Mitigation-page

MID-067: Implement DRAM RowHammer-resistant DRAM and Memory Controllers

Mitigation Tier: Intermediate

Description

As DRAM densities increase and cell sizes shrink, they become increasingly vulnerable to RowHammer-style attacks. Since its discovery, many solutions have been proposed in the research community to varying degrees of success [1]. ECC memory can provide some protection against single bit errors, but multi-bit flip RowHammer variants have been demonstrated that exceed ECC’s ability to correct [2]. ECC-detectable single bit errors may occur during an attempted RowHammer and provide indication to a firmware or operating system-level mitigation that an attack is underway.

Newer DRAM specifications have introduced defenses, such as DDR4’s Target Row Refresh (TRR) mechanism, that have made a successful RowHammer attack more difficult. However, attack methods have been refined to achieve success even on TRR-enabled DRAMs [3]. Not all DRAM modules are equally susceptible, and the memory controllers built into processors have implemented defenses of various efficacy. In [3], the authors show how to test the performance of a particular combination.

JEDEC updated the DDR5 specification in 2024 (JESD79-5C) to add Per-Row Activation Counting (PRAC) [4]. PRAC-enabled DRAM chips track individual DRAM row activations and signal the memory controller when the count exceeds a threshold value indicating a potential victim row requires a refresh that the controller must then command. Recent research concludes that PRAC does mitigate a RowHammer-style attack in many cases, although is subject to potentially high performance and energy overheads [5].

If the CPU/SoC’s memory controller supports it, system firmware and device operating system could cooperate with the memory controller hardware to leverage indicators from ECC, PRAC, etc. to inform additional layers of mitigation, such as identifying and terminating the offending application process conducting the RowHammer attack [6].

IEC 62443 4-2 Mappings

  • CR 3.4 – Software and information integrity

References

[1] Onur Mutlu, Ataberk Olgun, and A. Giray Yağlıkcı. 2023. Fundamentally Understanding and Solving RowHammer. In Proceedings of the 28th Asia and South Pacific Design Automation Conference (ASPDAC ‘23). Association for Computing Machinery, New York, NY, USA, 461–468.

[2] VUSec. “ECCPLOIT: ECC Memory Vulnerable to RowHammer Attacks After All.” visec.net. Accessed: Aug. 28, 2024. [Online]. Available: https://www.vusec.net/projects/eccploit/

[3] P. Frigo et al., “TRRespass: Exploiting the Many Sides of Target Row Refresh,” 2020 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2020, pp. 747-762, doi: 10.1109/SP40000.2020.00090.

[4] JEDEC. “JEDEC Updates JESD79-5C DDR5 SDRAM Standard: Elevating Performance and Security for Next-Gen Technologies.” jedec.org. Accessed: Aug. 28, 2024. [Online]. Available: https://www.jedec.org/news/pressreleases/jedec-updates-jesd79-5c-ddr5-sdram-standard-elevating-performance-and-security

[5] O. Canpolat, A. G. Yağlıkçı, G. F. Oliveira, A. Olgun, O. Ergin, O. Mutlu, “Understanding the Security Benefits and Overheads of Emerging Industry Solutions to DRAM Read Disturbance,” 2024, arXiv:2406.19094.

[6] “System Level Rowhammer Mitigation,” JEDEC, JEP301-1, Mar. 2021.