Understanding and Mitigating Covert Channel and Side Channel Vulnerabilities Introduced by RowHammer Defenses

Summary

DRAM chips are increasingly vulnerable to read disturbance phenomena (e.g., RowHammer and RowPress), where repeatedly accessing or keeping open a DRAM row causes bitflips in nearby rows, due to DRAM density scaling. Attackers can exploit RowHammer bitflips in real systems to compromise security, which has motivated many prior works on RowHammer defenses. To enable such defenses, recent DDR specifications introduce new defense frameworks (e.g., PRAC and RFM). For robust (i.e., secure, safe, and reliable) operation, it is critical to analyze security implications of widely-adopted RowHammer defenses. Yet, no prior work analyzes the timing covert channel and side channel vulnerabilities RowHammer defenses introduce. This paper presents the first analysis and evaluation of timing covert channel and side channel vulnerabilities introduced by state-of-the-art RowHammer defenses. We demonstrate that RowHammer defenses’ preventive actions (e.g., preventively refreshing potential victim rows) have two fundamental features that allow an attacker to exploit RowHammer defenses for timing leakage. First, preventive actions often reduce DRAM bandwidth availability because they block access to DRAM, thereby resulting in significantly longer memory access latencies. Second, users can intentionally trigger preventive actions because preventive actions highly depend on application memory access patterns. We introduce LeakyHammer, a new class of attacks that leverage the RowHammer defense-induced memory latency differences to establish communication channels between processes and leak secrets from victim processes. First, we build two covert channel attacks exploiting two state-of-the-art RowHammer defenses (i.e., PRAC and RFM), achieving 39.0 Kbps and 48.7 Kbps channel capacity. Second, we demonstrate a proof-of-concept website fingerprinting attack that can identify visited websites based on the RowHammer-preventive actions they cause. We propose and evaluate three countermeasures against LeakyHammer. Our results show that fundamentally and completely mitigating LeakyHammer induces large performance overheads in highly RowHammer-vulnerable systems. We believe and hope our work can enable and aid future work on designing better solutions and more robust systems in the presence of such new vulnerabilities.