Panopticon: Complete In-DRAM Rowhammer Mitigation

Slide Note
Embed
Share

Despite extensive research, DRAM remains vulnerable to Rowhammer attacks. The Panopticon project proposes a novel in-DRAM mitigation technique using counter mats within DRAM devices. This approach does not require costly changes at multiple layers and leverages existing DRAM logic for efficient mitigation. The paper also highlights various prior Rowhammer mitigation approaches and the continued challenges in securing DRAM against such attacks.

monta
monta Follow

Uploaded on Sep 16, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Panopticon: A Complete In-DRAM Rowhammer (RH) Mitigation https://github.com/microsoft/Panopticon Tanj Bennett*, Stefan Saroiu, Alec Wolman, and Lucian Cojocar Microsoft, *Avant-Gray LLC DRAMSec 2021 June 17th, 2021 For in-depth background on DRAM and RowHammer see https://youtu.be/duNJzNkVKbQ

  2. Why is Rowhammer Still with Us? Nearly a decade after Rowhammer first emerged, DRAM remains as vulnerable as ever It affects all types of DRAM: DDR/LPDDR/GDDR Newer DRAM is more vulnerable to RowHammer than older DRAM Despite much research, complete mitigations are not yet deployed State-of-the-art schemes still too expensive in practice (require too much CAM/SRAM) Most mitigations require costly changes at multiple hardware/software layers

  3. Panopticon: Complete, In-DRAM Mitigation Main idea: implement simple counter mats inside DRAM device Each row in a DRAM device has a corresponding counter When counter reaches Rowhammer threshold, perform mitigation Mechanism: open-space, staggered counter mat designs Benefits: Unlike most previous schemes, no need for large fast memories, such as CAM/SRAM Counter lookup is essentially free; use DRAM s existing row decode logic Other than to DRAM, no other changes needed for DDR4 Should work with commodity DDR4 memory controllers

  4. Outline Introduction and motivation Prior work and its shortcomings Panopticon: high-level overview Panopticon: DRAM architecture Security analysis Conclusions

  5. 4 Prior RH Mitigation Approaches Tracking Rowhammer events, such as DRAM row activate or cache miss (BlockHammer [HPCA 21], Graphene [MICRO 20], TWiCe [ISCA 19], any many others ) Mitigation is performed whenever tracking detects an ongoing attack Sampling Rowhammer events at a fixed rate (PARA [ISCA 14], PRA [CAL 14]) Mitigation is performed proactively on each sample Partitioning memory into isolation perimeters to confine attacks (ZebRAM [OSDI 18], GuardION [DIMVA 18], Hammer Time [HotOS 21]) Clean-slate approaches: inter-cell energy barriers, deep trench isolation (Doping Profile [IEEE T-DMR 16], Physics of Insecurity [IEEE T-ED 21])

  6. 1. Tracking has Significant Cost Overhead State-of-the-art tracking aims to use fewest counters to track all rows All require costly CAM/SRAM to implement counter lookup or hashing tables For example, Graphene requires an astonishingly small state Only 2,511 bits can track entire DDR4 bank -- O(100K rows)! But this quickly adds up 1 DDR4 channel has up to 128 banks, 1 CPU up to 4 channels Per-Bank (bits) Per-Channel (KB) Per-CPU (KB) Graphene 2,511 39.23 156.9 BlockHammer 13,312 208 832 TWiCe 22,200 346.88 1,387.5

  7. 2. Tracking Require Changes at Many Layers Most prior works implementations are outside the DRAM device Either in memory controller or in RCD Performing mitigation requires DRAM device s cooperation Counters track aggressor rows, but mitigations must be done to victim rows Only DRAM device knows victim rows identity Prior works propose new DDR command: Nearby Row Refresh Memory controller reports aggressor rows to DRAM DRAM s responsibility to identify and refresh all victims

  8. Outline Introduction and motivation Prior work and its shortcomings Panopticon: high-level overview Panopticon: DRAM architecture Security analysis Conclusions

  9. Tracking b10 toggles from 0 to 1 b10 toggles from 1 to 0 threshold bit b10 Row # 16-bit CNT Row # 16-bit CNT Row # 16-bit CNT 0x0 0x87FF 0x0 0x87FF 0x0 0x8800 ACT 0x2 ACT 0x0 0x1 0xE806 0x1 0xE806 0x1 0xE806 0x0 0x2 0x13FF 0x2 0x1400 0x2 0x1400 0x2 0x2 0x3 Counter Table 0x82EE 0x3 Counter Table 0x82EE 0x3 Counter Table 0x82EE Service Q. Service Q. Service Q. Performing Mitigation Row # 16-bit CNT Row # 16-bit CNT Service row 0x2 0x0 0x8800 0x0 0x8800 0x1 0xE806 0x1 0xE806 Refresh row 0x0 Refresh row 0x1 Refresh row 0x3 Refresh row 0x4 0x0 0x2 0x1400 0x2 0x1400 0x2 0x0 0x3 Counter Table 0x82EE 0x3 Counter Table 0x82EE Service Q. Service Q.

  10. Challenge 1: When to Service Queue? Two possibilities: Upon receiving REF, DRAM re-purposes some of its time for servicing queue DRAM asks memory controller for additional time (pause) Unfortunately, no DRAM protocol lets DRAM ask for time (hint to JEDEC!) But, DDR4 has ALERTnsignal for DRAM to signal errors Upon receiving ALERTn, memory controller must re-issue failed command Idea: To ask for time, DRAM asserts ALERTnand ignores dup. commands

  11. Challenge #2: Where to Implement Queue? Queue s implementation must use SRAM DRAM vendors can size their queues as small as needed, even 1 entry When queue is full, DRAM asks for time! Provides way for DRAM vendors to differentiate themselves Larger the queue, less need to ask for time (aka better perf.) But small queue is still safe

  12. Outline Introduction and motivation Prior work and its shortcomings Panopticon: high-level overview Panopticon: DRAM architecture Security analysis Conclusions

  13. Cell Mats Storing Data

  14. Cell Mats Storing Counters

  15. DRAM View of Panopticon

  16. Security Analysis: Is It Difficult to Create Undesirable Scenarios? Scenario #1: Place rows in service queue in back-to-back refresh intervals Scenario #2: Fill up the service queue Are these undesirable scenarios difficult? Answer: NO! But DRAM remains safe (when scenario occurs, Panopticon triggers ALERTn)

  17. Conclusions Complete in-DRAM RH mitigation No changes to other hardware components Leverage ALERTnto ask for time https://github.com/microsoft/Panopticon Plan of Jeremy Bentham's panopticon prison, drawn by Willey Reveley in 1791

Related


Mitigation of DMA-based Rowhammer Attacks on ARM

Mitigation of DMA-based Rowhammer Attacks on ARM

baylee
Computer Architecture: Understanding SRAM and DRAM Memory Technologies

Computer Architecture: Understanding SRAM and DRAM Memory Technologies

klay
Insights into DRAM Power Consumption and Design Concerns

Insights into DRAM Power Consumption and Design Concerns

emberly
Understanding RowPress: A New Read Disturbance Phenomenon in Modern DRAM Chips

Understanding RowPress: A New Read Disturbance Phenomenon in Modern DRAM Chips

ami_dom
Understanding the Organization of DRAM Subsystem Components

Understanding the Organization of DRAM Subsystem Components

mallory
SIMDRAM: An End-to-End Framework for Bit-Serial SIMD Processing Using DRAM

SIMDRAM: An End-to-End Framework for Bit-Serial SIMD Processing Using DRAM

khadija
Enhancing Memory Cache Efficiency with DRAM Compression Techniques

Enhancing Memory Cache Efficiency with DRAM Compression Techniques

trav_45
Architecting DRAM Caches for Low Latency and High Bandwidth

Architecting DRAM Caches for Low Latency and High Bandwidth

fpiro
High-Throughput True Random Number Generation Using QUAC-TRNG

High-Throughput True Random Number Generation Using QUAC-TRNG

vishnu
Virginia Commonwealth University Hazard Mitigation Plan Update

Virginia Commonwealth University Hazard Mitigation Plan Update

aryan
Comprehensive Risk Assessment and Hazard Mitigation Planning

Comprehensive Risk Assessment and Hazard Mitigation Planning

owais
Mitigation and Conservation Banks: A Comprehensive Overview

Mitigation and Conservation Banks: A Comprehensive Overview

corkill_m
Dram Shop Act and Premises Liability for Bar and Tavern Owners

Dram Shop Act and Premises Liability for Bar and Tavern Owners

juna
Improving GPGPU Performance with Cooperative Thread Array Scheduling Techniques

Improving GPGPU Performance with Cooperative Thread Array Scheduling Techniques

marmaduke
Enhancing Multi-Node Systems with Coherent DRAM Caches

Enhancing Multi-Node Systems with Coherent DRAM Caches

weld_les
Managing DRAM Latency Divergence in Irregular GPGPU Applications

Managing DRAM Latency Divergence in Irregular GPGPU Applications

mayt_93
Jeremy Bentham and Utilitarianism: A Vision for Social Reform

Jeremy Bentham and Utilitarianism: A Vision for Social Reform

beatrix
Workshop on Tracking Progress of the Mitigation Commitments of Nationally Determined Contributions

Workshop on Tracking Progress of the Mitigation Commitments of Nationally Determined Contributions

dimitri
Understanding Wildfire Risk Mitigation Among Private Landowners

Understanding Wildfire Risk Mitigation Among Private Landowners

benicio
Importance of Hazard Mitigation Plans for Scott County

Importance of Hazard Mitigation Plans for Scott County

ellena
Lake Brenton Disaster Mitigation Plan Overview

Lake Brenton Disaster Mitigation Plan Overview

sigrid
National Cyclone Risk Mitigation Project Phase I Summary

National Cyclone Risk Mitigation Project Phase I Summary

trystan
National Cyclone Risk Mitigation Project Update

National Cyclone Risk Mitigation Project Update

mariam
Feasibility of Alternate Wetting and Drying as a GHG Mitigation Option in Rice Fields

Feasibility of Alternate Wetting and Drying as a GHG Mitigation Option in Rice Fields

phineas

More Related Content

Conceptual Design and Risk Assessment of Forced Safety Injection for Station Blackout Accident Mitigation
Conceptual Design and Risk Assessment of Forced Safety Injection for Station Blackout Accident Mitigation
Disaster Recovery & Mitigation Funding for Hurricane Sally
Disaster Recovery & Mitigation Funding for Hurricane Sally
Understanding Disaster Management Cycle and Phases
Understanding Disaster Management Cycle and Phases
Understanding Child Safeguarding Risks and Mitigation Strategies
Understanding Child Safeguarding Risks and Mitigation Strategies
Tracking Progress of Mitigation Commitments and Greenhouse Gas Emissions Projections
Tracking Progress of Mitigation Commitments and Greenhouse Gas Emissions Projections
Understanding Impact Prediction, Evaluation, and Mitigation
Understanding Impact Prediction, Evaluation, and Mitigation
Understanding Risk Mitigation Functions in Vehicle Control Systems
Understanding Risk Mitigation Functions in Vehicle Control Systems
Workplace Skills: Leadership Conflict Mitigation Strategies
Workplace Skills: Leadership Conflict Mitigation Strategies
Hazard Mitigation Assistance (HMA) Funding Eligibility and Priority
Hazard Mitigation Assistance (HMA) Funding Eligibility and Priority
Understanding CDBG-MIT Action Plan Development
Understanding CDBG-MIT Action Plan Development
Follow-up on UWB Channel Usage Coordination for Improved Coexistence
Follow-up on UWB Channel Usage Coordination for Improved Coexistence
Updates on MTA Bridges and Tunnels Programs 2010-2019
Updates on MTA Bridges and Tunnels Programs 2010-2019
Understanding Tort Remedies: Types, Damages, and Mitigation Explained
Understanding Tort Remedies: Types, Damages, and Mitigation Explained
Risk Mitigation Strategies for Church Choirs
Risk Mitigation Strategies for Church Choirs
The Mitigation Hierarchy in the World Bank Environmental & Social Framework Overview
The Mitigation Hierarchy in the World Bank Environmental & Social Framework Overview
Veeam Software: Risk Mitigation and Protection Overview
Veeam Software: Risk Mitigation and Protection Overview
Integrating Distributed Renewable Energy Generation in Indonesia
Integrating Distributed Renewable Energy Generation in Indonesia
Understanding Co-Effects of Climate Change and GHG Mitigation Policies
Understanding Co-Effects of Climate Change and GHG Mitigation Policies
Indiana Volkswagen Environmental Mitigation Trust Program Updates August 2020
Indiana Volkswagen Environmental Mitigation Trust Program Updates August 2020
Legal Case Study: Compensation for Breach of Promise
Legal Case Study: Compensation for Breach of Promise
ET Sustainable Development Strategy: Minimizing Global Carbon Footprint
ET Sustainable Development Strategy: Minimizing Global Carbon Footprint
Illinois Volkswagen Settlement Beneficiary Mitigation Plan Overview
Illinois Volkswagen Settlement Beneficiary Mitigation Plan Overview
Kentucky Volkswagen Settlement Funding Update Presentation
Kentucky Volkswagen Settlement Funding Update Presentation
Strengthening and Modernizing Public Transport for Sustainable Development
Strengthening and Modernizing Public Transport for Sustainable Development