Rowhammer Bit lật trên CPU RISC-V cao cấp (ETH Zurich)
A new technical paper titled “RISC-H: Rowhammer Attacks on RISC-V” was published by researchers at ETH Zurich. RISC-H will be presented at DRAMSec (co-located with ISCA 2024)
Abstract:
“The first high-end RISC-V CPU with DDR4 support has been released just a few months ago. There are currently no Rowhammer studies on RISC-V devices and it is unclear whether it is possible to compromise systems on these newer architectures. With RISC-H, we aim to fill this gap by overcoming a number of challenges: first, the DRAM functions of the memory controller are not disclosed, which we reverse engineer via the bank-conflict side channel. Second, we discover that hammering many rows achieves a significantly low activation throughput, making Rowhammer unsuccessful. We determine that this low performance is caused by a contention in the memory subsystem when aggressor rows share certain physical address bits and slow ordering instructions. To address this challenge, we leverage different column addresses to reduce contention, and we rely on a novel approach for ordering memory accesses by inserting surgical delays in the access patterns. Combining these insights, our new Rowhammer attack, called RISC-H, can trigger the first DDR4 bit flips from a RISC-V CPU. These results show that the RISC-V ecosystem is similarly affected by Rowhammer and further highlights the need for effective mitigations.”
Find the technical paper here. June 2024.
RISC-H: Rowhammer Attacks on RISC-V. Michele Marazzi; and Kaveh Razavi. In DRAMSec, June 2024.
Fig. 1: Source: RISC-H: Rowhammer Attacks on RISC-V. ETH Zurich.