Onur Mutlu was recently honored by Google with a 2022 Google Security and Privacy Research Award for his work on hardware security and side-channels. Selected by a committee of senior Google researchers, the award “recognizes academics who have made major contributions to the field”. This award recognizes the work done by Mutlu and his team, the SAFARI Research Group, for making significant, recent contributions to protecting users across the Internet, especially for their decade-long work on the DRAM RowHammer vulnerability.
The RowHammer security vulnerability
Mutlu and team were the first to show that, by repeatedly accessing a DRAM row, one can induce errors in adjacent rows. A malicious attacker can use this to circumvent memory protection and gain complete control over an otherwise secure system. RowHammer is the first example of a device failure mechanism that causes a practical, widespread system security vulnerability. When it was discovered, the Rowhammer hardware failure was found to affect more than 80 percent of DRAM chips.
When Mutlu talks about RowHammer to a freshman class, he shows the picture of the Tacoma Narrows Bridge. Many people know this bridge, built in 1940, it collapsed six months later. He shows this as a great example of a bit flip in critical infrastructure — there are many reasons why this bridge collapsed, including aeroelastic flutter, but Mutlu sees this as an example of a reliability problem which affects safety and security in our daily lives and world around us — albeit with overall fewer consequences as compared to security vulnerabilities in computing, which can affect all aspects of our modern lives.
Future outlook and research
Many follow up works from their original paper showed that the RowHammer security fault in the memory chip can be used to take over servers, virtual machines and mobile devices. Research has made progress in recent years. “We now know that the RowHammer problem is fundamentally much worse than it was ten years ago — newer DRAM chips become more vulnerable as technology node size shrinks”, says Mutlu. The opportunities for attacks are increasing and the protective mechanisms must be able to do much more than they could when the problem was first discovered. “But the problem is not unsolvable”, says Mutlu. In two 2020 papers, Revisiting RowHammer and TRRespass, Mutlu and his team, along with collaborators, found that recent DRAM chips are much more vulnerable and solutions implemented in industry do not work. “The weak point in the memory chip still exists. The RowHammer problem is fundamental and difficult. But it is important to have a good mindset to securely solve it. One problem is that trying to fix such problems like RowHammer comes at a large cost, either in performance or hardware overheads”, says Mutlu. “Too many people just want to believe that a system constructed from vulnerable memory chips is safe. We believe now is the right time to correct this mistake. Exciting developments are currently taking place in the field of computer architecture and memory systems. This time window could be used to close old security gaps and avoid new ones, and that would be progress.”
The team’s work on RowHammer continues to have widespread impact on security and hardware communities. As examples of this impact, their work has led to inclusion of new tests in widely used memtest programs; Apple cited their work in security releases; Intel and other vendors implemented variants of their major solutions; and their 2020 works led to industry-wide task groups to solve RowHammer and Best Paper Awards. Recently, the BlockHammer solution proposed by the group was chosen as a finalist by Intel, as part of the Intel Hardware Security Academic Award in 2022. In a recent invited paper, “Fundamentally Understanding and Solving RowHammer”, which will appear in the ASP-DAC conference, Onur Mutlu and his team describe the state of the art in RowHammer and propose a future path to solving it.
Talk and Lecture recordings:
Onur Mutlu, “Security Aspects of DRAM: The Story of RowHammer”
Invited Tutorial at 14th IEEE Electron Devices Society International Memory Workshop (IMW), Dresden, Germany, May 2022.
[Tutorial Video (57 minutes)]
“The Story of RowHammer”
Keynote Talk at Secure Hardware, Architectures, and Operating Systems Workshop (SeHAS), held with HiPEAC 2021 Conference, Virtual, 19 January 2021.
[Slides (pptx) (pdf)]
[Talk Video (1 hr 15 minutes, with Q&A)]
[Related Survey Paper from IEEE TCAD 2019]
Computer Architecture Fall 2020, ETH Zurich
Lecture 4b RowHammer: https://www.youtube.com/watch?v=KDy632z23UE
Lecture 5a TRRespass: https://www.youtube.com/watch?v=pwRw7QqK_qA
Lecture 5b Revisiting RowHammer: https://www.youtube.com/watch?v=gR7XR-Eepcg
The first detailed study: Rowhammer analysis and solutions (June 2014):
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu, “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors”, Proceedings of the 41st International Symposium on Computer Architecture (ISCA), Minneapolis, MN, June 2014.
[Slides (pptx) (pdf)] [Lightning Session Slides (pptx) (pdf)] [Source Code and Data] [RowHammer Summary Slides (pptx)] [RowHammer Summary] [Coverage on ZDNet 1] [Coverage on ZDNet 2] [MemTest86 Hammer Test] [RowHammer Discussion Group] [Discussion on Twitter]
[Lecture Video (1 hr 49 mins), 25 September 2020]
One of the 7 papers of 2012-2017 selected as Top Picks in Hardware and Embedded Security for IEEE TCAD (link)
SAFARI Source Code to Induce Errors in Modern DRAM Chips (June 2014)
Google Project Zero’s Attack to Take Over a System (March 2015)
Exploiting the DRAM rowhammer bug to gain kernel privileges (Seaborn+, 2015)
Relevant Papers on RowHammer:
Onur Mutlu, Ataberk Olgun, A. Giray Yağlıkçı, “Fundamentally Understanding and Solving RowHammer”, to appear in ASPDAC 2023. [preprint on arXiv 2022]
Ataberk Olgun, Hasan Hassan, A. Giray Yağlıkçı, Yahya Can Tuğrul, Lois Orosa, Haocong Luo, Minesh Patel, Oğuz Ergin, Onur Mutlu, “DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the-art DRAM Chips”. [preprint on arXiv 2022]
A. Giray Yağlıkçı, Haocong Luo, Geraldo F. de Oliviera, Ataberk Olgun, Minesh Patel, Jisung Park, Hasan Hassan, Jeremie S. Kim, Lois Orosa, and Onur Mutlu, “Understanding RowHammer Under Reduced Wordline Voltage: An Experimental Study Using Real DRAM Devices”, Proceedings of the 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Baltimore, MD, USA, June 2022.
[Slides (pptx) (pdf)] [Lightning Talk Slides (pptx) (pdf)] [arXiv version] [Talk Video (34 minutes, including Q&A)]
[Lightning Talk Video (2 minutes)]
Lois Orosa, Abdullah Giray Yaglikci, Haocong Luo, Ataberk Olgun, Jisung Park, Hasan Hassan, Minesh Patel, Jeremie S. Kim, and Onur Mutlu, “A Deeper Look into RowHammer’s Sensitivities: Experimental Analysis of Real DRAM Chips and Implications on Future Attacks and Defenses”, Proceedings of the 54th International Symposium on Microarchitecture (MICRO), Virtual, October 2021.
[Slides (pptx) (pdf)] [Short Talk Slides (pptx) (pdf)] [Lightning Talk Slides (pptx) (pdf)] [Talk Video (21 minutes)] [Lightning Talk Video (1.5 minutes)] [arXiv version]
Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, and Onur Mutlu, “Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications”, Proceedings of the 54th International Symposium on Microarchitecture (MICRO), Virtual, October 2021.
[Slides (pptx) (pdf)] [Short Talk Slides (pptx) (pdf)] [Lightning Talk Slides (pptx) (pdf)] [Talk Video (25 minutes)] [Lightning Talk Video (100 seconds)] [arXiv version]
A. Giray Yaglikci, Jeremie S. Kim, Fabrice Devaux, and Onur Mutlu, “Security Analysis of the Silver Bullet Technique for RowHammer Prevention”, Preprint in arXiv, 13 June 2021. [arXiv preprint]
A. Giray Yaglikci, Minesh Patel, Jeremie S. Kim, Roknoddin Azizi, Ataberk Olgun, Lois Orosa, Hasan Hassan, Jisung Park, Konstantinos Kanellopoulos, Taha Shahroodi, Saugata Ghose, and Onur Mutlu, “BlockHammer: Preventing RowHammer at Low Cost by Blacklisting Rapidly-Accessed DRAM Rows”, Proceedings of the 27th International Symposium on High-Performance Computer Architecture (HPCA), Virtual, February-March 2021.
[Slides (pptx) (pdf)] [Short Talk Slides (pptx) (pdf)] [Intel Hardware Security Academic Awards Short Talk Slides (pptx) (pdf)]
[Talk Video (22 minutes)] [Short Talk Video (7 minutes)] [Intel Hardware Security Academic Awards Short Talk Video (2 minutes)] [BlockHammer Source Code]
Intel Hardware Security Academic Award Finalist (one of 4 finalists out of 34 nominations).
Jeremie S. Kim, Minesh Patel, A. Giray Yaglikci, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu, “Revisiting RowHammer: An Experimental Analysis of Modern Devices and Mitigation Techniques”, Proceedings of the 47th International Symposium on Computer Architecture (ISCA), Valencia, Spain, June 2020.
[Slides (pptx) (pdf)] [Lightning Talk Slides (pptx) (pdf)] [Lecture Slides (pptx) (pdf)] [ARM Research Summit Poster (pptx) (pdf)]
[Talk Video (20 minutes)] [Lightning Talk Video (3 minutes)] [Lecture Video (55 minutes)]
Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, “TRRespass: Exploiting the Many Sides of Target Row Refresh”, Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 2020.
[Slides (pptx) (pdf)] [Lecture Slides (pptx) (pdf)] [Talk Video (17 minutes)] [Lecture Video (59 minutes)] [Source Code] [Web Article]
Best paper award.
Pwnie Award 2020 for Most Innovative Research. Pwnie Awards 2020
Top Picks Honorable Mention by IEEE Micro.
Onur Mutlu and Jeremie Kim, “RowHammer: A Retrospective”, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) Special Issue on Top Picks in Hardware and Embedded Security, 2019.
[Preliminary arXiv version] [Slides from COSADE 2019 (pptx)] [Slides from VLSI-SOC 2020 (pptx) (pdf)] [Talk Video (1 hr 15 minutes, with Q&A)]
Onur Mutlu, “RowHammer and Beyond”, Keynote Talk Paper in Proceedings of the 10th International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE), Darmstadt, Germany, April 2019.
[arXiv version] [Slides (pptx)]
Onur Mutlu, “The RowHammer Problem and Other Issues We May Face as Memory Becomes Denser”, Invited Paper in Proceedings of the Design, Automation, and Test in Europe Conference (DATE), Lausanne, Switzerland, March 2017.
[Slides (pptx) (pdf)]