Related papers: MOAT: Securely Mitigating Rowhammer with Per-Row Activation Counters

MOAT: Securely Mitigating Rowhammer with Per-Row Activation Counters

URL: http://arxiv.org/abs/2407.09995v1
Date: Sat, 13 Jul 2024 20:28:02 GMT
Title: MOAT: Securely Mitigating Rowhammer with Per-Row Activation Counters
Authors: Moinuddin Qureshi, Salman Qazi,
Abstract summary: DDR5 specifications have been extended to support Per-Row Activation Counting (PRAC), with counters inlined with each row, and ALERT-Back-Off (ABO) to stop the memory controller if the DRAM needs more time to mitigate. Although PRAC+ABO represents a strong advance in Rowhammer protection, they are just a framework, and the actual security is dependent on the implementation. We propose MOAT, a provably secure design, which uses two internal thresholds: ETH, an "Eligibility Threshold" for mitigating a row, and ATH, an "ALERT Threshold" for initiating
Score: 0.3580891736370874
License: http://creativecommons.org/licenses/by/4.0/
Abstract: The security vulnerabilities due to Rowhammer have worsened over the last decade, with existing in-DRAM solutions, such as TRR, getting broken with simple patterns. In response, the DDR5 specifications have been extended to support Per-Row Activation Counting (PRAC), with counters inlined with each row, and ALERT-Back-Off (ABO) to stop the memory controller if the DRAM needs more time to mitigate. Although PRAC+ABO represents a strong advance in Rowhammer protection, they are just a framework, and the actual security is dependent on the implementation. In this paper, we first show that a prior work, Panopticon (which formed the basis for PRAC+ABO), is insecure, as our Jailbreak pattern can cause 1150 activations on an attack row for Panopticon configured for a threshold of 128. We then propose MOAT, a provably secure design, which uses two internal thresholds: ETH, an "Eligibility Threshold" for mitigating a row, and ATH, an "ALERT Threshold" for initiating an ABO. As JEDEC specifications permit a few activations between consecutive ALERTs, we also study how an attacker can exploit such activations to inflict more activations than ATH on an attack row and thus increase the tolerated Rowhammer threshold. Our analysis shows that MOAT configured with ATH=64 can safely tolerate a Rowhammer threshold of 99. Finally, we also study performance attacks and denial-of-service due to ALERTs. Our evaluations, with SPEC and GAP workloads, show that MOAT with ATH=64 incurs an average slowdown of 0.28\% and 7 bytes of SRAM per bank.

Related papers

ImPress: Securing DRAM Against Data-Disturbance Errors via Implicit Row-Press Mitigation [1.3921736520874155]
DRAM cells are susceptible to Data-Disturbance Errors (DDE) Rowhammer is a well-known DDE vulnerability that occurs when a row is repeatedly activated. Row-Press (RP) is a new DDE vulnerability that occurs when a row is kept open for a long time.
arXiv Detail & Related papers (2024-07-22T19:20:14Z)
Revisiting the Robust Alignment of Circuit Breakers [10.852294343899487]
We show that the robustness claims of "Improving Alignment and Robustness with Circuit Breakers" may be overestimated. Specifically, we demonstrate that by implementing a few simple changes to embedding space attacks, we achieve 100% attack success rate (ASR) against circuit breaker models.
arXiv Detail & Related papers (2024-07-22T11:53:48Z)
BEEAR: Embedding-based Adversarial Removal of Safety Backdoors in Instruction-tuned Language Models [57.5404308854535]
Safety backdoor attacks in large language models (LLMs) enable the stealthy triggering of unsafe behaviors while evading detection during normal interactions. We present BEEAR, a mitigation approach leveraging the insight that backdoor triggers induce relatively uniform drifts in the model's embedding space. Our bi-level optimization method identifies universal embedding perturbations that elicit unwanted behaviors and adjusts the model parameters to reinforce safe behaviors against these perturbations.
arXiv Detail & Related papers (2024-06-24T19:29:47Z)
AutoJailbreak: Exploring Jailbreak Attacks and Defenses through a Dependency Lens [83.08119913279488]
We present a systematic analysis of the dependency relationships in jailbreak attack and defense techniques. We propose three comprehensive, automated, and logical frameworks. We show that the proposed ensemble jailbreak attack and defense framework significantly outperforms existing research.
arXiv Detail & Related papers (2024-06-06T07:24:41Z)
Defensive Prompt Patch: A Robust and Interpretable Defense of LLMs against Jailbreak Attacks [59.46556573924901]
This paper introduces Defensive Prompt Patch (DPP), a novel prompt-based defense mechanism for large language models (LLMs) Unlike previous approaches, DPP is designed to achieve a minimal Attack Success Rate (ASR) while preserving the high utility of LLMs. Empirical results conducted on LLAMA-2-7B-Chat and Mistral-7B-Instruct-v0.2 models demonstrate the robustness and adaptability of DPP.
arXiv Detail & Related papers (2024-05-30T14:40:35Z)
Probabilistic Tracker Management Policies for Low-Cost and Scalable Rowhammer Mitigation [5.597216094757414]
In recent years, solutions like TRR have been deployed in DDR4 DRAM to track aggressor rows and then issue a mitigative action by refreshing neighboring rows. Such in-DRAM solutions are resource-constrained (only able to provision few tens of counters to track aggressor rows) and are prone to thrashing based attacks, that have been used to fool them. In this work, we demonstrate secure and scalable rowhammer mitigation using resource-constrained trackers.
arXiv Detail & Related papers (2024-04-24T23:57:58Z)
Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing [107.97160023681184]
Aligned large language models (LLMs) are vulnerable to jailbreaking attacks. We propose SEMANTICSMOOTH, a smoothing-based defense that aggregates predictions of semantically transformed copies of a given input prompt.
arXiv Detail & Related papers (2024-02-25T20:36:03Z)
Fast Adversarial Attacks on Language Models In One GPU Minute [49.615024989416355]
We introduce a novel class of fast, beam search-based adversarial attack (BEAST) for Language Models (LMs) BEAST employs interpretable parameters, enabling attackers to balance between attack speed, success rate, and the readability of adversarial prompts. Our gradient-free targeted attack can jailbreak aligned LMs with high attack success rates within one minute.
arXiv Detail & Related papers (2024-02-23T19:12:53Z)
Towards Sample-specific Backdoor Attack with Clean Labels via Attribute Trigger [60.91713802579101]
We show that sample-specific backdoor attacks ( SSBAs) are not sufficiently stealthy due to their poisoned-label nature. We propose to exploit content-relevant features, $a.k.a.$ (human-relied) attributes, as the trigger patterns to design clean-label SSBAs.
arXiv Detail & Related papers (2023-12-03T09:12:14Z)
Mayhem: Targeted Corruption of Register and Stack Variables [4.5205468816535594]
We show how Rowhammer can be exploited to inject faults into stack variables and even register values in a victim's process. We achieve this by targeting the register value that is stored in the process's stack, which subsequently is flushed out into the memory. We show that stack and registers are no longer safe from the Rowhammer attack.
arXiv Detail & Related papers (2023-09-05T19:31:49Z)
Scalable and Configurable Tracking for Any Rowhammer Threshold [0.8057006406834466]
The Rowhammer vulnerability continues to get worse, with the Rowhammer Threshold (TRH) reducing from 139K activations to 4.8K activations over the last decade. The number of possible aggressors increases with lowering thresholds making it difficult to reliably track such rows in a storage-efficient manner. Recent in-DRAM trackers from industry, such as DSAC-TRR, perform approximate tracking, sacrificing guaranteed protection for reduced storage overheads. We propose START - a scalable tracker for Any Rowhammer Threshold.
arXiv Detail & Related papers (2023-08-28T20:24:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.