MOESI-prime: preventing coherence-induced hammering in commodity workloads

Authors:
Kevin Loughlin

University of Michigan

University of Michigan
View Profile

,
Stefan Saroiu

Microsoft

Microsoft
View Profile

,
Alec Wolman

Microsoft

Microsoft
View Profile

,
Yatin A. Manerkar

University of Michigan

University of Michigan
View Profile

,
Baris Kasikci

University of Michigan

University of Michigan
View Profile

ISCA '22: Proceedings of the 49th Annual International Symposium on Computer ArchitectureJune 2022Pages 670–684https://doi.org/10.1145/3470496.3527427

Published:11 June 2022Publication History

ISCA '22: Proceedings of the 49th Annual International Symposium on Computer Architecture

Pages 670–684

ABSTRACT

Prior work shows that Rowhammer attacks---which flip bits in DRAM via frequent activations of the same row(s)---are viable. Adversaries typically mount these attacks via instruction sequences that are carefully-crafted to bypass CPU caches. However, we discover a novel form of hammering that we refer to as coherence-induced hammering, caused by Intel's implementations of cache coherent non-uniform memory access (ccNUMA) protocols. We show that this hammering occurs in commodity benchmarks on a major cloud provider's production hardware, the first hammering found to be generated by non-malicious code. Given DRAM's rising susceptibility to bit flips, it is paramount to prevent coherence-induced hammering to ensure reliability and security in the cloud.

Accordingly, we introduce MOESI-prime, a ccNUMA coherence protocol that mitigates coherence-induced hammering while retaining Intel's state-of-the-art scalability. MOESI-prime shows that most DRAM reads and writes triggering such hammering are unnecessary. Thus, by encoding additional information in the coherence protocol, MOESI-prime can omit these reads and writes, preventing coherence-induced hammering in non-malicious and malicious workloads. Furthermore, by omitting unnecessary reads and writes, MOESI-prime has negligible effect on average performance (within ±0.61% of MESI and MOESI) and average DRAM power (0.03%-0.22% improvement) across evaluated ccNUMA configurations.

References

Paul Alcorn. 2022. New UCIe Chiplet Standard Supported by Intel, AMD, and Arm. tomshardware.com/news/new-ucie-chiplet-standard-supported-by-intel-amd-and-arm.Google Scholar
Johnathan Alsop, Matthew Sinclair, and Sarita Adve. 2018. Spandex: A flexible interface for efficient heterogeneous coherence. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Hesham Altwaijry and Diyab S Alzahrani. 2014. Improved-moesi cache coherence protocol. Arabian Journal for Science and Engineering (2014).Google Scholar
Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd Austin. 2016. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks. In ACM SIGARCH Computer Architecture News (CAN).Google Scholar
Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model Checking (Representation and Mind Series). The MIT Press.Google ScholarDigital Library
Kuljit Bains, John Halbert, Christopher Mozak, Theodore Schoenborn, and Zvika Greenfield. 2015. Row hammer refresh command. US Patent 9,117,544.Google Scholar
Tanj Bennett, Stefan Saroiu, Alec Wolman, and Lucian Cojocar. 2021. Panopticon: A Complete In-DRAM Rowhammer Mitigation. In Workshop on DRAM Security (DRAMSec).Google Scholar
Christian Bienia, Sanjeev Kumar, Jaswinder Pal Singh, and Kai Li. 2008. The PAR-SEC benchmark suite: Characterization and architectural implications. In IEEE International Conference on Parallel Architectures and Compilation Techniques (PACT).Google ScholarDigital Library
Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R Hower, Tushar Krishna, Somayeh Sardashti, et al. 2011. The gem5 simulator. ACM SIGARCH Computer Architecture News (CAN) (2011).Google Scholar
Arijit Biswas. 2021. Sapphire Rapids. In IEEE Hot Chips Symposium (HCS).Google Scholar
Sergey Blagodurov, Alexandra Fedorova, Sergey Zhuravlev, and Ali Kamali. 2010. A case for NUMA-aware contention management on multicore systems. In IEEE International Conference on Parallel Architectures and Compilation Techniques (PACT).Google ScholarDigital Library
Carsten Bock, Ferdinand Brasser, David Gens, Christopher Liebchen, and Ahamd-Reza Sadeghi. 2019. RIP-RH: Preventing Rowhammer-Based InterProcess Attacks. In ACM Asia Conference on Computer and Communications Security (Asia CCS).Google ScholarDigital Library
Thomas Bourgeat, Jules Drean, Yuheng Yang, Lillian Tsai, Joel Emer, and Mengjia Yan. 2020. CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In USENIX Security Symposium (USENIX Security).Google Scholar
Irina Calciu, Dave Dice, Yossi Lev, Victor Luchangco, Virendra J Marathe, and Nir Shavit. 2013. NUMA-aware reader-writer locks. In ACM SIGPLAN symposium on Principles and practice of parallel programming (PPoPP).Google ScholarDigital Library
A. Chakraborty, M. Alam, and D. Mukhopadhyay. 2019. Deep Learning Based Diagnostics for Rowhammer Protection of DRAM Chips. In IEEE Asian Test Symposium (ATS).Google Scholar
Karthik Chandrasekar, Christian Weis, Yonghui Li, Benny Akesson, Norbert Wehn, and Kees Goossens. 2012. DRAMPower: Open-source DRAM power & energy estimation tool. drampower.info.Google Scholar
Liqun Cheng and John B Carter. 2005. Fast barriers for scalable ccnuma systems. In IEEE International Conference on Parallel Processing (ICPP).Google Scholar
Liqun Cheng, John B Carter, and Donglai Dai. 2007. An adaptive cache coherence protocol optimized for producer-consumer sharing. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarDigital Library
Lucian Cojocar, Jeremie Kim, Minesh Patel, Lillian Tsai, Stefan Saroiu, Alec Wolman, and Onur Mutlu. 2020. Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Lucian Cojocar, Kevin Loughlin, Stefan Saroiu, Baris Kasikci, and Alec Wolman. 2021. mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors. Microsoft Tech Report (2021).Google Scholar
Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos. 2019. Exploiting correcting codes: On the effectiveness of ECC memory against Rowhammer attacks. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
Pat Conway, Nathan Kalyanasundharam, Gregg Donley, Kevin Lepak, and Bill Hughes. 2010. Cache Hierarchy and Memory Subsystem of the AMD Opteron Processor. ACM/IEEE International Symposium on Microarchitecture (MICRO) (2010).Google Scholar
Alan L Cox and Robert J Fowler. 1993. Adaptive cache coherency for detecting migratory shared data. ACM SIGARCH Computer Architecture News (CAN) (1993).Google Scholar
Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2021. SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript. In USENIX Security Symposium (USENIX Security).Google Scholar
Timothy J Dell. 1997. A white paper on the benefits of chipkill-correct ECC for PC server main memory. IBM Microelectronics division (1997).Google Scholar
David Dice, Virendra J Marathe, and Nir Shavit. 2012. Lock cohorting: a general technique for designing NUMA locks. ACM SIGPLAN Notices (2012).Google ScholarDigital Library
Harish Dattatraya Dixit, Sneha Pendharkar, Matt Beadon, Chris Mason, Tejasvi Chakravarthy, Bharath Muthiah, and Sriram Sankar. 2021. Silent Data Corruptions at Scale. arXiv preprint arXiv:2102.11245 (2021).Google Scholar
Ali Fakhrzadehgan, Yale N Patt, Prashant J Nair, and Moinuddin K Qureshi. 2022. SafeGuard: Reducing the Security Risk from Row-Hammer via Low-Cost Integrity Protection. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarCross Ref
Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the Many Sides of Target Row Refresh. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Vasilis Gavrielatos, Antonios Katsarakis, Arpit Joshi, Nicolai Oswald, Boris Grot, and Vijay Nagarajan. 2018. Scale-out ccNUMA: Exploiting skew with strongly consistent caching. In EuroSys.Google Scholar
gem5. 2021. Architecture Support. gem5.org/documentation/general_docs/architecture_support/.Google Scholar
gem5. 2021. gem5-20 Working Status of Benchmarks. gem5.org/documentation/benchmark_status/gem5-20.Google Scholar
Mohsen Ghasempour, Mikel Lujan, and Jim Garside. 2015. Armor: A run-time memory hot-row detector.Google Scholar
Saugata Ghose, Tianshi Li, Nastaran Hajinazar, Damla Senol Cali, and Onur Mutlu. 2019. Demystifying Complex Workload-DRAM Interactions: An Experimental Study. In ACM on Measurement and Analysis of Computing Systems (POMACS).Google Scholar
Hector Gomez, Andres Amaya, and Elkim Roa. 2016. DRAM row-hammer attack reduction using dummy cells. In IEEE Nordic Circuits and Systems Conference (NORCAS).Google ScholarCross Ref
JR Goodman and HHJ Hum. 2004. MESIF: A Two-Hop Cache Coherency Protocol for Point-to-Point Interconnects (2004). URL: https://www.cs.auckland.ac.nz/~goodman/TechnicalReports/MESIF-2009.pdf (2004).Google Scholar
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of Rowhammer defenses. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in javascript. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).Google ScholarDigital Library
Andreas Hansson, Neha Agarwal, Aasheesh Kolli, Thomas Wenisch, and Aniruddha N Udipi. 2014. Simulating DRAM controllers for future system architecture exploration. In IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).Google ScholarCross Ref
Hasan Hassan, Yahya Can Tugrul, Jeremie S Kim, Victor Van der Veen, Kaveh Razavi, and Onur Mutlu. 2021. Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
Andrew Hay. 2012. MESIF Cache Coherence Protocol. Ph.D. Dissertation. Re- searchSpace@ Auckland.Google Scholar
Peter H Hochschild, Paul Turner, Jeffrey C Mogul, Rama Govindaraju, Parthasarathy Ranganathan, David E Culler, and Amin Vahdat. 2021. Cores that don't count. In Workshop on Hot Topics in Operating Systems (HotOS).Google ScholarDigital Library
Christopher Hollowell, Costin Caramarcu, William Strecker-Kellogg, Antonio Wong, and Alexandr Zaytsev. 2015. The effect of numa tunings on cpu performance. In Journal of Physics: Conference Series.Google ScholarCross Ref
Intel. 2021. Intel Architecture Day 2021. https://www.intel.com/content/www/us/en/newsroom/resources/press-kit-architecture-day-2021.html.Google Scholar
Intel Community Forum. 2019. SKL - strange memory behavior.Google Scholar
Intel Xeon Processor Scalable Memory Family. 2017. Uncore Performance Monitoring Reference Manual. Intel Corporation (2017).Google Scholar
Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. 2017. SGX-Bomb: Locking down the processor via Rowhammer attack. In Workshop on System Software for Trusted Execution (SysTEX).Google ScholarDigital Library
Patrick Jattke, Victor van der Veen, Pietro Frigo, Stijn Gunter, and Kaveh Razavi. 2022. BLACKSMITH: Scalable Rowhammering in the Frequency Domain. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
JEDEC. 2014. Double Data Rate 4 (DDR4) SDRAM Standard.Google Scholar
Sangwoo Ji, Youngjoo Ko, Saeyoung Oh, and Jong Kim. 2019. Pinpoint Rowhammer: Suppressing Unwanted Bit Flips on Rowhammer Attacks. In ACM Asia Conference on Computer and Communications Security (Asia CCS).Google ScholarDigital Library
Jithin Jose, Hari Subramoni, Miao Luo, Minjia Zhang, Jian Huang, Md Wasi-ur Rahman, Nusrat S Islam, Xiangyong Ouyang, Hao Wang, Sayantan Sur, et al. 2011. Memcached design on high performance rdma capable interconnects. In IEEE International Conference on Parallel Processing (ICPP).Google ScholarDigital Library
David Kanter. 2007. The common system interface: Intel's future interconnect. Real World Technologies (2007).Google Scholar
Samira Khan, Donghyuk Lee, and Onur Mutlu. 2016. PARBOR: An efficient system-level technique to detect data-dependent failures in DRAM. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google ScholarCross Ref
Samira Khan, Chris Wilkerson, Donghyuk Lee, Alaa R Alameldeen, and Onur Mutlu. 2016. A case for memory content-based detection and mitigation of data-dependent failures in DRAM. IEEE Computer Architecture Letters (CAL) (2016).Google Scholar
Samira Khan, Chris Wilkerson, Zhe Wang, Alaa R Alameldeen, Donghyuk Lee, and Onur Mutlu. 2017. Detecting and mitigating data-dependent DRAM failures by exploiting current memory content. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
Dae-Hyun Kim, Prashant J Nair, and Moinuddin K Qureshi. 2014. Architectural support for mitigating row hammering in DRAM memories. IEEE Computer Architecture Letters (CAL) (2014).Google Scholar
Jeremie S Kim, Minesh Patel, A Giray Yaglikci, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu. 2020. Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google Scholar
M. Kim, J. Choi, H. Kim, and H. Lee. 2019. An Effective DRAM Address Remapping for Mitigating Rowhammer Errors. IEEE Trans. Comput. (2019).Google Scholar
Michael Jaemin Kim, Jaehyun Park, Yeonhong Park, Wanju Doh, Namhoon Kim, Tae Jun Ham, Jae W Lee, and Jung Ho Ahn. 2021. Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh. arXiv preprint arXiv:2108.06703 (2021).Google Scholar
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. kvm: the Linux virtual machine monitor. In Linux symposium.Google Scholar
Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2018. ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. In USENIX Symposium on Operating Systems Design and Implementation (OSDI).Google Scholar
Akhilesh Kumar, Don Soltis, Irma Esmer, Adi Yoaz, and Sailesh Kottapalli. 2017. The new Intel Xeon scalable processor (formerly skylake-SP). In IEEE Hot Chips Symposium (HCS).Google Scholar
Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. RAM-Bleed: Reading bits in memory without accessing them. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Eojin Lee, Ingab Kang, Sukhan Lee, G Edward Suh, and Jung Ho Ahn. 2019. TWiCe: preventing row-hammering by exploiting time window counters. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Daniel Lenoski, James Laudon, Kourosh Gharachorloo, Anoop Gupta, and John Hennessy. 1990. The directory-based cache coherence protocol for the DASH multiprocessor. ACM SIGARCH Computer Architecture News (CAN) (1990).Google Scholar
Kevin M Lepak, Vydhyanathan Kalyanasundharam, William A Hughes, Benjamin Tsien, and Greggory D Donley. 2014. Method and apparatus for accelerated shared data migration. US Patent 8,732,410.Google Scholar
C. Li and J. Gaudiot. 2019. Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters. In IEEE Annual Computer Software and Applications Conference (COMPSAC).Google Scholar
Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clémentine Maurice, and Daniel Gruss. 2020. Nethammer: Inducing Rowham- mer faults through network requests. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Google ScholarCross Ref
Kevin Loughlin, Stefan Saroiu, Alec Wolman, and Baris Kasikci. 2021. Stop! Hammer time: rethinking our approach to rowhammer mitigations. In Workshop on Hot Topics in Operating Systems (HotOS).Google ScholarDigital Library
Kevin Loughlin, Stefan Saroiu, Alec Wolman, Yatin A. Manerkar, and Baris Kasikci. 2022. MOESI-prime source code. github.com/efeslab/moesi-prime.Google Scholar
Jason Lowe-Power, Abdul Mutaal Ahmad, Ayaz Akram, Mohammad Alian, Rico Amslinger, Matteo Andreozzi, Adrià Armejach, Nils Asmussen, Brad Beckmann, Srikant Bharadwaj, et al. 2020. The gem5 simulator: Version 20.0+. arXiv preprint arXiv:2007.03152 (2020).Google Scholar
Neethu Bal Mallya, Geeta Patil, and Biju Raveendran. 2015. Simulation based performance study of cache coherence protocols. In International Symposium on Nanoelectronic and Information Systems.Google ScholarDigital Library
Jaydeep Marathe and Frank Mueller. 2006. Hardware profile-guided automatic page placement for ccNUMA systems. In ACM SIGPLAN symposium on Principles and practice of parallel programming (PPoPP).Google ScholarDigital Library
Jaydeep Marathe, Vivek Thakkar, and Frank Mueller. 2010. Feedback-directed page placement for ccNUMA via hardware-generated memory traces. J. Parallel and Distrib. Comput. (2010).Google Scholar
Michele Marazzi, Patrick Jattke, Solt Flavien, and Kaveh Razavi. 2022. PROTRR: Principled yet Optimal In-DRAM Target Row Refresh. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
John McCalpin. 2018. Topology and Cache Coherence in Knights Landing and Skylake Xeon Processors. UT Faculty/Researcher Works (2018).Google Scholar
John McCalpin. 2020. Directory Structure in Skylake Server CPUs. Intel Community Forum (2020).Google Scholar
Adrian C Moga, Malcolm Mandviwalla, Vedaraman Geetha, and Herbert H Hum. 2013. Allocation and write policy for a glueless area-efficient directory cache for hotly contested cache lines. US Patent 8,392,665.Google Scholar
Daniel Molka, Daniel Hackenberg, and Robert Schöne. 2014. Main memory and cache performance of Intel Sandy Bridge and AMD Bulldozer. In Workshop on Memory Systems Performance and Correctness.Google ScholarDigital Library
Daniel Molka, Daniel Hackenberg, Robert Schöne, and Wolfgang E Nagel. 2015. Cache coherence protocol and memory performance of the Intel Haswell-EP architecture. In IEEE International Conference on Parallel Processing (ICPP).Google ScholarDigital Library
David Mulnix. 2017. Intel Xeon Processor Scalable Family Technical Overview. Intel Corporation (2017).Google Scholar
Onur Mutlu. 2017. The RowHammer problem and other issues we may face as memory becomes denser. In Design, Automation & Test in Europe Conference & Exhibition (DATE).Google Scholar
Vijay Nagarajan, Daniel J Sorin, Mark D Hill, and David A Wood. 2020. A primer on memory consistency and cache coherence. Synthesis Lectures on Computer Architecture (2020).Google ScholarDigital Library
Nevine Nassif, Ashley O Munch, Carleton L Molnar, Gerald Pasdast, Sitaraman V Lyer, Zibing Yang, Oscar Mendoza, Mark Huddart, Srikrishnan Venkataraman, Sireesha Kandula, et al. 2022. Sapphire Rapids: The Next-Generation Intel Xeon Scalable Processor. In IEEE International Solid-State Circuits Conference (ISSCC).Google Scholar
J Norris. 2013. Package org.apache.hadoop.examples.terasort.Google Scholar
Lois Orosa, Abdullah Giray Yaglikci, Haocong Luo, Ataberk Olgun, Jisung Park, Hasan Hassan, Minesh Patel, Jeremie S Kim, and Onur Mutlu. 2021. A Deeper Look into RowHammer's Sensitivities: Experimental Analysis of Real DRAM Chipsand Implications on Future Attacks and Defenses. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
Nicolai Oswald, Vijay Nagarajan, and Daniel J Sorin. 2018. ProtoGen: Automatically generating directory cache coherence protocols from atomic specifications. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Nicolai Oswald, Vijay Nagarajan, and Daniel J Sorin. 2020. HieraGen: Automated generation of concurrent, hierarchical cache coherence protocols. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Yeonhong Park, Woosuk Kwon, Eojin Lee, Tae Jun Ham, Jung Ho Ahn, and Jae W Lee. 2020. Graphene: Strong yet Lightweight Row Hammer Protection. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarCross Ref
Jason Power, Arkaprava Basu, Junli Gu, Sooraj Puthoor, Bradford M Beckmann, Mark D Hill, Steven K Reinhardt, and David A Wood. 2013. Heterogeneous system coherence for integrated CPU-GPU systems. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
Antoon Purnal, Lukas Giner, Daniel Gruss, and Ingrid Verbauwhede. 2021. Systematic Analysis of Randomization-based Protected Cache Architectures. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu, and Mattias Nissler. 2021. Introducing half-double: New hammering technique for dram rowhammer bug. Google Security Blog.Google Scholar
Rui Qiao and Mark Seaborn. 2016. A new approach for Rowhammer attacks. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST).Google ScholarCross Ref
Moinuddin K Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
Moinuddin K Qureshi. 2019. New attacks and defense for encrypted-address cache. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
Ravi Rajwar and James R Goodman. 2001. Speculative lock elision: Enabling highly concurrent multithreaded execution. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarCross Ref
Sabela Ramos and Torsten Hoefler. 2015. Cache line aware optimizations for ccNUMA systems. In ACM International Symposium on High-Performance Parallel and Distributed Computing (HPDC).Google ScholarDigital Library
Jia Rao, Kun Wang, Xiaobo Zhou, and Cheng-Zhong Xu. 2013. Optimizing virtual machine scheduling in NUMA multicore systems. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google Scholar
Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. 2016. Flip feng shui: Hammering a needle in the software stack. In USENIX Security Symposium (USENIX Security).Google Scholar
TIRIAS Research. 2020. Second Generation AMD EPYC Processor Enhanced Cache and Memory Architecture.Google Scholar
Scott Rixner, William J Dally, Ujval J Kapasi, Peter Mattson, and John D Owens. 2000. Memory access scheduling. ACM SIGARCH Computer Architecture News (CAN) (2000).Google Scholar
Gururaj Saileshwar and Moinuddin Qureshi. 2021. MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. In USENIX Security Symposium (USENIX Security).Google Scholar
Gururaj Saileshwar, Bolin Wang, Moinuddin Qureshi, and Prashant J Nair. 2022. Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rows. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).Google ScholarDigital Library
Ciro Santilli. 2020. PARSEC Benchmark . github.com/cirosantilli/parsecbenchmark/.Google Scholar
Stefan Saroiu, AlecWolman, and Lucian Cojocar. 2022. The Price of Secrecy: How Hiding Internal DRAM Topologies Hurts Rowhammer Defenses. In International Reliability Physics Symposium (IRPS).Google Scholar
Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat (2015). See also http://googleprojectzero.blogspot.co/2015/03/exploiting-dram-rowhammer-bug-to-gain.html.Google Scholar
Inderpreet Singh, Arrvindh Shriraman, Wilson WL Fung, Mike O'Connor, and Tor M Aamodt. 2013. Cache coherence for GPU architectures. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarDigital Library
Per Stenström, Mats Brorsson, and Lars Sandberg. 1993. An adaptive cache coherence protocol optimized for migratory sharing. ACM SIGARCH Computer Architecture News (CAN) (1993).Google Scholar
Andrei Tatar, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Defeating software mitigations against Rowhammer: a surgical precision hammer. In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID).Google ScholarCross Ref
Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, and Kang G Shin. 2022. SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer attacks on mobile platforms. In ACM SIGSAC conference on computer and communications security (CCS).Google ScholarDigital Library
Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi. 2018. GuardION: Practical mitigation of DMA-based Rowhammer attacks on ARM. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).Google ScholarCross Ref
Y. Wang, L. Orosa, X. Peng, Y. Guo, S. Ghose, M. Patel, J. S. Kim, J. G. Luna, M. Sadrosadati, N. M. Ghiasi, and O. Mutlu. 2020. FIGARO: Improving System Performance via Fine-Grained In-DRAM Data Relocation and Caching. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. Scattercache: Thwarting cache attacks via cache set randomization. In USENIX Security Symposium (USENIX Security).Google Scholar
Steven Cameron Woo, Moriyoshi Ohara, Evan Torrie, Jaswinder Pal Singh, and Anoop Gupta. 1995. The SPLASH-2 programs: Characterization and methodological considerations. ACM SIGARCH Computer Architecture News (CAN) (1995).Google Scholar
Xin-Chuan Wu, Timothy Sherwood, Frederic T Chong, and Yanjing Li. 2019. Protecting page tables from Rowhammer attacks using monotonic pointers in DRAM true-cells. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).Google ScholarDigital Library
Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation. In USENIX Security Symposium (USENIX Security).Google Scholar
Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. 2019. Attack directories, not caches: Side channel attacks in a non-inclusive world. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
A. Giray Yağlikçi, Minesh Patel, Jeremie S. Kim, Roknoddin Azizi, Ataberk Olgun, Lois Orosa, Hasan Hassan, Jisung Park, Konstantinos Kanellopoulos, Taha Shahroodi, Saugata Ghose, and Onur Mutlu. 2021. BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarCross Ref
Jung Min You and Joon-Sung Yang. 2019. MRLoc: Mitigating Row-hammering based on memory Locality. In ACM/IEEE Design Automation Conference (DAC).Google ScholarDigital Library
Xusheng Zhan, Yungang Bao, Christian Bienia, and Kai Li. 2017. PARSEC 3.0: A multicore benchmark suite with network stacks and SPLASH-2X. ACM SIGARCH Computer Architecture News (CAN) (2017).Google Scholar

Index Terms

MOESI-prime: preventing coherence-induced hammering in commodity workloads
1. Security and privacy
  1. Security in hardware
  2. Systems security

Recommendations

RowPress: Amplifying Read Disturbance in Modern DRAM Chips
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer Architecture

Memory isolation is critical for system reliability, security, and safety. Unfortunately, read disturbance can break memory isolation in modern DRAM chips. For example, RowHammer is awell-studied read-disturb phenomenon where repeatedly opening and ...
Read More
A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture

RowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies ...
Read More
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS'16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ISCA '22: Proceedings of the 49th Annual International Symposium on Computer Architecture
June 2022
1097 pages
ISBN:9781450386104
DOI:10.1145/3470496
General Chairs:
Valentina Salapura
Google
,
Mohamed Zahran
New York University
,
Program Chairs:
Fred Chong
The University of Chicago
,
Lingjia Tang
The University of Michigan
Copyright © 2022 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 11 June 2022
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Rowhammer
coherence protocol
reliability
security
Qualifiers
- research-article
Conference

Acceptance Rates
ISCA '22 Paper Acceptance Rate67of400submissions,17%Overall Acceptance Rate543of3,203submissions,17%
More
Upcoming Conference
ISCA '24

Sponsor:

sigarch

ISCA '24: The 51st Annual International Symposium on Computer Architecture

June 29 - July 3, 2024

Buenos Aires , Argentina
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 910
  Total Downloads
- Downloads (Last 12 months)311
- Downloads (Last 6 weeks)36
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

MOESI-prime: preventing coherence-induced hammering in commodity workloads

ISCA '22: Proceedings of the 49th Annual International Symposium on Computer Architecture

ABSTRACT

References

Cited By

Index Terms

Recommendations

RowPress: Amplifying Read Disturbance in Modern DRAM Chips

A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses

ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks