Secret Flaws of In-DRAM RowHammer Mitigations
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the secret flaws of in-DRAM RowHammer mitigations in this 48-minute conference talk from the Hack In The Box Security Conference. Delve into the vulnerability affecting DDR3 memory chips and its evolution into DDR4. Learn how researchers reverse-engineered the Target Row Refresh (TRR) mitigation concealed within DRAM chips using FPGA-based memory controllers. Discover the implementation details, various flavors of TRR, and why RowHammer remains a persistent threat. Gain insights into creating new hammering patterns and using the RowHammer fuzzer, TRRespass. Follow the speakers' journey through DRAM architecture, exploitation techniques, software defenses, and the challenges of reverse engineering hardware security measures. Understand the implications for hardware and software security, microarchitectural attacks, and side-channel exploitation in this comprehensive exploration of RowHammer vulnerabilities and mitigations.
Syllabus
Intro
What's it about?
DRAM - Bank
Exploiting Row Hammer
Tracing via PMU
Memory separation
Limitations
Unknown geometry
Software Defenses
Double refresh rate
Defenses vol. 2
Pseudo Target Row Refresh
Timeline
Target Row Refresh (TRR)
Abstractions
Challenges
Reverse Engineering
Methodology
Case study
ONE PROBLEM SOLVED...
TRRespass: The RowFuzzer
BIT FLIPS...
Recap
Conclusions
Taught by
Hack In The Box Security Conference
Related Courses
Rage Against The Machine ClearHack In The Box Security Conference via YouTube Foreshadow - Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
USENIX via YouTube Grand Pwning Unit - Accelerating Microarchitectural Attacks with the GPU
IEEE via YouTube Page Cache Attacks - Microarchitectural Attacks on Flawless Hardware
Black Hat via YouTube A Security RISC - Microarchitectural Attacks on Hardware RISC-V CPUs
IEEE via YouTube