US20180307434A1 - Bitflip Security Attack Protection - Google Patents

Bitflip Security Attack Protection Download PDF

Info

Publication number
US20180307434A1
US20180307434A1 US15/496,248 US201715496248A US2018307434A1 US 20180307434 A1 US20180307434 A1 US 20180307434A1 US 201715496248 A US201715496248 A US 201715496248A US 2018307434 A1 US2018307434 A1 US 2018307434A1
Authority
US
United States
Prior art keywords
row
sacrificial
memory cells
memory
rows
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US15/496,248
Other versions
US10108365B1 (en
Inventor
Clive D. Bittlestone
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Texas Instruments Inc
Original Assignee
Texas Instruments Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Texas Instruments Inc filed Critical Texas Instruments Inc
Priority to US15/496,248 priority Critical patent/US10108365B1/en
Assigned to TEXAS INSTRUMENTS INCORPORATED reassignment TEXAS INSTRUMENTS INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BITTLESTONE, CLIVE D.
Application granted granted Critical
Publication of US10108365B1 publication Critical patent/US10108365B1/en
Publication of US20180307434A1 publication Critical patent/US20180307434A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/408Address circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/145Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being virtual, e.g. for virtual blocks or segments before a translation mechanism
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/4078Safety or protection circuits, e.g. for preventing inadvertent or unauthorised reading or writing; Status cells; Test cells
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/408Address circuits
    • G11C11/4087Address decoders, e.g. bit - or word line decoders; Multiple line decoders
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/409Read-write [R-W] circuits 
    • G11C11/4093Input/output [I/O] data interface arrangements, e.g. data buffers
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/409Read-write [R-W] circuits 
    • G11C11/4096Input/output [I/O] data management or control circuits, e.g. reading or writing circuits, I/O drivers or bit-line switches 
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/406Management or control of the refreshing or charge-regeneration cycles
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C11/00Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor
    • G11C11/21Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements
    • G11C11/34Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices
    • G11C11/40Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors
    • G11C11/401Digital stores characterised by the use of particular electric or magnetic storage elements; Storage elements therefor using electric elements using semiconductor devices using transistors forming cells needing refreshing or charge regeneration, i.e. dynamic cells
    • G11C11/4063Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing
    • G11C11/407Auxiliary circuits, e.g. for addressing, decoding, driving, writing, sensing or timing for memory cells of the field-effect type
    • G11C11/409Read-write [R-W] circuits 
    • G11C11/4097Bit-line organisation, e.g. bit-line layout, folded bit lines

Definitions

  • DRAM Dynamic Random Access Memory
  • each bit of stored data occupies a separate memory cell that is typically implemented with one capacitor and one transistor.
  • the charge state of a capacitor is what determines whether a DRAM cell stores “1” or “0” as a binary value.
  • Large numbers of DRAM memory cells are packed into integrated circuits, together with some additional logic that organizes the cells for the purposes of reading, writing and refreshing the data.
  • memory cells 101 are further organized into matrices and addressed through rows and columns.
  • a memory address 102 applied to a matrix is broken into the row address 103 and column address 104 , which are processed by respective row and column address decoders 105 and 106 .
  • After a row address selects the row for a read operation (the selection is also known as row activation), bits from all cells in the row are transferred into the sense amplifiers 107 that form the row buffer, from which the exact bit is selected using the column address 104 .
  • Read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read.
  • Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.
  • DRAM memory cells lose their state over time and require periodic rewriting of all memory cells, which is a process known as refreshing.
  • DRAM memory is susceptible to random changes in stored data, which are known as soft memory errors and attributed to a variety of causes.
  • DRAM integrated circuits have led to physically smaller memory cells capable of storing smaller charges, resulting in lower operational noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss.
  • disturbance errors have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells.
  • the awareness of disturbance errors dates back to the early 1970s and the Intel 1103 as the first commercially available DRAM IC; since then, DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing.
  • DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing.
  • it has been proven that commercially available high density DRAM chips are susceptible to disturbance errors, caused by repeated accesses to neighboring memory cells.
  • the term rowhammer is used to name the associated side effect that led to observed bit flips.
  • a variant called double-sided hammering shown in FIG. 3 involves targeted activations of two DRAM rows 301 and 302 surrounding the victim row 303 . Tests show that this approach may result in a significantly higher rate of disturbance errors, compared to the variant that activates only one of the victim row's neighboring DRAM rows.
  • Rowhammer is a method to illegally modify victim memory bit's by using repeated memory access to an adjacent row. This becomes a serious security concern if the victim bit is in a secure/protected memory zone. This method relies on the physical row structure of the memory and is difficult to detect.
  • a published exploit exists for DRAM that is increasingly easier to implement with newer technologies where bits are packed closer and closer together.
  • a method is shown to protect privileged memories against rowhammer attacks, and to detect any rowhammer attack attempts.
  • FIG. 1 shows a typical DRAM memory architecture
  • FIG. 2 shows a rowhammer implementation
  • FIG. 3 shows a double row rowhammer method
  • FIG. 4 shows top and bottom sacrificial rows to protect against rowhammer attacks.
  • Tests show that simple error correction solutions, providing single-error correction and double-error detection (SECDED) capabilities are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word.
  • SECDED single-error correction and double-error detection
  • a less effective solution is to introduce more frequent memory refreshing, with the refresh intervals shorter than the usual 64 ms, but this technique results in higher power consumption and increased processing overhead.
  • One of the more complex prevention measures performs counter-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency.
  • Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant dual in-line memory modules (DIMMs) to mitigate the rowhammer effect by automatically refreshing possible victim rows.
  • pTRR pseudo target row refresh
  • DIMMs dual in-line memory modules
  • these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in a higher memory access latency and may reduce the memory bandwidth.
  • TRR target row refresh
  • MAC chip-specific maximum activate count
  • t MAW maximum activate window
  • the MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the t MAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the t MAW time window.
  • rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.
  • Memory protection as a way of preventing processes from accessing memory that has not been assigned to them is one of the concepts behind most modern operating systems.
  • memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, where programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task.
  • Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.
  • Disturbance errors effectively defeat various layers of memory protection by bypassing them at a very low hardware level, practically creating a unique attack vector type that allows processes to alter the contents of arbitrary parts of the main memory by directly manipulating the underlying memory hardware.
  • “conventional” attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.
  • the invention described here implements a method of protection against rowhammer attacks in general, and it specifically prevents a rowhammer attack from gaining access to protected memory.
  • extra sacrificial rows 402 and 403 are added to the top and bottom of the memory segment 401 that is to be protected, effectively forming a protective buffer between public and protected memory.
  • These sacrificial rows may also be preprogrammed with a known bit pattern, and may be periodically monitored to detect a possible rowhammer attack.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Dram (AREA)
  • Storage Device Security (AREA)

Abstract

A memory area is protected from rowhammer attacks by placing an extra sacrificial row at the top and the bottom of the memory addresses defining the area to be protected. The sacrificial rows of memory are written with a known bit pattern that may be read periodically to detect any rowhammer attacks that may be in progress.

Description

    BACKGROUND OF THE INVENTION
  • In Dynamic Random Access Memory (DRAM), each bit of stored data occupies a separate memory cell that is typically implemented with one capacitor and one transistor. The charge state of a capacitor (charged or discharged) is what determines whether a DRAM cell stores “1” or “0” as a binary value. Large numbers of DRAM memory cells are packed into integrated circuits, together with some additional logic that organizes the cells for the purposes of reading, writing and refreshing the data.
  • As shown in FIG. 1, memory cells 101 are further organized into matrices and addressed through rows and columns. A memory address 102 applied to a matrix is broken into the row address 103 and column address 104, which are processed by respective row and column address decoders 105 and 106. After a row address selects the row for a read operation (the selection is also known as row activation), bits from all cells in the row are transferred into the sense amplifiers 107 that form the row buffer, from which the exact bit is selected using the column address 104. Read operations are of a destructive nature because the design of DRAM requires memory cells to be rewritten after their values have been read. Write operations decode the addresses in a similar way, but as a result of the design entire rows must be rewritten for the value of a single bit to be changed.
  • As a result of storing data bits using capacitors that have a natural discharge rate, DRAM memory cells lose their state over time and require periodic rewriting of all memory cells, which is a process known as refreshing. As another result of the design, DRAM memory is susceptible to random changes in stored data, which are known as soft memory errors and attributed to a variety of causes.
  • Increased densities of DRAM integrated circuits (ICs) have led to physically smaller memory cells capable of storing smaller charges, resulting in lower operational noise margins, increased rates of electromagnetic interactions between memory cells, and greater possibility of data loss. As a result, disturbance errors have been observed, being caused by cells interfering with each other's operation and manifesting as random changes in the values of bits stored in affected memory cells. The awareness of disturbance errors dates back to the early 1970s and the Intel 1103 as the first commercially available DRAM IC; since then, DRAM manufacturers have employed various mitigation techniques to counteract disturbance errors, such as improving the isolation between cells and performing production testing. However, it has been proven that commercially available high density DRAM chips are susceptible to disturbance errors, caused by repeated accesses to neighboring memory cells. The term rowhammer is used to name the associated side effect that led to observed bit flips.
  • The opportunity for the rowhammer effect to occur in DRAM memories is primarily attributed to the large capacity DRAM's high density of memory cells and the results of associated interactions between the cells, while rapid DRAM row activations have been determined as the primary cause. Frequent row activations cause voltage fluctuations on the associated row selection lines, which have been observed to induce higher-than-natural discharge rates in capacitors belonging to nearby (adjacent, in most cases) memory rows, which are called victim rows; if the affected memory cells are not refreshed before they lose too much charge, disturbance errors occur. This is shown in FIG. 2, where frequent accesses to row 201 may induce unintended changes in victim row 202. Tests have also shown that the rate of disturbance errors is not substantially affected by increased environment temperature, but it depends on the actual contents of DRAM because certain bit patterns result in significantly higher disturbance error rates.
  • A variant called double-sided hammering shown in FIG. 3 involves targeted activations of two DRAM rows 301 and 302 surrounding the victim row 303. Tests show that this approach may result in a significantly higher rate of disturbance errors, compared to the variant that activates only one of the victim row's neighboring DRAM rows.
    • SUMMARY OF THE INVENTION
  • Rowhammer is a method to illegally modify victim memory bit's by using repeated memory access to an adjacent row. This becomes a serious security concern if the victim bit is in a secure/protected memory zone. This method relies on the physical row structure of the memory and is difficult to detect. A published exploit exists for DRAM that is increasingly easier to implement with newer technologies where bits are packed closer and closer together. A method is shown to protect privileged memories against rowhammer attacks, and to detect any rowhammer attack attempts.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • These and other aspects of this invention are illustrated in the drawings, in which:
  • FIG. 1 shows a typical DRAM memory architecture;
  • FIG. 2 shows a rowhammer implementation;
  • FIG. 3 shows a double row rowhammer method, and
  • FIG. 4 shows top and bottom sacrificial rows to protect against rowhammer attacks.
    •  DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
  • Different methods exist in the prior art for more or less successful detection, prevention, correction or mitigation of the rowhammer effect. Tests show that simple error correction solutions, providing single-error correction and double-error detection (SECDED) capabilities are not able to correct or detect all observed disturbance errors because some of them include more than two flipped bits per memory word. A less effective solution is to introduce more frequent memory refreshing, with the refresh intervals shorter than the usual 64 ms, but this technique results in higher power consumption and increased processing overhead. One of the more complex prevention measures performs counter-based identification of frequently accessed memory rows and proactively refreshes their neighboring rows; another method issues additional infrequent random refreshes of memory rows neighboring the accessed rows regardless of their access frequency.
  • Intel Xeon processors support the so-called pseudo target row refresh (pTRR) that can be used in combination with pTRR-compliant dual in-line memory modules (DIMMs) to mitigate the rowhammer effect by automatically refreshing possible victim rows. When used with DIMMs that are not pTRR-compliant, these Xeon processors by default fall back on performing DRAM refreshes at twice the usual frequency, which results in a higher memory access latency and may reduce the memory bandwidth.
  • Some memories employ hardware support for the target row refresh (TRR) method that prevents the rowhammer effect without negatively impacting performance or power consumption. Internally, TRR identifies possible victim rows, by counting the number of row activations and comparing it against predefined chip-specific maximum activate count (MAC) and maximum activate window (tMAW) values, and refreshes these rows to prevent bit flips. The MAC value is the maximum total number of row activations that may be encountered on a particular DRAM row within a time interval that is equal or shorter than the tMAW amount of time before its neighboring rows are identified as victim rows; TRR may also flag a row as a victim row if the sum of row activations for its two neighboring rows reaches the MAC limit within the tMAW time window.
  • Due to the necessity of large numbers of rapidly performed DRAM row activations, rowhammer exploits issue large numbers of uncached memory accesses that cause cache misses, which can be detected by monitoring the rate of cache misses for unusual peaks using hardware performance counters.
  • Memory protection, as a way of preventing processes from accessing memory that has not been assigned to them is one of the concepts behind most modern operating systems. By using memory protection in combination with other security-related mechanisms such as protection rings, it is possible to achieve privilege separation between processes, where programs and computer systems in general are divided into parts limited to the specific privileges they require to perform a particular task. Using privilege separation can also reduce the extent of potential damage caused by computer security attacks by restricting their effects to specific parts of the system.
  • Disturbance errors effectively defeat various layers of memory protection by bypassing them at a very low hardware level, practically creating a unique attack vector type that allows processes to alter the contents of arbitrary parts of the main memory by directly manipulating the underlying memory hardware. In comparison, “conventional” attack vectors such as buffer overflows aim at circumventing the protection mechanisms at the software level, by exploiting various programming mistakes to achieve alterations of otherwise inaccessible main memory contents.
  • The invention described here implements a method of protection against rowhammer attacks in general, and it specifically prevents a rowhammer attack from gaining access to protected memory.
  • As shown in FIG. 4, extra sacrificial rows 402 and 403 are added to the top and bottom of the memory segment 401 that is to be protected, effectively forming a protective buffer between public and protected memory. These sacrificial rows may also be preprogrammed with a known bit pattern, and may be periodically monitored to detect a possible rowhammer attack.
  • While the above discussion relates to DRAM's, it is to be understood that the same method is also applicable to other memory types.

Claims (20)

1.-7. (canceled)
8. A memory device comprising:
an array of memory cells arranged in rows and columns;
a plurality of word lines each coupled to memory cells of a respective one of the rows;
a plurality of bit lines each coupled to memory cells of a respective one of the columns;
wherein the array includes:
a contiguous segment of protected memory cells, the contiguous segment of protected memory cells including a plurality of the rows;
a first sacrificial row outside of the contiguous segment and immediately adjacent to a first row of the contiguous segment; and
a second sacrificial row outside of the contiguous segment and immediately adjacent to a second row of the contiguous segment that is different from the first row.
9. The memory device of claim 8, comprising a memory controller to generate a memory address in response to received requests to access the memory cells of the array.
10. The memory device of claim 9, comprising a row address decoder to select one or more word lines of the array in response to the generated memory address.
11. The memory device of claim 9, comprising a column address decoder to select one or more bit lines of the array in response to the generated memory address.
12. The memory device of claim 9, wherein the first and second sacrificial rows are operable to store a predetermined known bit pattern.
13. The memory device of claim 12, wherein the memory controller is operable to periodically read the contents of the first and second sacrificial rows to determine whether the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
14. The memory device of claim 13, wherein the memory controller is operable to indicate the presence of a rowhammer attack upon determining that the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
15. The memory device of claim 8, wherein:
the first sacrificial row has an address that is contiguous with an address of the first row of the contiguous segment of protected memory cells; and
the second sacrificial row has an address that is contiguous with an address of the second row of the contiguous segment of protected memory cells.
16. The memory device of claim 15, wherein the contiguous segment of protected memory cells, the first sacrificial row, and the second sacrificial row constitute the entirety of the array.
17. The memory device of claim 15, wherein:
the array includes unprotected memory cells outside of the contiguous segment of protected memory cells; and
at least one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
18. The memory device of claim 17, wherein only one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
19. An electronic system comprising a processor;
a memory storing instructions for execution by the processor, wherein the memory includes:
an array of memory cells arranged in rows and columns;
a plurality of word lines each coupled to memory cells of a respective one of the rows;
a plurality of bit lines each coupled to memory cells of a respective one of the columns;
a memory controller to generate a memory address in response the processor issuing an access request to an access request to access the memory cells of the array, the access request being issued in response to the processor executing the instructions;
a row address decoder to select one or more word lines of the array in response to the generated memory address;
a column address decoder to select one or more bit lines of the array in response to the generated memory address;
wherein the array includes:
a contiguous segment of protected memory cells, the contiguous segment of protected memory cells including a plurality of the rows;
a first sacrificial row outside of the contiguous segment and immediately adjacent to a first row of the contiguous segment; and
a second sacrificial row outside of the contiguous segment and immediately adjacent to a second row of the contiguous segment that is different from the first row.
20. The electronic system of claim 19, wherein the first and second sacrificial rows are operable to store a predetermined known bit pattern.
21. The electronic system of claim 20, wherein the memory controller is operable to periodically read the contents of the first and second sacrificial rows to determine whether the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
22. The electronic system of claim 21, wherein the memory controller is operable to indicate the presence of a rowhammer attack upon determining that the contents of the first and second sacrificial rows has changed from the predetermined known bit pattern.
23. The electronic system of claim 19, wherein:
the first sacrificial row has an address that is contiguous with an address of the first row of the contiguous segment of protected memory cells; and
the second sacrificial row has an address that is contiguous with an address of the second row of the contiguous segment of protected memory cells.
24. The electronic system of claim 23, wherein the contiguous segment of protected memory cells, the first sacrificial row, and the second sacrificial row constitute the entirety of the array.
25. The electronic system of claim 23, wherein:
the array includes unprotected memory cells outside of the contiguous segment of protected memory cells; and
at least one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
26. The electronic system of claim 25, wherein only one of the first and second sacrificial rows is also immediately adjacent to a row of the unprotected memory cells.
US15/496,248 2017-04-25 2017-04-25 Bitflip security attack protection Active US10108365B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US15/496,248 US10108365B1 (en) 2017-04-25 2017-04-25 Bitflip security attack protection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US15/496,248 US10108365B1 (en) 2017-04-25 2017-04-25 Bitflip security attack protection

Publications (2)

Publication Number Publication Date
US10108365B1 US10108365B1 (en) 2018-10-23
US20180307434A1 true US20180307434A1 (en) 2018-10-25

Family

ID=63833197

Family Applications (1)

Application Number Title Priority Date Filing Date
US15/496,248 Active US10108365B1 (en) 2017-04-25 2017-04-25 Bitflip security attack protection

Country Status (1)

Country Link
US (1) US10108365B1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022077971A1 (en) * 2020-10-16 2022-04-21 长鑫存储技术有限公司 Memory test method
US11314579B2 (en) 2019-09-03 2022-04-26 International Business Machines Corporation Application protection from bit-flip effects
EP4141873A1 (en) * 2021-08-24 2023-03-01 Samsung Electronics Co., Ltd. Method for accessing memory cells, semiconductor memory device including memory cells, and operating method of memory controller controlling memory device

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10978171B2 (en) * 2019-07-31 2021-04-13 Microsoft Technology Licensing, Llc Identification of susceptibility to induced charge leakage
US11681797B2 (en) * 2019-08-28 2023-06-20 Micron Technology, Inc. Row activation prevention using fuses
US11567880B2 (en) 2020-08-12 2023-01-31 Microsoft Technology Licensing, Llc Prevention of RAM access pattern attacks via selective data movement
CN116501238A (en) * 2022-01-21 2023-07-28 长鑫存储技术有限公司 Analysis method, analysis device, electronic equipment and computer storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170255806A1 (en) * 2016-03-02 2017-09-07 Samsung Electronics Co., Ltd. Fingerprint sensor, electronic device having the same, and method of operating the fingerprint sensor

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9236110B2 (en) * 2012-06-30 2016-01-12 Intel Corporation Row hammer refresh command
US9978440B2 (en) * 2014-11-25 2018-05-22 Samsung Electronics Co., Ltd. Method of detecting most frequently accessed address of semiconductor memory based on probability information

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170255806A1 (en) * 2016-03-02 2017-09-07 Samsung Electronics Co., Ltd. Fingerprint sensor, electronic device having the same, and method of operating the fingerprint sensor

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11314579B2 (en) 2019-09-03 2022-04-26 International Business Machines Corporation Application protection from bit-flip effects
WO2022077971A1 (en) * 2020-10-16 2022-04-21 长鑫存储技术有限公司 Memory test method
US11599646B2 (en) 2020-10-16 2023-03-07 Changxin Memory Technologies, Inc. Memory test method
EP4141873A1 (en) * 2021-08-24 2023-03-01 Samsung Electronics Co., Ltd. Method for accessing memory cells, semiconductor memory device including memory cells, and operating method of memory controller controlling memory device
TWI820744B (en) * 2021-08-24 2023-11-01 南韓商三星電子股份有限公司 Method for accessing memory cells, semiconductor memory device including memory cells, and memory system

Also Published As

Publication number Publication date
US10108365B1 (en) 2018-10-23

Similar Documents

Publication Publication Date Title
US10108365B1 (en) Bitflip security attack protection
CN109074841B (en) Refresh circuit
US11264079B1 (en) Apparatuses and methods for row hammer based cache lockdown
US9870814B2 (en) Refreshing a group of memory cells in response to potential disturbance
KR20180059556A (en) DRAM adjacent row disturbance relaxation
Bennett et al. Panopticon: A complete in-dram rowhammer mitigation
US11527280B2 (en) Monitoring and mitigation of row disturbance in memory
US11887686B2 (en) Fast and efficient system and method for detecting and predicting rowhammer attacks
US20220067157A1 (en) Device and method for protecting a memory
CN114121126A (en) Apparatus, system, and method for resetting row hammer detector circuit based on self-refresh command
US10261852B2 (en) Memory error determination
CN116324994A (en) Mitigating row hammer attacks
US20230402086A1 (en) Memory system
Jiang et al. Trrscope: Understanding target row refresh mechanism for modern ddr protection
GB2560968A (en) Control of refresh operation for memory regions
Kim et al. Hammerfilter: Robust protection and low hardware overhead method for rowhammer
US20230162776A1 (en) Memory
EP4138078A1 (en) A method for protecting a dram module against rowhammer attacks, and a dram module
US11990198B2 (en) Memory system and operation method of memory system
US20240038288A1 (en) Memory device refresh operations
US20230420027A1 (en) Memory device and refresh method thereof
Woo et al. Mitigating Row-hammering by Adapting the Probability of Additional Row Refresh
KR20220082730A (en) Memory system
Sunilprasad et al. MIRAM: Mitigating Rowhammer attack in a DRAM memory using Time window counter
US20240143440A1 (en) Page retirement techniques for multi-page dram faults

Legal Events

Date Code Title Description
AS Assignment

Owner name: TEXAS INSTRUMENTS INCORPORATED, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BITTLESTONE, CLIVE D.;REEL/FRAME:045357/0573

Effective date: 20180309

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4