In-Depth Analysis of DRAM Cells During Rowhammer

Abstract

Rowhammer is a security exploit used to cause bit errors DRAM chips. Newer DRAM technologies are becoming more vulnerable to rowhammer attacks, and existing protec- tion methods are starting to reach their limits. This thesis provides methods for DRAM characterization by means of reverse engineering, an in-depth analysis of vulnerable cells during rowhammer and a novel protection method. First the DRAM module is characterized by performing a retention test and a one- sided rowhammer attack throughout the memory. The resilience to rowhammer of vul- nerable victim cells has been analysed by using various data patterns in the victim cell itself in combination with its direct and diagonal neighbours. The impact of the pro- posed protection method is measured by flipping the data in the attacker row during a simulated rowhammer attack. Various rowhammer sequences are investigated. The results following the DRAM characterization show that only a one-sided rowham- mer attack is possible. Rows that impact one another during rowhammer come in pairs of two, one attacker row impacts only one neighbouring row. The results of the in-depth analysis of cells during rowhammer shows evidence of negative horizontal impact com- ing from uncharged neighbouring cells in the same row and negative diagonal impact coming from charged cells neighbouring the attacker cell in the attacker row. The hori- zontal impact is mirrored in symmetrical cells whilst the diagonal impact is not. Results following the proposed protection method experiments show that using the protection method improves the overall resilience to rowhammer ranging from 50%, 65% to 100% depending on the hammer sequence.