TRRespass: Exploiting the Many Sides of Target Row Refresh

Thu 17Dec2020

Kaveh Razavi, ETH Zürich

From 12:30 until 13:30

At Zoom:


After a plethora of high-profile Rowhammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the definitive hardware solution against the Rowhammer problem: Target Row Refresh (TRR). A common belief among practitioners is that, for the latest generation of DDR4 systems that are protected by TRR, Rowhammer is no longer an issue in practice. During this seminar, we look at the inner details of TRR and show that modern implementations operate entirely inside DRAM chips. Despite the difficulties of analyzing in-DRAM mitigations, we describe novel techniques for gaining insights into the operation of these mitigation mechanisms. These insights allow us to build TRRespass, a scalable black-box Rowhammer fuzzer that we evaluate on 42 recent DDR4 modules. TRRespass shows that even the latest generation DDR4 chips with in-DRAM TRR, immune to all known Rowhammer attacks, are often still vulnerable to new TRR aware variants of Rowhammer which we collectively refer to as Many-sided Rowhammer. These results provide concrete evidence that the pursuit of better Rowhammer mitigations must continue.

Join the Zoom meeting at 12:30 on Thursday, December 17th:

Download Event to Calendar