Understanding the Security Benefits and Overheads of Emerging Industry Solutions to DRAM Read Disturbance
Authors:
Oğuzhan Canpolat,
A. Giray Yağlıkçı,
Geraldo F. Oliveira,
Ataberk Olgun,
Oğuz Ergin,
Onur Mutlu
Abstract:
We present the first rigorous security, performance, energy, and cost analyses of the state-of-the-art on-DRAM-die read disturbance mitigation method, Per Row Activation Counting (PRAC), described in JEDEC DDR5 specification's April 2024 update. Unlike prior state-of-the-art that advises the memory controller to periodically issue refresh management (RFM) commands, which provides the DRAM chip wit…
▽ More
We present the first rigorous security, performance, energy, and cost analyses of the state-of-the-art on-DRAM-die read disturbance mitigation method, Per Row Activation Counting (PRAC), described in JEDEC DDR5 specification's April 2024 update. Unlike prior state-of-the-art that advises the memory controller to periodically issue refresh management (RFM) commands, which provides the DRAM chip with time to perform refreshes, PRAC introduces a new back-off signal. PRAC's back-off signal propagates from the DRAM chip to the memory controller and forces the memory controller to 1) stop serving requests and 2) issue RFM commands. As a result, RFM commands are issued when needed as opposed to periodically, reducing RFM's overheads. We analyze PRAC in four steps. First, we define an adversarial access pattern that represents the worst-case for PRAC's security. Second, we investigate PRAC's configurations and security implications. Our analyses show that PRAC can be configured for secure operation as long as no bitflip occurs before accessing a memory location 10 times. Third, we evaluate the performance impact of PRAC and compare it against prior works using Ramulator 2.0. Our analysis shows that while PRAC incurs less than 13.4% performance overhead for today's DRAM chips, its performance overheads can reach up to 63.2% for future DRAM chips that are more vulnerable to read disturbance bitflips. Fourth, we define an availability adversarial access pattern that exacerbates PRAC's performance overhead to perform a memory performance attack, demonstrating that such an adversarial pattern can hog up to 79% of DRAM throughput and degrade system throughput by up to 65%. We discuss PRAC's implications on future systems and foreshadow future research directions. To aid future research, we open-source our implementations and scripts at https://github.com/CMU-SAFARI/ramulator2.
△ Less
Submitted 27 June, 2024;
originally announced June 2024.
Leveraging Adversarial Detection to Enable Scalable and Low Overhead RowHammer Mitigations
Authors:
Oğuzhan Canpolat,
A. Giray Yağlıkçı,
Ataberk Olgun,
İsmail Emir Yüksel,
Yahya Can Tuğrul,
Konstantinos Kanellopoulos,
Oğuz Ergin,
Onur Mutlu
Abstract:
RowHammer is a prime example of read disturbance in DRAM where repeatedly accessing (hammering) a row of DRAM cells (DRAM row) induces bitflips in other physically nearby DRAM rows. RowHammer solutions perform preventive actions (e.g., refresh neighbor rows of the hammered row) that mitigate such bitflips to preserve memory isolation, a fundamental building block of security and privacy in modern…
▽ More
RowHammer is a prime example of read disturbance in DRAM where repeatedly accessing (hammering) a row of DRAM cells (DRAM row) induces bitflips in other physically nearby DRAM rows. RowHammer solutions perform preventive actions (e.g., refresh neighbor rows of the hammered row) that mitigate such bitflips to preserve memory isolation, a fundamental building block of security and privacy in modern computing systems. However, preventive actions induce non-negligible memory request latency and system performance overheads as they interfere with memory requests in the memory controller. As shrinking technology node size over DRAM chip generations exacerbates RowHammer, the overheads of RowHammer solutions become prohibitively large. As a result, a malicious program can effectively hog the memory system and deny service to benign applications by causing many RowHammer preventive actions. In this work, we tackle the performance overheads of RowHammer solutions by tracking the generators of memory accesses that trigger RowHammer solutions. To this end, we propose BreakHammer. BreakHammer cooperates with existing RowHammer solutions to identify hardware threads that trigger preventive actions. To do so, BreakHammer estimates the RowHammer likelihood of a thread, based on how frequently it triggers RowHammer preventive actions. BreakHammer limits the number of on-the-fly requests a thread can inject into the memory system based on the thread's RowHammer likelihood. By doing so, BreakHammer significantly reduces the number of performed counter-measures, improves the system performance by an average (maximum) of 48.7% (105.5%), and reduces the maximum slowdown induced on a benign application by 14.6% with near-zero area overhead (e.g., 0.0002% of a highend processor's chip area).
△ Less
Submitted 20 April, 2024;
originally announced April 2024.