Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers
Speaker:Stefan Saroiu
coming from:Mircosoft Research, Redmond
Speakers Bio:Stefan Saroiu is a researcher in the Mobility and Networking Research group at Microsoft Research (MSR) in Redmond. Stefan's research

interests span many aspects of systems and networks although his most recent work focuses on systems security. Stefan takes his work beyond
publishing results. With his colleagues at MSR, he designed and built (1) the reference implementation of a software-based Trusted Platform Module (TPM)
used in millions of smartphones and tablets, and (2) Microsoft Embedded Social, a cloud service aimed at user engagement in mobile apps that
has 20 million users. Before joining MSR in 2008, Stefan spent three years as an Assistant Professor at the University of Toronto, and four months
at as a visiting researcher where he worked on the early designs of their new shopping cart system (aka Dynamo). Stefan is an
ACM Distinguished Member.

Event Type:SWS Colloquium
Visibility:D3, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Monday, 7 October 2019
Duration:90 Minutes
Building:E1 5
Cloud providers are nervous about recent research showing how Rowhammer attacks affect many types of DRAM including DDR4 and ECC-equipped DRAM.  Unfortunately, cloud providers lack a systematic way to test the DRAM present in their servers for the threat of a Rowhammer attack. Building such a methodology needs to overcome two difficult challenges: (1) devising a CPU instruction sequence that maximizes the rate of DRAM row activations on a given system, and (2) determining the adjacency of rows internal to DRAM. This talk will present an end-to-end methodology that overcomes these challenges to determine if cloud servers are susceptible to Rowhammer attacks. With our methodology, a cloud provider can construct worst-case testing conditions for DRAM.

We used our methodology to create worst-case DRAM testing conditions on the hardware used by a major cloud provider for a recent generation of its servers. Our findings show that none of the instruction sequences used in prior work to mount Rowhammer attacks create worst-case DRAM testing conditions. Instead, we construct an instruction sequence that issues non-explicit load and store instructions. Our new sequence leverages microarchitectural side-effects to ``hammer'' DRAM at a near-optimal rate on modern Skylake platforms. We also designed a DDR4 fault injector capable of reverse engineering row adjacency inside a DRAM device. When applied to our cloud provider's DIMMs, we find that rows inside DDR4 DRAM devices do not always follow a linear map.

Joint work with Lucian Cojocar (VU Amsterdam), Jeremie Kim, Minesh Patel, Onur Mutlu (ETH Zurich), Lily Tsai (MIT), and Alec Wolman (MSR)
Name(s):Claudia Richter
Phone:9303 9103
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:YesTo Location:Kaiserslautern
To Building:G26To Room:113
Meeting ID:SWS Space 2 (6312)
Tags, Category, Keywords and additional notes
Attachments, File(s):
  • Claudia Richter, 09/19/2019 03:38 PM -- Created document.