CRII: SaTC: Rowhammer Attack on Fresh and Recycled Memory Chips: Security Risks and Defenses

CRII：SaTC：对新鲜和回收内存芯片的 Rowhammer 攻击：安全风险和防御

• 批准号: 1850241
• 负责人: Md Rahman
• 金额: $ 17.5万
• 依托单位: University of Alabama in Huntsville
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-03-01 至 2022-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1850241&HistoricalAwards=false
• 关键词: CRII; SaTC; Rowhammer; Attack; Fresh

Rowhammer is a software-assisted cyber attack that causes malicious changes to the target memory cells of dynamic random-access memory (DRAM) due to charge leakage, by crafting memory access patterns which rapidly access the same row multiple times. This research focuses on proper hardware characterization towards a Rowhammer-resistant memory system. This characterization will also inform whether Rowhammer susceptibility increases with aging, and if so, will enable a method for detecting recycled chips.The research will (i) identify the Rowhammer-prone memory cells through hardware characterization, (ii) develop a low-cost system-level technique to build a Rowhammer-resistant memory system, (iii) experimentally study the vulnerability of counterfeit (especially recycled) DRAM chips to Rowhammer, and (iv) develop a framework that identifies recycled DRAM chips, if a relationship between Rowhammer effectiveness and aging is found. The research findings and tools will be of high interest to the individual consumers, federal agencies, data centers, healthcare, enterprise, and automobile systems, that are the targets of Rowhammer attacker. The cross-cutting nature of this research will broaden the advancement of knowledge in the field of computer systems, security, and reliability and will enable collaboration between various communities (systems/device/reliability/hardware-security/algorithms). The graduate and undergraduate students working on this project will receive training and grow expertise in the related fields. The research findings will also be used in existing and new graduate/undergraduate courses on hardware-security for training and education.All publicly released data, source codes, and peer-reviewed research articles will be made available during the period of performance and afterward, and will be posted at https://www.trust-hub.org/data and http://webpages.uah.edu/~mtr0011.This award is jointly funded by the Division of Computer and Network Systems in the Directorate for Computer & Information Science & Engineering and the Established Program to Stimulate Competitive Research in the Office of Integrative Activities.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Rowhammer 是一种软件辅助的网络攻击，通过设计多次快速访问同一行的内存访问模式，导致由于电荷泄漏而对动态随机存取存储器 (DRAM) 的目标存储单元进行恶意更改。这项研究的重点是针对抗 Rowhammer 存储系统的正确硬件特性。这种表征还将告知 Rowhammer 敏感性是否会随着老化而增加，如果是这样，将启用一种检测回收芯片的方法。该研究将 (i) 通过硬件表征识别容易发生 Rowhammer 的存储单元，(ii) 开发一种低成本的存储单元构建抗 Rowhammer 内存系统的系统级技术，(iii) 实验研究假冒（尤其是回收）DRAM 芯片对 Rowhammer 的脆弱性，以及 (iv) 开发一个识别回收 DRAM 芯片的框架，如果两者之间存在关系发现了 Rowhammer 的有效性和老化性。研究结果和工具将引起个人消费者、联邦机构、数据中心、医疗保健、企业和汽车系统的高度兴趣，这些都是 Rowhammer 攻击者的目标。这项研究的跨领域性质将扩大计算机系统、安全性和可靠性领域知识的进步，并将促进不同社区（系统/设备/可靠性/硬件安全/算法）之间的协作。从事该项目的研究生和本科生将接受培训并增长相关领域的专业知识。研究结果还将用于现有和新的研究生/本科生硬件安全课程的培训和教育。所有公开发布的数据、源代码和同行评审的研究文章都将在演出期间和之后提供，并将发布在 https://www.trust-hub.org/data 和 http://webpages.uah.edu/~mtr0011。该奖项由计算机理事会计算机和网络系统部门共同资助& 信息科学与工程与在综合活动办公室制定了刺激竞争性研究的计划。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Exploiting DRAM Latency Variations for Generating True Random Numbers

利用 DRAM 延迟变化生成真正的随机数

• DOI: 10.1109/icce.2019.8662060
• 发表时间: 2019-03
• 期刊: Exploiting DRAM Latency Variations for Generating True Random Numbers
• 作者: Bahar Talukder, B. M.;Kerns, Joseph;Ray, Biswajit;Morris, Thomas;Rahman, Md Tauhidur
• 通讯作者: Rahman, Md Tauhidur

Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin

避免假冒内存：识别 DRAM 来源

• 发表时间: 2020-12
• 期刊: 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST
• 作者: Bahar Talukder, B. M.;Menon, Vineetha;Ray, Biswajit;Neal, Tempestt;Rahman, Md Tauhidur
• 通讯作者: Rahman, Md Tauhidur

PreLatPUF: Exploiting DRAM Latency Variations for Generating Robust Device Signatures

PreLatPUF：利用 DRAM 延迟变化生成强大的设备签名

• DOI: 10.1109/access.2019.2923174
• 发表时间: 2019-01
• 期刊: IEEE Access
• 影响因子: 3.9
• 作者: Bahar Talukder, B. M.;Ray, Biswajit;Forte, Domenic;Rahman, Md Tauhidur
• 通讯作者: Rahman, Md Tauhidur