Related papers: When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

URL: http://arxiv.org/abs/2505.10111v3
Date: Mon, 19 May 2025 04:17:07 GMT
Title: When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations
Authors: Jeonghyun Woo, Joyce Qu, Gururaj Saileshwar, Prashant J. Nair,
Abstract summary: We present Timing-Safe PRAC (TPRAC), a defense that eliminates PRAC-induced timing channels without compromising RH mitigation efficacy.<n>Our evaluations demonstrate that TPRAC closes timing channels while incurring only 3.4% performance overhead at the RH threshold of 1024.
Score: 4.040475373859059
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Per Row Activation Counting (PRAC) has emerged as a robust framework for mitigating RowHammer (RH) vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off (ABO) protocol and Refresh Management (RFM) commands. We present PRACLeak, a novel attack that exploits these timing differences to leak sensitive information, such as secret keys from vulnerable AES implementations, by monitoring memory access latencies. To counter this, we propose Timing-Safe PRAC (TPRAC), a defense that eliminates PRAC-induced timing channels without compromising RH mitigation efficacy. TPRAC uses Timing-Based RFMs, issued periodically and independent of memory activity. It requires only a single-entry in-DRAM mitigation queue per DRAM bank and is compatible with existing DRAM standards. Our evaluations demonstrate that TPRAC closes timing channels while incurring only 3.4% performance overhead at the RH threshold of 1024.

Related papers

CnC-PRAC: Coalesce, not Cache, Per Row Activation Counts for an Efficient in-DRAM Rowhammer Mitigation [4.040475373859059]
JEDEC has introduced the Per Row Activation Counting (PRAC) framework for DDR5 and future DRAMs.<n>We propose CnC-PRAC, a PRAC implementation that addresses both performance and energy overheads.
arXiv Detail & Related papers (2025-06-13T17:28:38Z)
R-TPT: Improving Adversarial Robustness of Vision-Language Models through Test-Time Prompt Tuning [97.49610356913874]
We propose a robust test-time prompt tuning (R-TPT) for vision-language models (VLMs)<n>R-TPT mitigates the impact of adversarial attacks during the inference stage.<n>We introduce a plug-and-play reliability-based weighted ensembling strategy to strengthen the defense.
arXiv Detail & Related papers (2025-04-15T13:49:31Z)
Chronus: Understanding and Securing the Cutting-Edge Industry Solutions to DRAM Read Disturbance [6.220002579079846]
We present the first rigorous security, performance, energy, and cost analyses of the state-of-the-art on-DRAM-die read disturbance mitigation method.<n>We propose a new on-DRAM-die RowHammer mitigation mechanism, Chronus, to address PRAC's two major weaknesses.
arXiv Detail & Related papers (2025-02-18T08:54:49Z)
QPRAC: Towards Secure and Practical PRAC-based Rowhammer Mitigation using Priority Queues [4.3423142741332255]
JEDEC has introduced the Per Row Activation Counting (PRAC) framework for DDR5 and future DRAMs.<n> PRAC enables a holistic mitigation of Rowhammer attacks even at ultra-low Rowhammer thresholds.<n>This paper provides the first secure, scalable, and practical RowHammer solution using the PRAC framework.
arXiv Detail & Related papers (2025-01-31T02:48:20Z)
DAPPER: A Performance-Attack-Resilient Tracker for RowHammer Defense [1.1816942730023883]
RowHammer vulnerabilities pose a significant threat to modern DRAM-based systems.<n>Perf-Attacks exploit shared structures to reduce DRAM bandwidth for co-running benign applications.<n>We propose secure hashing mechanisms to thwart adversarial attempts to capture the mapping of shared structures.
arXiv Detail & Related papers (2025-01-31T02:38:53Z)
Conformal Distributed Remote Inference in Sensor Networks Under Reliability and Communication Constraints [61.62410595953275]
Communication-constrained distributed conformal risk control (CD-CRC)<n>CD-CRC is a novel decision-making framework for sensor networks under communication constraints.
arXiv Detail & Related papers (2024-09-12T10:12:43Z)
Digital Twin-Assisted Data-Driven Optimization for Reliable Edge Caching in Wireless Networks [60.54852710216738]
We introduce a novel digital twin-assisted optimization framework, called D-REC, to ensure reliable caching in nextG wireless networks. By incorporating reliability modules into a constrained decision process, D-REC can adaptively adjust actions, rewards, and states to comply with advantageous constraints.
arXiv Detail & Related papers (2024-06-29T02:40:28Z)
Understanding the Security Benefits and Overheads of Emerging Industry Solutions to DRAM Read Disturbance [6.637143975465625]
Per Row Activation Counting (PRAC) mitigation method described in JEDEC DDR5 specification's April 2024 update. Back-off signal propagates from the DRAM chip to the memory controller. RFM commands are issued when needed as opposed to periodically, reducing RFM's overheads.
arXiv Detail & Related papers (2024-06-27T11:22:46Z)
RelayAttention for Efficient Large Language Model Serving with Long System Prompts [59.50256661158862]
This paper aims to improve the efficiency of LLM services that involve long system prompts. handling these system prompts requires heavily redundant memory accesses in existing causal attention algorithms. We propose RelayAttention, an attention algorithm that allows reading hidden states from DRAM exactly once for a batch of input tokens.
arXiv Detail & Related papers (2024-02-22T18:58:28Z)
IBP Regularization for Verified Adversarial Robustness via Branch-and-Bound [85.6899802468343]
We present IBP-R, a novel verified training algorithm that is both simple effective. We also present UPB, a novel robustness based on $beta$-CROWN, that reduces the cost state-of-the-art branching algorithms.
arXiv Detail & Related papers (2022-06-29T17:13:25Z)
Recurrence-in-Recurrence Networks for Video Deblurring [58.49075799159015]
State-of-the-art video deblurring methods often adopt recurrent neural networks to model the temporal dependency between the frames. In this paper, we propose recurrence-in-recurrence network architecture to cope with the limitations of short-ranged memory.
arXiv Detail & Related papers (2022-03-12T11:58:13Z)

This list is automatically generated from the titles and abstracts of the papers in this site.