# Computer Architecture Lecture 5a: RowHammer in 2020: TRRespass Prof. Onur Mutlu ETH Zürich Fall 2020 1 October 2020 # Four Key Problems + Directions Fundamentally Secure/Reliable/Safe Architectures - Fundamentally Energy-Efficient Architectures - Memory-centric (Data-centric) Architectures Fundamentally Low-Latency and Predictable Architectures Architectures for AI/ML, Genomics, Medicine, Health # Security Implications It's like breaking into an apartment by repeatedly slamming a neighbor's door until the vibrations open the door you were after # Understanding RowHammer # RowHammer Solutions # First RowHammer Analysis Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu, "Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors" Proceedings of the 41st International Symposium on Computer Architecture (ISCA), Minneapolis, MN, June 2014. [Slides (pptx) (pdf)] [Lightning Session Slides (pptx) (pdf)] [Source Code and Data] # Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors Yoongu Kim<sup>1</sup> Ross Daly\* Jeremie Kim<sup>1</sup> Chris Fallin\* Ji Hye Lee<sup>1</sup> Donghyuk Lee<sup>1</sup> Chris Wilkerson<sup>2</sup> Konrad Lai Onur Mutlu<sup>1</sup> <sup>1</sup>Carnegie Mellon University <sup>2</sup>Intel Labs 6 # Retrospective on RowHammer & Future Onur Mutlu, "The RowHammer Problem and Other Issues We May Face as Memory Becomes Denser" Invited Paper in Proceedings of the <u>Design, Automation, and Test in</u> <u>Europe Conference</u> (**DATE**), Lausanne, Switzerland, March 2017. [Slides (pptx) (pdf)] # The RowHammer Problem and Other Issues We May Face as Memory Becomes Denser Onur Mutlu ETH Zürich onur.mutlu@inf.ethz.ch https://people.inf.ethz.ch/omutlu # A More Recent RowHammer Retrospective Onur Mutlu and Jeremie Kim, "RowHammer: A Retrospective" IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) Special Issue on Top Picks in Hardware and Embedded Security, 2019. [Preliminary arXiv version] # RowHammer: A Retrospective Onur Mutlu<sup>§‡</sup> Jeremie S. Kim<sup>‡§</sup> §ETH Zürich <sup>‡</sup>Carnegie Mellon University # Main Memory Needs Intelligent Controllers ### Aside: Intelligent Controller for NAND Flash Proceedings of the IEEE, Sept. 2017 # Error Characterization, Mitigation, and Recovery in Flash-Memory-Based Solid-State Drives This paper reviews the most recent advances in solid-state drive (SSD) error characterization, mitigation, and data recovery techniques to improve both SSD's reliability and lifetime. By Yu Cai, Saugata Ghose, Erich F. Haratsch, Yixin Luo, and Onur Mutlu https://arxiv.org/pdf/1706.08642 # RowHammer in 2020 ### RowHammer in 2020 (I) Jeremie S. Kim, Minesh Patel, A. Giray Yaglikci, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu, "Revisiting RowHammer: An Experimental Analysis of Modern Devices and Mitigation Techniques" Proceedings of the <u>47th International Symposium on Computer</u> <u>Architecture</u> (**ISCA**), Valencia, Spain, June 2020. [Slides (pptx) (pdf)] [Lightning Talk Slides (pptx) (pdf)] [Talk Video (20 minutes)] [Lightning Talk Video (3 minutes)] # Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques Jeremie S. Kim $^{\S \dagger}$ Minesh Patel $^{\S}$ A. Giray Yağlıkçı $^{\S}$ Hasan Hassan $^{\S}$ Roknoddin Azizi $^{\S}$ Lois Orosa $^{\S}$ Onur Mutlu $^{\S \dagger}$ $^{\S}$ ETH Zürich $^{\dagger}$ Carnegie Mellon University # RowHammer in 2020 (II) Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, "TRRespass: Exploiting the Many Sides of Target Row Refresh" Proceedings of the <u>41st IEEE Symposium on Security and</u> Privacy (S&P), San Francisco, CA, USA, May 2020. [Slides (pptx) (pdf)] [Talk Video (17 minutes)] Source Code [Web Article] Best paper award. # TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo\*† Emanuele Vannacci\*† Hasan Hassan§ Victor van der Veen¶ Onur Mutlu<sup>§</sup> Cristiano Giuffrida\* Herbert Bos\* Kaveh Razavi\* \*Vrije Universiteit Amsterdam §ETH Zürich ¶Qualcomm Technologies Inc. ## RowHammer in 2020 (III) Lucian Cojocar, Jeremie Kim, Minesh Patel, Lillian Tsai, Stefan Saroiu, Alec Wolman, and Onur Mutlu, "Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers" Proceedings of the <u>41st IEEE Symposium on Security and</u> <u>Privacy</u> (**S&P**), San Francisco, CA, USA, May 2020. [Slides (pptx) (pdf)] [Talk Video (17 minutes)] # Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers Lucian Cojocar, Jeremie Kim<sup>§†</sup>, Minesh Patel<sup>§</sup>, Lillian Tsai<sup>‡</sup>, Stefan Saroiu, Alec Wolman, and Onur Mutlu<sup>§†</sup> Microsoft Research, <sup>§</sup>ETH Zürich, <sup>†</sup>CMU, <sup>‡</sup>MIT 14 # TRRespass # RowHammer in 2020 (II) Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, "TRRespass: Exploiting the Many Sides of Target Row Refresh" Proceedings of the <u>41st IEEE Symposium on Security and</u> Privacy (S&P), San Francisco, CA, USA, May 2020. [Slides (pptx) (pdf)] [Talk Video (17 minutes)] Source Code [Web Article] Best paper award. # TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo\*† Emanuele Vannacci\*† Hasan Hassan§ Victor van der Veen¶ Onur Mutlu<sup>§</sup> Cristiano Giuffrida\* Herbert Bos\* Kaveh Razavi\* \*Vrije Universiteit Amsterdam §ETH Zürich ¶Qualcomm Technologies Inc. # TRRespass - First work that shows that TRR-protected DRAM chips are vulnerable to RowHammer in the field - Mitigations advertised as secure are not secure - Introduces the Many-sided RowHammer attack - Idea: Hammer many rows to bypass TRR mitigations (e.g., by overflowing proprietary TRR tables that detect aggressor rows) - (Partially) reverse-engineers the TRR and pTRR mitigation mechanisms implemented in DRAM chips and memory controllers - Provides an automatic tool that can effectively create manysided RowHammer attacks in DDR4 and LPDDR4(X) chips 17 # Target Row Refresh (TRR) - How does it work? - 1. Track activation count of each DRAM row - 2. Refresh neighbor rows if row activation count exceeds a threshold - Many possible implementations in practice - Security through obscurity - In-DRAM TRR - Embedded in the DRAM circuitry, i.e., not exposed to the memory controller ### Timeline of TRR Implementations #### **Our Goals** • Reverse engineer in-DRAM TRR to demystify how it works - Bypass TRR protection - A Novel hammering pattern: **The Many-sided RowHammer** - Hammering up to 20 aggressor rows allows bypassing TRR - Automatically test memory devices: **TRRespass** - Automate hammering pattern generation #### Infrastructures to Understand Such Issues ## SoftMC: Open Source DRAM Infrastructure Hasan Hassan et al., "SoftMC: A Flexible and Practical Open Source Infrastructure for Enabling Experimental DRAM Studies," HPCA 2017. - Flexible - Easy to Use (C++ API) - Open-source github.com/CMU-SAFARI/SoftMC #### SoftMC https://github.com/CMU-SAFARI/SoftMC # SoftMC: A Flexible and Practical Open-Source Infrastructure for Enabling Experimental DRAM Studies ``` Hasan Hassan Nandita Vijaykumar Samira Khan Saugata Ghose Kevin Chang Gennady Pekhimenko Donghyuk Lee Quz Ergin Onur Mutlu Onur Mutlu Nandita Vijaykumar Samira Khan Saugata Ghose Kevin Chang Gennady Pekhimenko Onur Mutlu Nandita Vijaykumar Samira Khan Saugata Ghose Nandita Vijaykumar Onur Mutlu Onur Mutlu Nandita Vijaykumar Nan ``` ``` <sup>1</sup>ETH Zürich <sup>2</sup>TOBB University of Economics & Technology <sup>3</sup>Carnegie Mellon University <sup>4</sup>University of Virginia <sup>5</sup>Microsoft Research <sup>6</sup>NVIDIA Research ``` # Components of In-DRAM TRR #### Sampler - Tracks aggressor rows activations - Design options: - Frequency based (record every N<sup>th</sup> row activation) - Time based (record first N row activations) - Random seed (record based on a coin flip) - Regardless, the sampler has a limited size #### Inhibitor - Prevents bit flips by refreshing victim rows - The latency of performing victim row refreshes is squeezed into slack time available in tRFC (i.e., the latency of regular Refresh command) #### How big is the sampler? - Pick N aggressor rows - Perform a series of hammers (i.e., activations of aggressors) - 8K activations - After each series of hammers, issue R refreshes - 10 Rounds 1. The TRR mitigation acts on a refresh command - 2. The mitigation can sample more than one aggressor per refresh interval - 3. The mitigation can refresh only a single victim within a refresh operation 4. Sweeping the number of refresh operations and aggressor rows while hammering reveals the sampler size # Many-Sided Hammering Fig. 9: Refreshes vs. Bit Flips. Module $C_{12}$ : Number of bit flips detected when sending r refresh commands to the module. We report this for different number of aggressor rows (n). For example, when hammering 5 rows, followed by sending 2 refreshes, we find 1,710 bit flips. This figure shows that the number of bit flips stabilizes for $r \geq 4$ , implying that the size of the sampler may be 4. #### Some Observations **Observation 1:** The TRR mitigation acts (i.e., carries out a targeted refresh) on **every** refresh command. **Observation 2:** The mitigation can sample more than one aggressor per refresh interval. **Observation 3:** The mitigation can refresh only a **single** victim within a refresh operation (i.e., time tRFC). **Observation 4:** Sweeping the number of refresh operations and aggressor rows while hammering reveals the sampler size. Fig. 12: Hammering patterns discovered by *TRRespass*. Aggressor rows are in red ( ) and victim rows are in blue ( ). #### Hammering using the default refresh rate # BitFlips vs. Number of Aggressor Rows Fig. 10: Bit flips vs. number of aggressor rows. Module $C_{12}$ : Number of bit flips in bank 0 as we vary the number of aggressor rows. Using SoftMC, we refresh DRAM with standard tREFI and run the tests until each aggressor rows is hammered 500K times. Fig. 11: Bit flips vs. number of aggressor rows. Module $\mathcal{A}_{15}$ : Number of bit flips in bank 0 as we vary the number of aggressor rows. Using SoftMC, we refresh DRAM with standard translational trun the tests until each aggressor rows is hammered 500K times. Fig. 13: Bit flips vs. number of aggressor rows. Module $\mathcal{A}_{10}$ : Number of bit flips triggered with *N-sided* RowHammer for varying number of N on Intel Core i7-7700K. Each aggressor row is one row away from the closest aggressor row (i.e., VAVAVA... configuration) and aggressor rows are hammered in a round-robin fashion. # TRRespass Key Results - 13 out of 42 tested DDR4 DRAM modules are vulnerable - From all 3 major manufacturers - □ 3-, 9-, 10-, 14-, 19-sided attacks needed - 5 out of 13 mobile phones tested vulnerable - From 4 major manufacturers - With LPDDR4(X) DRAM chips - These results are scratching the surface - TRRespass tool is not exhaustive - There is a lot of room for uncovering more vulnerable chips and phones # RowHammer is still an open problem Security by obscurity is likely not a good solution ## More on TRRespass Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, "TRRespass: Exploiting the Many Sides of Target Row Refresh" Proceedings of the <u>41st IEEE Symposium on Security and</u> Privacy (S&P), San Francisco, CA, USA, May 2020. [Slides (pptx) (pdf)] [Talk Video (17 minutes)] Source Code [Web Article] Best paper award. # TRRespass: Exploiting the Many Sides of Target Row Refresh Pietro Frigo\*† Emanuele Vannacci\*† Hasan Hassan§ Victor van der Veen¶ Onur Mutlu<sup>§</sup> Cristiano Giuffrida\* Herbert Bos\* Kaveh Razavi\* \*Vrije Universiteit Amsterdam §ETH Zürich ¶Qualcomm Technologies Inc. # Revisiting RowHammer # Computer Architecture Lecture 5a: RowHammer in 2020: TRRespass Prof. Onur Mutlu ETH Zürich Fall 2020 1 October 2020