrangement of a memory made by one vendor will be the same as that of another vendor.
Proving the effectiveness of a mitigation isn’t easy, requiring careful modeling of attacks – at least, known ones. “By utilizing of our fault injection and detection tools, we can work with customers to model the attacks and demonstrate the effects on the memory,” said Hallman. “This could identify areas where information could still be leaked.”
Proving the effectiveness of a silicon-level fix from first principles is also a challenge. “DRAM is hard IP, and the attack exploits physics, so you’d need something with precision on the order of SPICE, or a targeted alternative, to verify with confidence pre-silicon,” said Althoff.
But proof of both mitigations and fixes are necessary in a wary industry. “Spin is not the first to try to produce rowhammer-immune DRAM,” noted FuturePlus’ Aichinger. “Several new mitigation strategies are under discussion, and you should hear more about this in 2021.”