TY - GEN
T1 - SHADOW
T2 - 29th IEEE International Symposium on High-Performance Computer Architecture, HPCA 2023
AU - Wi, Minbok
AU - Park, Jaehyun
AU - Ko, Seoyoung
AU - Kim, Michael Jaemin
AU - Sung Kim, Nam
AU - Lee, Eojin
AU - Ahn, Jung Ho
N1 - This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-01300), the National Research Foundation of Korea (NRF) grant by the Korea government (MSIT) (NRF-2022R1F1A1062826), and NSF (CNS 1705047). Nam Sung Kim has a financial interest in Samsung. The EDA tool was supported by the IC Design Education Center (IDEC), Korea. Minbok Wi, Jaehyun Park, Seoyoung Ko, and Michael Jaemin Kim are with the Department of Intelligence and Information, Seoul National University (SNU), Seoul, South Korea. Jung Ho Ahn, the corresponding author, is with the Department of Intelligence and Information and the Interdisciplinary Program in Artificial Intelligence, SNU, Seoul, South Korea.
ACKNOWLEDGMENT This work was supported by Institute of Information & communications Technology Planning & Evaluation (IITP) grant funded by the Korea government (MSIT) (No. 2020-0-01300), the National Research Foundation of Korea (NRF) grant by the Korea government (MSIT) (NRF-2022R1F1A1062826), and NSF (CNS 1705047). Nam Sung Kim has a financial interest in Samsung. The EDA tool was supported by the IC Design Education Center (IDEC), Korea. Minbok Wi, Jaehyun Park, Seoyoung Ko, and Michael Jaemin Kim are with the Department of Intelligence and Information, Seoul National University (SNU), Seoul, South Korea. Jung Ho Ahn, the corresponding author, is with the Department of Intelligence and Information and the Interdisciplinary Program in Artificial Intelligence, SNU, Seoul, South Korea. XI. APPENDIX: RH-INDUCED BIT-FLIP PROBABILITY OF THREE ATTACK SCENARIOS FOR SHADOW The number of rows in a single subarray is denoted as Nrow (e.g., 512). We also define Wsum as the weighted sum of the effects all aggressors within the blast range can have on a victim, for which we set to 3.5 as the default value. Attack scenario I: We represent scenario I by exploiting the buckets and balls model [72]; rows in the subarray and attack rounds are represented as buckets and balls, respectively. The number of buckets is Nrow, as its definition suggests. Meanwhile, the number of balls is also Nrow, due to the incremental refresh technique that limits the duration of attack scenario I under an incremental refresh window (i.e., Nrow number of RFM commands). We define M1 as the minimum number of RFM intervals required to activate the aggressor rows for an attacker to cause RH bit-flips on a victim row. At this point, the bit-flip probability of SHADOW for scenario I, denoted as P1, can be described as the probability of one or more buckets containing M1 balls when throwing Nrow balls into Nrow buckets. The success probability of one trial (p) is Wsum/Nrow. We determine P1 conservatively as follows using the Bernoulli trial method: P1 = Nrow ⇥ M1Nrow ⇥ pM1 ⇥ (1 p)Nrow (2) Attack scenario II: We can create a recurrence formula for the bit-flip probability of scenario II, denoted as P2[n], where n stands for the n-th RFM command. We denote the number of different aggressor rows that are activated as NAggr. We also define m as RAAIMT/NAggr, which means that m ACTs are executed for each aggressor during a single RFM interval. Similar to scenario I, M2 denotes the necessary number of RFM commands by which an aggressor can evade a SHADOW row-shuffle to cause an RH bit-flip from the perspective of any single aggressor. The recurrence equation for P2[n] is as follows:
PY - 2023
Y1 - 2023
N2 - As Row Hammer (RH) attacks have been a critical threat to computer systems, numerous hardware-based (HWbased) RH mitigation strategies have been proposed. However, the advent of non-adjacent RH attacks and lower RH thresholds significantly increase the area and performance overhead of these prior solutions due to their conservative design characteristics.We propose a new in-DRAM RH protection solution named Shuffling Aggressor DRAM Rows (SHADOW). SHADOW dynamically randomizes DRAM row mapping information, preventing an attacker from targeting a specific victim row that may hold critical data. SHADOW is robust against non-adjacent RH attacks because it utilizes the in-DRAM row-shuffle technique. To realize the in-DRAM row-shuffle operation with low performance and energy overhead, we use a novel DRAM microarchitecture optimization technique. We also utilize the recently introduced JEDEC RFM interface to enable in-DRAM RH mitigation without any DRAM interface changes. By exploiting an additional DRAM row per subarray, SHADOW does not require costly SRAM- or CAM-based tracking structures other than intrinsic counters for the RFM interface. We demonstrate the strong probabilistic protection of SHADOW against RH attacks through adversarial pattern analysis and highlight the compelling performance, area, and energy overheads compared to those of state-of-the-art HW-based RH prevention solutions.
AB - As Row Hammer (RH) attacks have been a critical threat to computer systems, numerous hardware-based (HWbased) RH mitigation strategies have been proposed. However, the advent of non-adjacent RH attacks and lower RH thresholds significantly increase the area and performance overhead of these prior solutions due to their conservative design characteristics.We propose a new in-DRAM RH protection solution named Shuffling Aggressor DRAM Rows (SHADOW). SHADOW dynamically randomizes DRAM row mapping information, preventing an attacker from targeting a specific victim row that may hold critical data. SHADOW is robust against non-adjacent RH attacks because it utilizes the in-DRAM row-shuffle technique. To realize the in-DRAM row-shuffle operation with low performance and energy overhead, we use a novel DRAM microarchitecture optimization technique. We also utilize the recently introduced JEDEC RFM interface to enable in-DRAM RH mitigation without any DRAM interface changes. By exploiting an additional DRAM row per subarray, SHADOW does not require costly SRAM- or CAM-based tracking structures other than intrinsic counters for the RFM interface. We demonstrate the strong probabilistic protection of SHADOW against RH attacks through adversarial pattern analysis and highlight the compelling performance, area, and energy overheads compared to those of state-of-the-art HW-based RH prevention solutions.
UR - http://www.scopus.com/inward/record.url?scp=85150590574&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85150590574&partnerID=8YFLogxK
U2 - 10.1109/HPCA56546.2023.10070966
DO - 10.1109/HPCA56546.2023.10070966
M3 - Conference contribution
AN - SCOPUS:85150590574
T3 - Proceedings - International Symposium on High-Performance Computer Architecture
SP - 333
EP - 346
BT - 2023 IEEE International Symposium on High-Performance Computer Architecture, HPCA 2023 - Proceedings
PB - IEEE Computer Society
Y2 - 25 February 2023 through 1 March 2023
ER -