ABSTRACT
Prior work shows that Rowhammer attacks---which flip bits in DRAM via frequent activations of the same row(s)---are viable. Adversaries typically mount these attacks via instruction sequences that are carefully-crafted to bypass CPU caches. However, we discover a novel form of hammering that we refer to as coherence-induced hammering, caused by Intel's implementations of cache coherent non-uniform memory access (ccNUMA) protocols. We show that this hammering occurs in commodity benchmarks on a major cloud provider's production hardware, the first hammering found to be generated by non-malicious code. Given DRAM's rising susceptibility to bit flips, it is paramount to prevent coherence-induced hammering to ensure reliability and security in the cloud.
Accordingly, we introduce MOESI-prime, a ccNUMA coherence protocol that mitigates coherence-induced hammering while retaining Intel's state-of-the-art scalability. MOESI-prime shows that most DRAM reads and writes triggering such hammering are unnecessary. Thus, by encoding additional information in the coherence protocol, MOESI-prime can omit these reads and writes, preventing coherence-induced hammering in non-malicious and malicious workloads. Furthermore, by omitting unnecessary reads and writes, MOESI-prime has negligible effect on average performance (within ±0.61% of MESI and MOESI) and average DRAM power (0.03%-0.22% improvement) across evaluated ccNUMA configurations.
- Paul Alcorn. 2022. New UCIe Chiplet Standard Supported by Intel, AMD, and Arm. tomshardware.com/news/new-ucie-chiplet-standard-supported-by-intel-amd-and-arm.Google Scholar
- Johnathan Alsop, Matthew Sinclair, and Sarita Adve. 2018. Spandex: A flexible interface for efficient heterogeneous coherence. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Hesham Altwaijry and Diyab S Alzahrani. 2014. Improved-moesi cache coherence protocol. Arabian Journal for Science and Engineering (2014).Google Scholar
- Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd Austin. 2016. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks. In ACM SIGARCH Computer Architecture News (CAN).Google Scholar
- Christel Baier and Joost-Pieter Katoen. 2008. Principles of Model Checking (Representation and Mind Series). The MIT Press.Google ScholarDigital Library
- Kuljit Bains, John Halbert, Christopher Mozak, Theodore Schoenborn, and Zvika Greenfield. 2015. Row hammer refresh command. US Patent 9,117,544.Google Scholar
- Tanj Bennett, Stefan Saroiu, Alec Wolman, and Lucian Cojocar. 2021. Panopticon: A Complete In-DRAM Rowhammer Mitigation. In Workshop on DRAM Security (DRAMSec).Google Scholar
- Christian Bienia, Sanjeev Kumar, Jaswinder Pal Singh, and Kai Li. 2008. The PAR-SEC benchmark suite: Characterization and architectural implications. In IEEE International Conference on Parallel Architectures and Compilation Techniques (PACT).Google ScholarDigital Library
- Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R Hower, Tushar Krishna, Somayeh Sardashti, et al. 2011. The gem5 simulator. ACM SIGARCH Computer Architecture News (CAN) (2011).Google Scholar
- Arijit Biswas. 2021. Sapphire Rapids. In IEEE Hot Chips Symposium (HCS).Google Scholar
- Sergey Blagodurov, Alexandra Fedorova, Sergey Zhuravlev, and Ali Kamali. 2010. A case for NUMA-aware contention management on multicore systems. In IEEE International Conference on Parallel Architectures and Compilation Techniques (PACT).Google ScholarDigital Library
- Carsten Bock, Ferdinand Brasser, David Gens, Christopher Liebchen, and Ahamd-Reza Sadeghi. 2019. RIP-RH: Preventing Rowhammer-Based InterProcess Attacks. In ACM Asia Conference on Computer and Communications Security (Asia CCS).Google ScholarDigital Library
- Thomas Bourgeat, Jules Drean, Yuheng Yang, Lillian Tsai, Joel Emer, and Mengjia Yan. 2020. CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
- Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In USENIX Security Symposium (USENIX Security).Google Scholar
- Irina Calciu, Dave Dice, Yossi Lev, Victor Luchangco, Virendra J Marathe, and Nir Shavit. 2013. NUMA-aware reader-writer locks. In ACM SIGPLAN symposium on Principles and practice of parallel programming (PPoPP).Google ScholarDigital Library
- A. Chakraborty, M. Alam, and D. Mukhopadhyay. 2019. Deep Learning Based Diagnostics for Rowhammer Protection of DRAM Chips. In IEEE Asian Test Symposium (ATS).Google Scholar
- Karthik Chandrasekar, Christian Weis, Yonghui Li, Benny Akesson, Norbert Wehn, and Kees Goossens. 2012. DRAMPower: Open-source DRAM power & energy estimation tool. drampower.info.Google Scholar
- Liqun Cheng and John B Carter. 2005. Fast barriers for scalable ccnuma systems. In IEEE International Conference on Parallel Processing (ICPP).Google Scholar
- Liqun Cheng, John B Carter, and Donglai Dai. 2007. An adaptive cache coherence protocol optimized for producer-consumer sharing. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarDigital Library
- Lucian Cojocar, Jeremie Kim, Minesh Patel, Lillian Tsai, Stefan Saroiu, Alec Wolman, and Onur Mutlu. 2020. Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Lucian Cojocar, Kevin Loughlin, Stefan Saroiu, Baris Kasikci, and Alec Wolman. 2021. mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors. Microsoft Tech Report (2021).Google Scholar
- Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos. 2019. Exploiting correcting codes: On the effectiveness of ECC memory against Rowhammer attacks. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Pat Conway, Nathan Kalyanasundharam, Gregg Donley, Kevin Lepak, and Bill Hughes. 2010. Cache Hierarchy and Memory Subsystem of the AMD Opteron Processor. ACM/IEEE International Symposium on Microarchitecture (MICRO) (2010).Google Scholar
- Alan L Cox and Robert J Fowler. 1993. Adaptive cache coherency for detecting migratory shared data. ACM SIGARCH Computer Architecture News (CAN) (1993).Google Scholar
- Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2021. SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript. In USENIX Security Symposium (USENIX Security).Google Scholar
- Timothy J Dell. 1997. A white paper on the benefits of chipkill-correct ECC for PC server main memory. IBM Microelectronics division (1997).Google Scholar
- David Dice, Virendra J Marathe, and Nir Shavit. 2012. Lock cohorting: a general technique for designing NUMA locks. ACM SIGPLAN Notices (2012).Google ScholarDigital Library
- Harish Dattatraya Dixit, Sneha Pendharkar, Matt Beadon, Chris Mason, Tejasvi Chakravarthy, Bharath Muthiah, and Sriram Sankar. 2021. Silent Data Corruptions at Scale. arXiv preprint arXiv:2102.11245 (2021).Google Scholar
- Ali Fakhrzadehgan, Yale N Patt, Prashant J Nair, and Moinuddin K Qureshi. 2022. SafeGuard: Reducing the Security Risk from Row-Hammer via Low-Cost Integrity Protection. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarCross Ref
- Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the Many Sides of Target Row Refresh. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Vasilis Gavrielatos, Antonios Katsarakis, Arpit Joshi, Nicolai Oswald, Boris Grot, and Vijay Nagarajan. 2018. Scale-out ccNUMA: Exploiting skew with strongly consistent caching. In EuroSys.Google Scholar
- gem5. 2021. Architecture Support. gem5.org/documentation/general_docs/architecture_support/.Google Scholar
- gem5. 2021. gem5-20 Working Status of Benchmarks. gem5.org/documentation/benchmark_status/gem5-20.Google Scholar
- Mohsen Ghasempour, Mikel Lujan, and Jim Garside. 2015. Armor: A run-time memory hot-row detector.Google Scholar
- Saugata Ghose, Tianshi Li, Nastaran Hajinazar, Damla Senol Cali, and Onur Mutlu. 2019. Demystifying Complex Workload-DRAM Interactions: An Experimental Study. In ACM on Measurement and Analysis of Computing Systems (POMACS).Google Scholar
- Hector Gomez, Andres Amaya, and Elkim Roa. 2016. DRAM row-hammer attack reduction using dummy cells. In IEEE Nordic Circuits and Systems Conference (NORCAS).Google ScholarCross Ref
- JR Goodman and HHJ Hum. 2004. MESIF: A Two-Hop Cache Coherency Protocol for Point-to-Point Interconnects (2004). URL: https://www.cs.auckland.ac.nz/~goodman/TechnicalReports/MESIF-2009.pdf (2004).Google Scholar
- Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of Rowhammer defenses. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in javascript. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).Google ScholarDigital Library
- Andreas Hansson, Neha Agarwal, Aasheesh Kolli, Thomas Wenisch, and Aniruddha N Udipi. 2014. Simulating DRAM controllers for future system architecture exploration. In IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).Google ScholarCross Ref
- Hasan Hassan, Yahya Can Tugrul, Jeremie S Kim, Victor Van der Veen, Kaveh Razavi, and Onur Mutlu. 2021. Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
- Andrew Hay. 2012. MESIF Cache Coherence Protocol. Ph.D. Dissertation. Re- searchSpace@ Auckland.Google Scholar
- Peter H Hochschild, Paul Turner, Jeffrey C Mogul, Rama Govindaraju, Parthasarathy Ranganathan, David E Culler, and Amin Vahdat. 2021. Cores that don't count. In Workshop on Hot Topics in Operating Systems (HotOS).Google ScholarDigital Library
- Christopher Hollowell, Costin Caramarcu, William Strecker-Kellogg, Antonio Wong, and Alexandr Zaytsev. 2015. The effect of numa tunings on cpu performance. In Journal of Physics: Conference Series.Google ScholarCross Ref
- Intel. 2021. Intel Architecture Day 2021. https://www.intel.com/content/www/us/en/newsroom/resources/press-kit-architecture-day-2021.html.Google Scholar
- Intel Community Forum. 2019. SKL - strange memory behavior.Google Scholar
- Intel Xeon Processor Scalable Memory Family. 2017. Uncore Performance Monitoring Reference Manual. Intel Corporation (2017).Google Scholar
- Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. 2017. SGX-Bomb: Locking down the processor via Rowhammer attack. In Workshop on System Software for Trusted Execution (SysTEX).Google ScholarDigital Library
- Patrick Jattke, Victor van der Veen, Pietro Frigo, Stijn Gunter, and Kaveh Razavi. 2022. BLACKSMITH: Scalable Rowhammering in the Frequency Domain. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- JEDEC. 2014. Double Data Rate 4 (DDR4) SDRAM Standard.Google Scholar
- Sangwoo Ji, Youngjoo Ko, Saeyoung Oh, and Jong Kim. 2019. Pinpoint Rowhammer: Suppressing Unwanted Bit Flips on Rowhammer Attacks. In ACM Asia Conference on Computer and Communications Security (Asia CCS).Google ScholarDigital Library
- Jithin Jose, Hari Subramoni, Miao Luo, Minjia Zhang, Jian Huang, Md Wasi-ur Rahman, Nusrat S Islam, Xiangyong Ouyang, Hao Wang, Sayantan Sur, et al. 2011. Memcached design on high performance rdma capable interconnects. In IEEE International Conference on Parallel Processing (ICPP).Google ScholarDigital Library
- David Kanter. 2007. The common system interface: Intel's future interconnect. Real World Technologies (2007).Google Scholar
- Samira Khan, Donghyuk Lee, and Onur Mutlu. 2016. PARBOR: An efficient system-level technique to detect data-dependent failures in DRAM. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).Google ScholarCross Ref
- Samira Khan, Chris Wilkerson, Donghyuk Lee, Alaa R Alameldeen, and Onur Mutlu. 2016. A case for memory content-based detection and mitigation of data-dependent failures in DRAM. IEEE Computer Architecture Letters (CAL) (2016).Google Scholar
- Samira Khan, Chris Wilkerson, Zhe Wang, Alaa R Alameldeen, Donghyuk Lee, and Onur Mutlu. 2017. Detecting and mitigating data-dependent DRAM failures by exploiting current memory content. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
- Dae-Hyun Kim, Prashant J Nair, and Moinuddin K Qureshi. 2014. Architectural support for mitigating row hammering in DRAM memories. IEEE Computer Architecture Letters (CAL) (2014).Google Scholar
- Jeremie S Kim, Minesh Patel, A Giray Yaglikci, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu. 2020. Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google Scholar
- M. Kim, J. Choi, H. Kim, and H. Lee. 2019. An Effective DRAM Address Remapping for Mitigating Rowhammer Errors. IEEE Trans. Comput. (2019).Google Scholar
- Michael Jaemin Kim, Jaehyun Park, Yeonhong Park, Wanju Doh, Namhoon Kim, Tae Jun Ham, Jae W Lee, and Jung Ho Ahn. 2021. Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh. arXiv preprint arXiv:2108.06703 (2021).Google Scholar
- Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping Bits in Memory without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. 2007. kvm: the Linux virtual machine monitor. In Linux symposium.Google Scholar
- Radhesh Krishnan Konoth, Marco Oliverio, Andrei Tatar, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2018. ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. In USENIX Symposium on Operating Systems Design and Implementation (OSDI).Google Scholar
- Akhilesh Kumar, Don Soltis, Irma Esmer, Adi Yoaz, and Sailesh Kottapalli. 2017. The new Intel Xeon scalable processor (formerly skylake-SP). In IEEE Hot Chips Symposium (HCS).Google Scholar
- Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. RAM-Bleed: Reading bits in memory without accessing them. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Eojin Lee, Ingab Kang, Sukhan Lee, G Edward Suh, and Jung Ho Ahn. 2019. TWiCe: preventing row-hammering by exploiting time window counters. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Daniel Lenoski, James Laudon, Kourosh Gharachorloo, Anoop Gupta, and John Hennessy. 1990. The directory-based cache coherence protocol for the DASH multiprocessor. ACM SIGARCH Computer Architecture News (CAN) (1990).Google Scholar
- Kevin M Lepak, Vydhyanathan Kalyanasundharam, William A Hughes, Benjamin Tsien, and Greggory D Donley. 2014. Method and apparatus for accelerated shared data migration. US Patent 8,732,410.Google Scholar
- C. Li and J. Gaudiot. 2019. Detecting Malicious Attacks Exploiting Hardware Vulnerabilities Using Performance Counters. In IEEE Annual Computer Software and Applications Conference (COMPSAC).Google Scholar
- Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clémentine Maurice, and Daniel Gruss. 2020. Nethammer: Inducing Rowham- mer faults through network requests. In IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Google ScholarCross Ref
- Kevin Loughlin, Stefan Saroiu, Alec Wolman, and Baris Kasikci. 2021. Stop! Hammer time: rethinking our approach to rowhammer mitigations. In Workshop on Hot Topics in Operating Systems (HotOS).Google ScholarDigital Library
- Kevin Loughlin, Stefan Saroiu, Alec Wolman, Yatin A. Manerkar, and Baris Kasikci. 2022. MOESI-prime source code. github.com/efeslab/moesi-prime.Google Scholar
- Jason Lowe-Power, Abdul Mutaal Ahmad, Ayaz Akram, Mohammad Alian, Rico Amslinger, Matteo Andreozzi, Adrià Armejach, Nils Asmussen, Brad Beckmann, Srikant Bharadwaj, et al. 2020. The gem5 simulator: Version 20.0+. arXiv preprint arXiv:2007.03152 (2020).Google Scholar
- Neethu Bal Mallya, Geeta Patil, and Biju Raveendran. 2015. Simulation based performance study of cache coherence protocols. In International Symposium on Nanoelectronic and Information Systems.Google ScholarDigital Library
- Jaydeep Marathe and Frank Mueller. 2006. Hardware profile-guided automatic page placement for ccNUMA systems. In ACM SIGPLAN symposium on Principles and practice of parallel programming (PPoPP).Google ScholarDigital Library
- Jaydeep Marathe, Vivek Thakkar, and Frank Mueller. 2010. Feedback-directed page placement for ccNUMA via hardware-generated memory traces. J. Parallel and Distrib. Comput. (2010).Google Scholar
- Michele Marazzi, Patrick Jattke, Solt Flavien, and Kaveh Razavi. 2022. PROTRR: Principled yet Optimal In-DRAM Target Row Refresh. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- John McCalpin. 2018. Topology and Cache Coherence in Knights Landing and Skylake Xeon Processors. UT Faculty/Researcher Works (2018).Google Scholar
- John McCalpin. 2020. Directory Structure in Skylake Server CPUs. Intel Community Forum (2020).Google Scholar
- Adrian C Moga, Malcolm Mandviwalla, Vedaraman Geetha, and Herbert H Hum. 2013. Allocation and write policy for a glueless area-efficient directory cache for hotly contested cache lines. US Patent 8,392,665.Google Scholar
- Daniel Molka, Daniel Hackenberg, and Robert Schöne. 2014. Main memory and cache performance of Intel Sandy Bridge and AMD Bulldozer. In Workshop on Memory Systems Performance and Correctness.Google ScholarDigital Library
- Daniel Molka, Daniel Hackenberg, Robert Schöne, and Wolfgang E Nagel. 2015. Cache coherence protocol and memory performance of the Intel Haswell-EP architecture. In IEEE International Conference on Parallel Processing (ICPP).Google ScholarDigital Library
- David Mulnix. 2017. Intel Xeon Processor Scalable Family Technical Overview. Intel Corporation (2017).Google Scholar
- Onur Mutlu. 2017. The RowHammer problem and other issues we may face as memory becomes denser. In Design, Automation & Test in Europe Conference & Exhibition (DATE).Google Scholar
- Vijay Nagarajan, Daniel J Sorin, Mark D Hill, and David A Wood. 2020. A primer on memory consistency and cache coherence. Synthesis Lectures on Computer Architecture (2020).Google ScholarDigital Library
- Nevine Nassif, Ashley O Munch, Carleton L Molnar, Gerald Pasdast, Sitaraman V Lyer, Zibing Yang, Oscar Mendoza, Mark Huddart, Srikrishnan Venkataraman, Sireesha Kandula, et al. 2022. Sapphire Rapids: The Next-Generation Intel Xeon Scalable Processor. In IEEE International Solid-State Circuits Conference (ISSCC).Google Scholar
- J Norris. 2013. Package org.apache.hadoop.examples.terasort.Google Scholar
- Lois Orosa, Abdullah Giray Yaglikci, Haocong Luo, Ataberk Olgun, Jisung Park, Hasan Hassan, Minesh Patel, Jeremie S Kim, and Onur Mutlu. 2021. A Deeper Look into RowHammer's Sensitivities: Experimental Analysis of Real DRAM Chipsand Implications on Future Attacks and Defenses. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
- Nicolai Oswald, Vijay Nagarajan, and Daniel J Sorin. 2018. ProtoGen: Automatically generating directory cache coherence protocols from atomic specifications. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Nicolai Oswald, Vijay Nagarajan, and Daniel J Sorin. 2020. HieraGen: Automated generation of concurrent, hierarchical cache coherence protocols. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Yeonhong Park, Woosuk Kwon, Eojin Lee, Tae Jun Ham, Jung Ho Ahn, and Jae W Lee. 2020. Graphene: Strong yet Lightweight Row Hammer Protection. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarCross Ref
- Jason Power, Arkaprava Basu, Junli Gu, Sooraj Puthoor, Bradford M Beckmann, Mark D Hill, Steven K Reinhardt, and David A Wood. 2013. Heterogeneous system coherence for integrated CPU-GPU systems. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
- Antoon Purnal, Lukas Giner, Daniel Gruss, and Ingrid Verbauwhede. 2021. Systematic Analysis of Randomization-based Protected Cache Architectures. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu, and Mattias Nissler. 2021. Introducing half-double: New hammering technique for dram rowhammer bug. Google Security Blog.Google Scholar
- Rui Qiao and Mark Seaborn. 2016. A new approach for Rowhammer attacks. In IEEE International Symposium on Hardware Oriented Security and Trust (HOST).Google ScholarCross Ref
- Moinuddin K Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarDigital Library
- Moinuddin K Qureshi. 2019. New attacks and defense for encrypted-address cache. In ACM/IEEE International Symposium on Computer Architecture (ISCA).Google ScholarDigital Library
- Ravi Rajwar and James R Goodman. 2001. Speculative lock elision: Enabling highly concurrent multithreaded execution. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google ScholarCross Ref
- Sabela Ramos and Torsten Hoefler. 2015. Cache line aware optimizations for ccNUMA systems. In ACM International Symposium on High-Performance Parallel and Distributed Computing (HPDC).Google ScholarDigital Library
- Jia Rao, Kun Wang, Xiaobo Zhou, and Cheng-Zhong Xu. 2013. Optimizing virtual machine scheduling in NUMA multicore systems. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google Scholar
- Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. 2016. Flip feng shui: Hammering a needle in the software stack. In USENIX Security Symposium (USENIX Security).Google Scholar
- TIRIAS Research. 2020. Second Generation AMD EPYC Processor Enhanced Cache and Memory Architecture.Google Scholar
- Scott Rixner, William J Dally, Ujval J Kapasi, Peter Mattson, and John D Owens. 2000. Memory access scheduling. ACM SIGARCH Computer Architecture News (CAN) (2000).Google Scholar
- Gururaj Saileshwar and Moinuddin Qureshi. 2021. MIRAGE: Mitigating Conflict-Based Cache Attacks with a Practical Fully-Associative Design. In USENIX Security Symposium (USENIX Security).Google Scholar
- Gururaj Saileshwar, Bolin Wang, Moinuddin Qureshi, and Prashant J Nair. 2022. Randomized row-swap: mitigating Row Hammer by breaking spatial correlation between aggressor and victim rows. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).Google ScholarDigital Library
- Ciro Santilli. 2020. PARSEC Benchmark . github.com/cirosantilli/parsecbenchmark/.Google Scholar
- Stefan Saroiu, AlecWolman, and Lucian Cojocar. 2022. The Price of Secrecy: How Hiding Internal DRAM Topologies Hurts Rowhammer Defenses. In International Reliability Physics Symposium (IRPS).Google Scholar
- Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM Rowhammer bug to gain kernel privileges. Black Hat (2015). See also http://googleprojectzero.blogspot.co/2015/03/exploiting-dram-rowhammer-bug-to-gain.html.Google Scholar
- Inderpreet Singh, Arrvindh Shriraman, Wilson WL Fung, Mike O'Connor, and Tor M Aamodt. 2013. Cache coherence for GPU architectures. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarDigital Library
- Per Stenström, Mats Brorsson, and Lars Sandberg. 1993. An adaptive cache coherence protocol optimized for migratory sharing. ACM SIGARCH Computer Architecture News (CAN) (1993).Google Scholar
- Andrei Tatar, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Defeating software mitigations against Rowhammer: a surgical precision hammer. In International Symposium on Research in Attacks, Intrusions, and Defenses (RAID).Google ScholarCross Ref
- Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, and Kang G Shin. 2022. SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks. In IEEE Symposium on Security and Privacy (S&P).Google Scholar
- Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer attacks on mobile platforms. In ACM SIGSAC conference on computer and communications security (CCS).Google ScholarDigital Library
- Victor van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi. 2018. GuardION: Practical mitigation of DMA-based Rowhammer attacks on ARM. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA).Google ScholarCross Ref
- Y. Wang, L. Orosa, X. Peng, Y. Guo, S. Ghose, M. Patel, J. S. Kim, J. G. Luna, M. Sadrosadati, N. M. Ghiasi, and O. Mutlu. 2020. FIGARO: Improving System Performance via Fine-Grained In-DRAM Data Relocation and Caching. In ACM/IEEE International Symposium on Microarchitecture (MICRO).Google Scholar
- Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. Scattercache: Thwarting cache attacks via cache set randomization. In USENIX Security Symposium (USENIX Security).Google Scholar
- Steven Cameron Woo, Moriyoshi Ohara, Evan Torrie, Jaswinder Pal Singh, and Anoop Gupta. 1995. The SPLASH-2 programs: Characterization and methodological considerations. ACM SIGARCH Computer Architecture News (CAN) (1995).Google Scholar
- Xin-Chuan Wu, Timothy Sherwood, Frederic T Chong, and Yanjing Li. 2019. Protecting page tables from Rowhammer attacks using monotonic pointers in DRAM true-cells. In International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).Google ScholarDigital Library
- Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation. In USENIX Security Symposium (USENIX Security).Google Scholar
- Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. 2019. Attack directories, not caches: Side channel attacks in a non-inclusive world. In IEEE Symposium on Security and Privacy (S&P).Google ScholarCross Ref
- A. Giray Yağlikçi, Minesh Patel, Jeremie S. Kim, Roknoddin Azizi, Ataberk Olgun, Lois Orosa, Hasan Hassan, Jisung Park, Konstantinos Kanellopoulos, Taha Shahroodi, Saugata Ghose, and Onur Mutlu. 2021. BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows. In IEEE International Symposium on High Performance Computer Architecture (HPCA).Google ScholarCross Ref
- Jung Min You and Joon-Sung Yang. 2019. MRLoc: Mitigating Row-hammering based on memory Locality. In ACM/IEEE Design Automation Conference (DAC).Google ScholarDigital Library
- Xusheng Zhan, Yungang Bao, Christian Bienia, and Kai Li. 2017. PARSEC 3.0: A multicore benchmark suite with network stacks and SPLASH-2X. ACM SIGARCH Computer Architecture News (CAN) (2017).Google Scholar
Index Terms
- MOESI-prime: preventing coherence-induced hammering in commodity workloads
Recommendations
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
ISCA '23: Proceedings of the 50th Annual International Symposium on Computer ArchitectureMemory isolation is critical for system reliability, security, and safety. Unfortunately, read disturbance can break memory isolation in modern DRAM chips. For example, RowHammer is awell-studied read-disturb phenomenon where repeatedly opening and ...
A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses
MICRO '21: MICRO-54: 54th Annual IEEE/ACM International Symposium on MicroarchitectureRowHammer is a circuit-level DRAM vulnerability where repeatedly accessing (i.e., hammering) a DRAM row can cause bit flips in physically nearby rows. The RowHammer vulnerability worsens as DRAM cell size and cell-to-cell spacing shrink. Recent studies ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS'16Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
Comments