Stories
Slash Boxes
Comments

SoylentNews is people

Introducing Half-Double: New Hammering Technique for DRAM Rowhammer Bug

posted by martyb on Wednesday May 26 2021, @05:42AM   Printer-friendly
from the if-i-had-a-(row)-hammer dept.

upstart writes in with an IRC submission for AzumaHazuki:

Introducing Half-Double: New hammering technique for DRAM Rowhammer bug:

Today, we are sharing details around our discovery of Half-Double, a new Rowhammer technique that capitalizes on the worsening physics of some of the newer DRAM chips to alter the contents of memory.

[...] As DDR4 became widely adopted, it appeared as though Rowhammer had faded away thanks in part to these built-in defense mechanisms. However, in 2020, the TRRespass paper showed how to reverse-engineer and neutralize the defense by distributing accesses, demonstrating that Rowhammer techniques are still viable. Earlier this year, the SMASH research went one step further and demonstrated exploitation from JavaScript, without invoking cache-management primitives or system calls.

Traditionally, Rowhammer was understood to operate at a distance of one row: when a DRAM row is accessed repeatedly (the "aggressor"), bit flips were found only in the two adjacent rows (the "victims"). However, with Half-Double, we have observed Rowhammer effects propagating to rows beyond adjacent neighbors, albeit at a reduced strength. Given three consecutive rows A, B, and C, we were able to attack C by directing a very large number of accesses to A, along with just a handful (~dozens) to B. Based on our experiments, accesses to B have a non-linear gating effect, in which they appear to "transport" the Rowhammer effect of A onto C. Unlike TRRespass, which exploits the blind spots of manufacturer-dependent defenses, Half-Double is an intrinsic property of the underlying silicon substrate. This is likely an indication that the electrical coupling responsible for Rowhammer is a property of distance, effectively becoming stronger and longer-ranged as cell geometries shrink down. Distances greater than two are conceivable.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Introducing Half-Double: New Hammering Technique for DRAM Rowhammer Bug | Log In/Create an Account | Top | 14 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Informative) by Anonymous Coward on Wednesday May 26 2021, @08:22AM (1 child)

    by Anonymous Coward on Wednesday May 26 2021, @08:22AM (#1138869)

    ECC memory is a better solution. It both detects the attack in a way you could act on and corrects them (ex: your OS could notice that you have high ram error rates and take action before you get uncorrected errors, possibly including throttling the process causing the issue and/or reporting the attempted attack to the user)

    You can blame Intel's market segmentation efforts for causing ECC to basically not exist in the consumer space.

    Memory encryption would could help as well (and there is tech to do that in some modern CPUs)

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Total Score:   1  

  • (Score: 0) by Anonymous Coward on Wednesday May 26 2021, @10:33AM

    by Anonymous Coward on Wednesday May 26 2021, @10:33AM (#1138880)

    If you look at the papers, ECC is not foolproof either. There are mitigation that do work for rowhammer type attacks that do work and some are even in later versions of the JEDEC specs. The problem, as Trespass showed, is that manufacturers would rather not follow them to maintain their speed advantage, however slight it is on synthetic benchmarks.