Memory Systems and Memory-Centric Computing Systems

The memory system is a fundamental performance and energy bottleneck in almost all computing systems. Recent system design, application, and technology trends that require more capacity, bandwidth, efficiency, and predictability out of the memory system make it an even more important system bottleneck. At the same time, DRAM and flash technologies are experiencing difficult technology scaling challenges that make the maintenance and enhancement of their capacity, energy efficiency, performance, and reliability significantly more costly with conventional techniques. In fact, recent reliability issues with DRAM, such as the RowHammer problem, are already threatening system security and predictability. We are at the challenging intersection where issues in memory reliability and performance are tightly coupled with not only system cost and energy efficiency but also system security. In this course, we first discuss major challenges facing modern memory systems (and the computing platforms we currently design around the memory system) in the presence of greatly increasing demand for data and its fast analysis. We then examine some promising research and design directions to overcome these challenges. We discuss at least three key topics in detail, focusing on both open problems and potential solution directions: 1) fundamental issues in memory reliability and security and how to enable fundamentally secure, reliable, safe architectures; 2) enabling data-centric and hence fundamentally energy-efficient architectures that are capable of performing computation near data; 3) reducing both latency and energy consumption by tackling the fixed-latency/energy mindset. If time permits, we will also discuss research challenges and opportunities in enabling emerging NVM (non-volatile memory) technologies and scaling NAND flash memory and SSDs (solid state drives) into the future.

https://people.inf.ethz.ch/omutlu/acaces2018.html

 

Code available for new rowhammer research

More on this recent research:
https://firmwaresecurity.com/2016/01/09/skylake-and-rowhammer/

https://github.com/IAIK/rowhammerjs/tree/master/native

The source is a single C++ file (not Javascript, like the Github project name hints at), built targets for Sandy/Ivy/Haswell/Skylake, works on 64-bit Linux. Usage:

# ./rowhammer[-architecture] [-t nsecs] [-p percent] [-c cores] [-d dimms] [-r row] [-f first_offset] [-s second_offset]
    ”-c” the number of cores (only important with ”#define EVICTION_BASED”)
    ”-p” percent of memory to use
    ”-d” number of dimms (very important)
    ”-r” loop only over the specified row
    ”-f” only test addresses with the specified first aggressor offset
    ”-s” only test addresses with the specified second aggressor offset

 

 

Skylake and Rowhammer

 

Reverse Engineering Intel DRAM Addressing and Exploitation
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard

In this paper, we present a method to reverse engineer DRAM addressing functions based on a physical bus probing. Second, we present an automatic and generic method to reverse engineer DRAM addressing functions merely from performing a timing attack. This timing attack can be performed on any system without privileges and even in virtual machines to derive information about the mapping to physical DRAM channels, ranks and banks. We reversed the complex adressing functions on a diverse set of Intel processors and DRAM configurations. Our work enables side-channel attacks and covert channels based on inner-bank row conflicts and overlaps. Thus, our attack does not exploit the CPU as a shared resource, but only the DRAM that might even be shared across multiple CPUs. We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384.

http://arxiv.org/abs/1511.08756

Exploiting Intel DRAM

Reverse Engineering Intel DRAM Addressing and Exploitation
Peter Pessl, Daniel Gruss, Clémentine Maurice, Stefan Mangard

In this paper, we present a method to reverse engineer DRAM addressing functions based on a physical bus probing. Second, we present an automatic and generic method to reverse engineer DRAM addressing functions merely from performing a timing attack. This timing attack can be performed on any system without privileges and even in virtual machines to derive information about the mapping to physical DRAM channels, ranks and banks. We reversed the complex adressing functions on a diverse set of Intel processors and DRAM configurations. Our work enables side-channel attacks and covert channels based on inner-bank row conflicts and overlaps. Thus, our attack does not exploit the CPU as a shared resource, but only the DRAM that might even be shared across multiple CPUs. We demonstrate the power of such attacks by implementing a high speed covert channel that achieves transmission rates of up to 1.5Mb/s, which is three orders of magnitude faster than current covert channels on main memory. Finally, we show how our results can be used to increase the efficiency of the Rowhammer attack significantly by reducing the search space by a factor of up to 16384.

http://arxiv.org/abs/1511.08756