US20180307434A1 - Bitflip Security Attack Protection - Google Patents
Bitflip Security Attack Protection Download PDFInfo
- Publication number
- US20180307434A1 US20180307434A1 US15/496,248 US201715496248A US2018307434A1 US 20180307434 A1 US20180307434 A1 US 20180307434A1 US 201715496248 A US201715496248 A US 201715496248A US 2018307434 A1 US2018307434 A1 US 2018307434A1
- Authority
- US
- United States
- Prior art keywords
- row
- sacrificial
- memory cells
- memory
- rows
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/408—Address circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/145—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0623—Securing storage systems in relation to content
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/4078—Safety or protection circuits, e.g. for preventing inadvertent or unauthorised reading or writing; Status cells; Test cells
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/408—Address circuits
- G11C11/4087—Address decoders, e.g. bit - or word line decoders; Multiple line decoders
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/409—Read-write [R-W] circuits
- G11C11/4093—Input/output [I/O] data interface arrangements, e.g. data buffers
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/409—Read-write [R-W] circuits
- G11C11/4096—Input/output [I/O] data management or control circuits, e.g. reading or writing circuits, I/O drivers or bit-line switches
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/406—Management or control of the refreshing or charge-regeneration cycles
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C11/00—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
- G11C11/21—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
- G11C11/34—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
- G11C11/40—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
- G11C11/401—Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
- G11C11/4063—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
- G11C11/407—Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
- G11C11/409—Read-write [R-W] circuits
- G11C11/4097—Bit-line organisation, e.g. bit-line layout, folded bit lines
Definitions
- DRAM Dynamic Random Access Memory
- each bit of stored data occupies a separate memory cell that is typically implemented with one capacitor and one transistor.
- the charge state of a capacitor is what determines whether a DRAM cell stores “1” or “0” as a binary value.
- Large numbers of DRAM memory cells are packed into integrated circuits, together with some additional logic that organizes the cells for the purposes of reading, writing and refreshing the data.
- memory cells 101 are further organized into matrices and addressed through rows and columns.
- a memory address 102 applied to a matrix is broken into the row address 103 and column address 104 , which are processed by respective row and column address decoders 105 and 106 .
- After a row address selects the row for a read operation (the selection is also known as row activation), bits from all cells in the row are transferred into the sense amplifiers 107 that form the row buffer, from which the exact bit is selected using the column address 104 .
- Read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read.
- Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.
- DRAM memory cells lose their state over time and require periodic rewriting of all memory cells, which is a process known as refreshing.
- DRAM memory is susceptible to random changes in stored data, which are known as soft memory errors and attributed to a variety of causes.
- DRAM integrated circuits have led to physically smaller memory cells capable of storing smaller charges, resulting in lower operational noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss.
- disturbance errors have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells.
- the awareness of disturbance errors dates back to the early 1970s and the Intel 1103 as the first commercially available DRAM IC; since then, DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing.
- DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing.
- it has been proven that commercially available high density DRAM chips are susceptible to disturbance errors, caused by repeated accesses to neighboring memory cells.
- the term rowhammer is used to name the associated side effect that led to observed bit flips.
- a variant called double-sided hammering shown in FIG. 3 involves targeted activations of two DRAM rows 301 and 302 surrounding the victim row 303 . Tests show that this approach may result in a significantly higher rate of disturbance errors, compared to the variant that activates only one of the victim row's neighboring DRAM rows.
- Rowhammer is a method to illegally modify victim memory bit's by using repeated memory access to an adjacent row. This becomes a serious security concern if the victim bit is in a secure/protected memory zone. This method relies on the physical row structure of the memory and is difficult to detect.
- a published exploit exists for DRAM that is increasingly easier to implement with newer technologies where bits are packed closer and closer together.
- a method is shown to protect privileged memories against rowhammer attacks, and to detect any rowhammer attack attempts.
- FIG. 1 shows a typical DRAM memory architecture
- FIG. 2 shows a rowhammer implementation
- FIG. 3 shows a double row rowhammer method
- FIG. 4 shows top and bottom sacrificial rows to protect against rowhammer attacks.
- Tests show that simple error correction solutions, providing single-error correction and double-error detection (SECDED) capabilities are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word.
- SECDED single-error correction and double-error detection
- a less effective solution is to introduce more frequent memory refreshing, with the refresh intervals shorter than the usual 64 ms, but this technique results in higher power consumption and increased processing overhead.
- One of the more complex prevention measures performs counter-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency.
- Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant dual in-line memory modules (DIMMs) to mitigate the rowhammer effect by automatically refreshing possible victim rows.
- pTRR pseudo target row refresh
- DIMMs dual in-line memory modules
- these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in a higher memory access latency and may reduce the memory bandwidth.
- TRR target row refresh
- MAC chip-specific maximum activate count
- t MAW maximum activate window
- the MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the t MAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the t MAW time window.
- rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.
- Memory protection as a way of preventing processes from accessing memory that has not been assigned to them is one of the concepts behind most modern operating systems.
- memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, where programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task.
- Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.
- Disturbance errors effectively defeat various layers of memory protection by bypassing them at a very low hardware level, practically creating a unique attack vector type that allows processes to alter the contents of arbitrary parts of the main memory by directly manipulating the underlying memory hardware.
- “conventional” attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.
- the invention described here implements a method of protection against rowhammer attacks in general, and it specifically prevents a rowhammer attack from gaining access to protected memory.
- extra sacrificial rows 402 and 403 are added to the top and bottom of the memory segment 401 that is to be protected, effectively forming a protective buffer between public and protected memory.
- These sacrificial rows may also be preprogrammed with a known bit pattern, and may be periodically monitored to detect a possible rowhammer attack.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Dram (AREA)
- Storage Device Security (AREA)
Abstract
A memory area is protected from rowhammer attacks by placing an extra sacrificial row at the top and the bottom of the memory addresses defining the area to be protected. The sacrificial rows of memory are written with a known bit pattern that may be read periodically to detect any rowhammer attacks that may be in progress.
Description
- In Dynamic Random Access Memory (DRAM), each bit of stored data occupies a separate memory cell that is typically implemented with one capacitor and one transistor. The charge state of a capacitor (charged or discharged) is what determines whether a DRAM cell stores “1” or “0” as a binary value. Large numbers of DRAM memory cells are packed into integrated circuits, together with some additional logic that organizes the cells for the purposes of reading, writing and refreshing the data.
- As shown in
FIG. 1 ,memory cells 101 are further organized into matrices and addressed through rows and columns. Amemory address 102 applied to a matrix is broken into therow address 103 andcolumn address 104, which are processed by respective row andcolumn address decoders sense amplifiers 107 that form the row buffer, from which the exact bit is selected using thecolumn address 104. Read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read. Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed. - As a result of storing data bits using capacitors that have a natural discharge rate, DRAM memory cells lose their state over time and require periodic rewriting of all memory cells, which is a process known as refreshing. As another result of the design, DRAM memory is susceptible to random changes in stored data, which are known as soft memory errors and attributed to a variety of causes.
- Increased densities of DRAM integrated circuits (ICs) have led to physically smaller memory cells capable of storing smaller charges, resulting in lower operational noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss. As a result, disturbance errors have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells. The awareness of disturbance errors dates back to the early 1970s and the Intel 1103 as the first commercially available DRAM IC; since then, DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing. However, it has been proven that commercially available high density DRAM chips are susceptible to disturbance errors, caused by repeated accesses to neighboring memory cells. The term rowhammer is used to name the associated side effect that led to observed bit flips.
- The opportunity for the rowhammer effect to occur in DRAM memories is primarily attributed to the large capacity DRAM's high density of memory cells and the results of associated interactions between the cells, while rapid DRAM row activations have been determined as the primary cause. Frequent row activations cause voltage fluctuations on the associated row selection lines, which have been observed to induce higher-than-natural discharge rates in capacitors belonging to nearby (adjacent, in most cases) memory rows, which are called victim rows; if the affected memory cells are not refreshed before they lose too much charge, disturbance errors occur. This is shown in
FIG. 2 , where frequent accesses torow 201 may induce unintended changes invictim row 202. Tests have also shown that the rate of disturbance errors is not substantially affected by increased environment temperature, but it depends on the actual contents of DRAM because certain bit patterns result in significantly higher disturbance error rates. - A variant called double-sided hammering shown in
FIG. 3 involves targeted activations of twoDRAM rows - Rowhammer is a method to illegally modify victim memory bit's by using repeated memory access to an adjacent row. This becomes a serious security concern if the victim bit is in a secure/protected memory zone. This method relies on the physical row structure of the memory and is difficult to detect. A published exploit exists for DRAM that is increasingly easier to implement with newer technologies where bits are packed closer and closer together. A method is shown to protect privileged memories against rowhammer attacks, and to detect any rowhammer attack attempts.
- These and other aspects of this invention are illustrated in the drawings, in which:
-
FIG. 1 shows a typical DRAM memory architecture; -
FIG. 2 shows a rowhammer implementation; -
FIG. 3 shows a double row rowhammer method, and -
FIG. 4 shows top and bottom sacrificial rows to protect against rowhammer attacks. - Different methods exist in the prior art for more or less successful detection, prevention, correction or mitigation of the rowhammer effect. Tests show that simple error correction solutions, providing single-error correction and double-error detection (SECDED) capabilities are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word. A less effective solution is to introduce more frequent memory refreshing, with the refresh intervals shorter than the usual 64 ms, but this technique results in higher power consumption and increased processing overhead. One of the more complex prevention measures performs counter-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency.
- Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant dual in-line memory modules (DIMMs) to mitigate the rowhammer effect by automatically refreshing possible victim rows. When used with DIMMs that are not pTRR-compliant, these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in a higher memory access latency and may reduce the memory bandwidth.
- Some memories employ hardware support for the target row refresh (TRR) method that prevents the rowhammer effect without negatively impacting performance or power consumption. Internally, TRR identifies possible victim rows, by counting the number of row activations and comparing it against predefined chip-specific maximum activate count (MAC) and maximum activate window (tMAW) values, and refreshes these rows to prevent bit flips. The MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the tMAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the tMAW time window.
- Due to the necessity of large numbers of rapidly performed DRAM row activations, rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.
- Memory protection, as a way of preventing processes from accessing memory that has not been assigned to them is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, where programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.
- Disturbance errors effectively defeat various layers of memory protection by bypassing them at a very low hardware level, practically creating a unique attack vector type that allows processes to alter the contents of arbitrary parts of the main memory by directly manipulating the underlying memory hardware. In comparison, “conventional” attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.
- The invention described here implements a method of protection against rowhammer attacks in general, and it specifically prevents a rowhammer attack from gaining access to protected memory.
- As shown in
FIG. 4 , extrasacrificial rows memory segment 401 that is to be protected, effectively forming a protective buffer between public and protected memory. These sacrificial rows may also be preprogrammed with a known bit pattern, and may be periodically monitored to detect a possible rowhammer attack. - While the above discussion relates to DRAM's, it is to be understood that the same method is also applicable to other memory types.
Claims (20)
1.-7. (canceled)
8. A memory device comprising:
an array of memory cells arranged in rows and columns;
a plurality of word lines each coupled to memory cells of a respective one of the rows;
a plurality of bit lines each coupled to memory cells of a respective one of the columns;
wherein the array includes:
a contiguous segment of protected memory cells, the contiguous segment of protected memory cells including a plurality of the rows;
a first sacrificial row outside of the contiguous segment and immediately adjacent to a first row of the contiguous segment; and
a second sacrificial row outside of the contiguous segment and immediately adjacent to a second row of the contiguous segment that is different from the first row.
9. The memory device of claim 8 , comprising a memory controller to generate a memory address in response to received requests to access the memory cells of the array.
10. The memory device of claim 9 , comprising a row address decoder to select one or more word lines of the array in response to the generated memory address.
11. The memory device of claim 9 , comprising a column address decoder to select one or more bit lines of the array in response to the generated memory address.
12. The memory device of claim 9 , wherein the first and second sacrificial rows are operable to store a predetermined known bit pattern.
13. The memory device of claim 12 , wherein the memory controller is operable to periodically read the contents of the first and second sacrificial rows to determine whether the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
14. The memory device of claim 13 , wherein the memory controller is operable to indicate the presence of a rowhammer attack upon determining that the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
15. The memory device of claim 8 , wherein:
the first sacrificial row has an address that is contiguous with an address of the first row of the contiguous segment of protected memory cells; and
the second sacrificial row has an address that is contiguous with an address of the second row of the contiguous segment of protected memory cells.
16. The memory device of claim 15 , wherein the contiguous segment of protected memory cells, the first sacrificial row, and the second sacrificial row constitute the entirety of the array.
17. The memory device of claim 15 , wherein:
the array includes unprotected memory cells outside of the contiguous segment of protected memory cells; and
at least one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
18. The memory device of claim 17 , wherein only one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
19. An electronic system comprising a processor;
a memory storing instructions for execution by the processor, wherein the memory includes:
an array of memory cells arranged in rows and columns;
a plurality of word lines each coupled to memory cells of a respective one of the rows;
a plurality of bit lines each coupled to memory cells of a respective one of the columns;
a memory controller to generate a memory address in response the processor issuing an access request to an access request to access the memory cells of the array, the access request being issued in response to the processor executing the instructions;
a row address decoder to select one or more word lines of the array in response to the generated memory address;
a column address decoder to select one or more bit lines of the array in response to the generated memory address;
wherein the array includes:
a contiguous segment of protected memory cells, the contiguous segment of protected memory cells including a plurality of the rows;
a first sacrificial row outside of the contiguous segment and immediately adjacent to a first row of the contiguous segment; and
a second sacrificial row outside of the contiguous segment and immediately adjacent to a second row of the contiguous segment that is different from the first row.
20. The electronic system of claim 19 , wherein the first and second sacrificial rows are operable to store a predetermined known bit pattern.
21. The electronic system of claim 20 , wherein the memory controller is operable to periodically read the contents of the first and second sacrificial rows to determine whether the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
22. The electronic system of claim 21 , wherein the memory controller is operable to indicate the presence of a rowhammer attack upon determining that the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
23. The electronic system of claim 19 , wherein:
the first sacrificial row has an address that is contiguous with an address of the first row of the contiguous segment of protected memory cells; and
the second sacrificial row has an address that is contiguous with an address of the second row of the contiguous segment of protected memory cells.
24. The electronic system of claim 23 , wherein the contiguous segment of protected memory cells, the first sacrificial row, and the second sacrificial row constitute the entirety of the array.
25. The electronic system of claim 23 , wherein:
the array includes unprotected memory cells outside of the contiguous segment of protected memory cells; and
at least one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
26. The electronic system of claim 25 , wherein only one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/496,248 US10108365B1 (en) | 2017-04-25 | 2017-04-25 | Bitflip security attack protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/496,248 US10108365B1 (en) | 2017-04-25 | 2017-04-25 | Bitflip security attack protection |
Publications (2)
Publication Number | Publication Date |
---|---|
US10108365B1 US10108365B1 (en) | 2018-10-23 |
US20180307434A1 true US20180307434A1 (en) | 2018-10-25 |
Family
ID=63833197
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/496,248 Active US10108365B1 (en) | 2017-04-25 | 2017-04-25 | Bitflip security attack protection |
Country Status (1)
Country | Link |
---|---|
US (1) | US10108365B1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2022077971A1 (en) * | 2020-10-16 | 2022-04-21 | 长鑫存储技术有限公司 | Memory test method |
US11314579B2 (en) | 2019-09-03 | 2022-04-26 | International Business Machines Corporation | Application protection from bit-flip effects |
EP4141873A1 (en) * | 2021-08-24 | 2023-03-01 | Samsung Electronics Co., Ltd. | Method for accessing memory cells, semiconductor memory device including memory cells, and operating method of memory controller controlling memory device |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10978171B2 (en) * | 2019-07-31 | 2021-04-13 | Microsoft Technology Licensing, Llc | Identification of susceptibility to induced charge leakage |
US11681797B2 (en) * | 2019-08-28 | 2023-06-20 | Micron Technology, Inc. | Row activation prevention using fuses |
US11567880B2 (en) | 2020-08-12 | 2023-01-31 | Microsoft Technology Licensing, Llc | Prevention of RAM access pattern attacks via selective data movement |
CN116501238A (en) * | 2022-01-21 | 2023-07-28 | 长鑫存储技术有限公司 | Analysis method, analysis device, electronic equipment and computer storage medium |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170255806A1 (en) * | 2016-03-02 | 2017-09-07 | Samsung Electronics Co., Ltd. | Fingerprint sensor, electronic device having the same, and method of operating the fingerprint sensor |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9236110B2 (en) * | 2012-06-30 | 2016-01-12 | Intel Corporation | Row hammer refresh command |
US9978440B2 (en) * | 2014-11-25 | 2018-05-22 | Samsung Electronics Co., Ltd. | Method of detecting most frequently accessed address of semiconductor memory based on probability information |
-
2017
- 2017-04-25 US US15/496,248 patent/US10108365B1/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20170255806A1 (en) * | 2016-03-02 | 2017-09-07 | Samsung Electronics Co., Ltd. | Fingerprint sensor, electronic device having the same, and method of operating the fingerprint sensor |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11314579B2 (en) | 2019-09-03 | 2022-04-26 | International Business Machines Corporation | Application protection from bit-flip effects |
WO2022077971A1 (en) * | 2020-10-16 | 2022-04-21 | 长鑫存储技术有限公司 | Memory test method |
US11599646B2 (en) | 2020-10-16 | 2023-03-07 | Changxin Memory Technologies, Inc. | Memory test method |
EP4141873A1 (en) * | 2021-08-24 | 2023-03-01 | Samsung Electronics Co., Ltd. | Method for accessing memory cells, semiconductor memory device including memory cells, and operating method of memory controller controlling memory device |
TWI820744B (en) * | 2021-08-24 | 2023-11-01 | 南韓商三星電子股份有限公司 | Method for accessing memory cells, semiconductor memory device including memory cells, and memory system |
Also Published As
Publication number | Publication date |
---|---|
US10108365B1 (en) | 2018-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10108365B1 (en) | Bitflip security attack protection | |
CN109074841B (en) | Refresh circuit | |
US11264079B1 (en) | Apparatuses and methods for row hammer based cache lockdown | |
US9870814B2 (en) | Refreshing a group of memory cells in response to potential disturbance | |
KR20180059556A (en) | DRAM adjacent row disturbance relaxation | |
Bennett et al. | Panopticon: A complete in-dram rowhammer mitigation | |
US11527280B2 (en) | Monitoring and mitigation of row disturbance in memory | |
US11887686B2 (en) | Fast and efficient system and method for detecting and predicting rowhammer attacks | |
US20220067157A1 (en) | Device and method for protecting a memory | |
CN114121126A (en) | Apparatus, system, and method for resetting row hammer detector circuit based on self-refresh command | |
US10261852B2 (en) | Memory error determination | |
CN116324994A (en) | Mitigating row hammer attacks | |
US20230402086A1 (en) | Memory system | |
Jiang et al. | Trrscope: Understanding target row refresh mechanism for modern ddr protection | |
GB2560968A (en) | Control of refresh operation for memory regions | |
Kim et al. | Hammerfilter: Robust protection and low hardware overhead method for rowhammer | |
US20230162776A1 (en) | Memory | |
EP4138078A1 (en) | A method for protecting a dram module against rowhammer attacks, and a dram module | |
US11990198B2 (en) | Memory system and operation method of memory system | |
US20240038288A1 (en) | Memory device refresh operations | |
US20230420027A1 (en) | Memory device and refresh method thereof | |
Woo et al. | Mitigating Row-hammering by Adapting the Probability of Additional Row Refresh | |
KR20220082730A (en) | Memory system | |
Sunilprasad et al. | MIRAM: Mitigating Rowhammer attack in a DRAM memory using Time window counter | |
US20240143440A1 (en) | Page retirement techniques for multi-page dram faults |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: TEXAS INSTRUMENTS INCORPORATED, TEXAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BITTLESTONE, CLIVE D.;REEL/FRAME:045357/0573 Effective date: 20180309 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |