Abstract:

The post A New Low-Cost HW-Counterbased RowHammer Mitigation Technique appeared first on Semiconductor Engineering.

Like many others, my exposure to the long-running and legendary Warhammer series has been primarily through its videogame adaptations that have graced PC and consoles over the years. In fact, the original Warhammer 40,000: Space Marine was my first experience with the franchise back when I played it on the PlayStation 3 in 2011.

With the imminent release of Warhammer 40,000: Space Marine 2 more than a decade later, the sequel has a lot to prove in terms of modernizing its tried-and-tested approach to a third-person shooter.

Thankfully, from my 4-5 hours with the preview build of Warhammer 40,000: Space Marine 2, I can safely say that fans of the original, or even fans of just over-the-top action shooters, are in for a treat. Warhammer 40,000: Space Marine 2 elevates things up to 11, bringing with it what appears to be a solid story campaign on top of a fun multiplayer mission mode, reminiscent of Warhammer 40,000: Darktide’s mission-based structure.

For the uninitiated, Warhammer 40,000: Space Marine 2 once again places players back into the mud and blood-caked boots of Captain Titus of the Ultramarines unit, this time tasked against fighting a splinter scourge of Tyranids. In the preview demo I was given access to, I got to play the opening mission of the campaign alongside two others, as Space Marine 2 allows for full co-op action.

Warhammer 40,000: Space Marine 2 features six distinct classes to pick from during missions. Campaign levels instead assign the party leader to play as Titus, who in-game is classified as an Assault unit, which, as far as gameplay mechanics are concerned, gives the player access to a heavy Thunder Hammer melee weapon, a booster pack which allows for a devasting ground pound special attack, along with a decent amount of verticality thanks to being able to jump around and get to higher elevation quickly.

The other five classes become available when playing the mission mode present in Space Marine 2, which unlocks after completing the first campaign level This ends with a fun boss encounter against the Chaos Sorcerer — a Psyker-adjacent powered-up magic caster that highlights Warhammer 40,000: Space Marine 2’s potential for enemy variety.

“Warhammer 40,000: Space Marine 2 elevates things up to 11.”

Progressing through the campaign unlocks access to the main area of Warhammer 40,000: Space Marine 2, which allows the player to customize their own Ultramarine unit, choosing from the six available classes, gradually unlocking new modifiers and cosmetics, along with character-specific skills that help distinguish each character class.

If you’ve played Warhammer 40,000: Darktide before, the approach to missions and the multiplayer lobby in Space Marine 2 will feel very familiar to returning players. Outside of the Assault class, Space Marine 2 features the Tactical, Vanguard, Bulwark, Sniper and Heavy classes to pick from. Starting with the Tactical unit, players can expect a similar feeling range of melee prowess to the Assault class, replacing the hammer with a chainsword alongside the Auspex Scan ability, which highlights enemies hidden in the environment and temporarily makes them susceptible to bonus damage.

“…at least during this small, early look at Warhammer 40,000: Space Marine 2, I can safely say that the variety in abilities and weapon loadouts feel good and work excellently together.

Conversely, the Vanguard is a bulkier unit equipped with a combat knife that dishes out chip damage when combined with the Grapnel Launcher ability, which can launch the player towards a target, quickly closing the gap, allowing to get in those extra hits hasten the proc for finishing moves.

The heaviest two units present in the game, however, would be the Bulwark and the aptly named Heavy Unit. The Bulward features a large shield capable of mowing through hordes of enemies, along with the Chapter Banner unique ability that casts an AoE buff, restoring all player shields. In contrast, the Heavy unit, instead, features a powerful shotgun-like Heavy Bolter weapon along with the Iron Halo ability, a bubble shield that protects against ranged attacks.

Finally, the Sniper unit features, as the name may suggest, a solid range-focused Bolt Sniper Rifle, the combat knife and the ability to go invisible for you and your squad before attacking, making it viable to single-out and stagger larger enemies before mopping up the minions.

Although not as drastically different in how the classes feel, when compared to something like Darktide, at least during this small, early look at Warhammer 40,000: Space Marine 2, I can safely say that the variety in abilities and weapon loadouts feel good and work excellently together. They create a sense of synergy between you and your squad mates, particularly during boss encounters, which can really test your mettle.

“The core gameplay loop in Warhammer 40,000: Space Marine 2 will feel familiar to third-person shooter fans…”

The core gameplay loop in Warhammer 40,000: Space Marine 2 will feel familiar to third-person shooter fans and, of course, to those who played the first entry into the series. Thankfully, outside of a gigantic leap in graphic fidelity, Warhammer 40,000: Space Marine 2 fixes one of the most significant issues of the first game: taking damage during prolonged animations, such as when performing an execution move.

Speaking of execution moves, this was one of the most satisfying elements for me during my time with Warhammer 40,000: Space Marine 2, to the point where I found myself trying to cherry-pick kills from my friends in the hopes of getting that sweet, sweet execution to proc. In fact, I hope the addition of team-based executions is something that may be in the game once it finally sees release in September.

Overall, Warhammer 40,000: Space Marine 2 is shaping up to be a solid entry into the rich world of the Warhammer franchise and a worthy sequel to the 2011 original. It is worth keeping on your radar for both fans of the source material and TPS fanatics.

Henry Cavill and fellow Warhammer enthusiasts will be eating well with the abundance of new Warhammer projects on the horizon, including Warhammer 40,000: Space Marine 2. Warhammer 40,000: Speed Freeks has graced my Steam library with a fresh take on the vehicular combat genre that seldom gets enough love.

Based on the 2018 boardgame, Warhammer 40,000: Speed Freeks, like other videogame adaptations of the storied franchise, successfully transforms the tabletop experience into a fun and familiar-feeling online experience that feels like a mashup of games, including the beloved Twisted Metal series and even cult classics such as Cel Damage, presented in an unmistakably Warhammer coat of paint, complete with the wear and tear of a well-loved set of miniatures.

Now, if you’re unfamiliar with the Warhammer franchise, or if you’re like me and mostly know it through its videogame releases, fear not, as Warhammer 40,000: Speed Freeks holds up entirely on its 4 wheels thanks to a solid gameplay loop and distinct and easy-to-control vehicles.

In its current iteration, Warhammer 40,000: Speed Freeks features two game modes, Deff Rally and Kill Konvoy, spread across six maps, including Krump Canyon, Rok Rush, Mob Mountain and Burna Valley. Frozen Dakka and the Ded’ard Desert make up the remaining final maps, exclusive to the Kill Konvoy game type.

“Warhammer 40,000: Speed Freeks holds up entirely on its 4 wheels thanks to a solid gameplay loop and distinct and easy-to-control vehicles.”

Starting with the latter, Kill Konvoy tasks players in protecting their Stompa, a behemoth of a tank-like payload given to both teams. The object of the game requires either side to find a bomb that spawns somewhere on the map, pick it up and then crash into the opponent’s Stompa, kamikaze style. In other words, Kill Konvoy feels like what would happen if Rocket League was set in a Mad Max-inspired post-apocalyptic setting.

Conversely, Deff Rally emphasizes racing more, with players scrambling towards various control points. When successfully taken, these points prompt the next leg of the race, slowly racking up points towards the end of the round. Naturally, this sets up some fun moments of tension between both sides as they collide and clash for control on the rather expansive and open-ended maps.

In terms of vehicle variety, Warhammer 40,000: Speed Freeks currently features four racers to choose from: the Boomdakka Snazzwagon, the Kustom Boosta Blasta, the Looted Wagon, and finally, the Rukkatrukk Squigbuggy.

“Overall, the vehicle variety in Warhammer 40,000: Speed Freeks is solid, particularly for a free-to-play title.”

Starting with the Boomdakka Snazzwagon, which can be considered your best all-arounder type of vehicle, this two-seater comes complete with a chaingun turret, making it perfect for DPS and fast manoeuvrability during races. Next up is the Kustom Boosta Blasta, similar to the former in terms of manoeuvrability; what sets this car apart is its arsenal, which features a live orc that can be thrown in an arc as a powerful mini-nuke, plus a powerful primary shot, making it feel like a shotgun on wheels.

The Looted Wagon is your big, hulky, tank class of vehicle. While significantly slower than the other cars, the Looted Wagon makes a great last line of defence when trying to claim control or protect your Stompa in a game of Kill Konvoy. Finally, to round things out, the Rukkatrukk Squigbuggy, the only real support-styled vehicle, can heal teammates in an AoE when nearby, making it worthwhile to have around when in the heat of battle or securing points on the map.

Overall, the vehicle variety in Warhammer 40,000: Speed Freeks is solid, particularly for a free-to-play title. Every racer feels fun to control, with weapons that pack a punch and are satisfying to use against the opposing team. If you’re familiar with the source material, you’ll definitely appreciate the attention to detail Caged Element has put into adapting the board game for the screen.

Additionally, like most free-to-play affairs, Speed Freeks features a healthy amount of premium cosmetics that can be purchased with real money to deck your racers of choice further. It should also be noted that completing races will grant you EXP, which can, in turn, be used to level up and earn some free goodies, making it a fair and fun balance for all.

If there was one point of concern or criticism I have towards Warhammer 40,000: Speed Freeks, it would be its map variety. Although the game features a good number of various sandboxes to play in, most, if not all, maps feel fairly similar as far as mechanics and stage hazards go, something I hope evolves as the game matures.

Ultimately, Warhammer 40,000: Speed Freeks is coming together nicely, making it a worthwhile vehicular combat experience worth checking out for fans of not only the source material but also for those who miss the niche and woefully underappreciated genre of car-based carnage.

Destiny 2’s new episode, “Echoes,” is currently in full swing and you’re likely digging into the looter-shooters’s three new Battlegrounds while unraveling what the hell is going on with Saint-14. To get to the bottom of that mystery though, you’ve first got to collect radiolite samples in the current season’s…

Read more...

Well, friends, we’ve made it to the end of the the second season of House of the Dragon, after what felt like an eternally long setup. We’ve seen heirs slain, twin knights battle, and dragons fall with their riders. How will this chapter in family melodrama end? Turns out, in restless suspense.

Read more...

A new technical paper titled “MINT: Securely Mitigating Rowhammer with a Minimalist In-DRAM Tracker” was published by researchers at Georgia Tech, Google, and Nvidia.

Abstract
“This paper investigates secure low-cost in-DRAM trackers for mitigating Rowhammer (RH). In-DRAM solutions have the advantage that they can solve the RH problem within the DRAM chip, without relying on other parts of the system. However, in-DRAM mitigation suffers from two key challenges: First, the mitigations are synchronized with refresh, which means we cannot mitigate at arbitrary times. Second, the SRAM area available for aggressor tracking is severely limited, to only a few bytes. Existing low-cost in-DRAM trackers (such as TRR) have been broken by well-crafted access patterns, whereas prior counter-based schemes require impractical overheads of hundreds or thousands of entries per bank. The goal of our paper is to develop an ultra low-cost secure in-DRAM tracker.

Our solution is based on a simple observation: if only one row can be mitigated at refresh, then we should ideally need to track only one row. We propose a Minimalist In-DRAM Tracker (MINT), which provides secure mitigation with just a single entry. At each refresh, MINT probabilistically decides which activation in the upcoming interval will be selected for mitigation at the next refresh. MINT provides guaranteed protection against classic single and double-sided attacks. We also derive the minimum RH threshold (MinTRH) tolerated by MINT across all patterns. MINT has a MinTRH of 1482 which can be lowered to 356 with RFM. The MinTRH of MINT is lower than a prior counter-based design with 677 entries per bank, and is within 2x of the MinTRH of an idealized design that stores one-counter-per-row. We also analyze the impact of refresh postponement on the MinTRH of low-cost in-DRAM trackers, and propose an efficient solution to make such trackers compatible with refresh postponement.”

Find the technical paper here. Preprint published July 2024.

Qureshi, Moinuddin, Salman Qazi, and Aamer Jaleel. “MINT: Securely Mitigating Rowhammer with a Minimalist In-DRAM Tracker.” arXiv preprint arXiv:2407.16038 (2024).

The post Secure Low-Cost In-DRAM Trackers For Mitigating Rowhammer (Georgia Tech, Google, Nvidia) appeared first on Semiconductor Engineering.

A new technical paper titled “NVM-Flip: Non-Volatile-Memory BitFlips on the System Level” was published by researchers at Ruhr-University Bochum, University of Duisburg-Essen, and Robert Bosch.

Abstract
“Emerging non-volatile memories (NVMs) are promising candidates to substitute conventional memories due to their low access latency, high integration density, and non-volatility. These superior properties stem from the memristor representing the centerpiece of each memory cell and is branded as the fourth fundamental circuit element. Memristors encode information in the form of its resistance by altering the physical characteristics of their filament. Hence, each memristor can store multiple bits increasing the memory density and positioning it as a potential candidate to replace DRAM and SRAM-based memories, such as caches.

However, new security risks arise with the benefits of these emerging technologies, like the recent NeuroHammer attack, which allows adversaries to deliberately flip bits in ReRAMs. While NeuroHammer has been shown to flip single bits within memristive crossbar arrays, the system-level impact remains unclear. Considering the significance of the Rowhammer attack on conventional DRAMs, NeuroHammer can potentially cause crucial damage to applications taking advantage of emerging memory technologies.

To answer this question, we introduce NVgem5, a versatile system-level simulator based on gem5. NVgem5 is capable of injecting bit-flips in eNVMs originating from NeuroHammer. Our experiments evaluate the impact of the NeuroHammer attack on main and cache memories. In particular, we demonstrate a single-bit fault attack on cache memories leaking the secret key used during the computation of RSA signatures. Our findings highlight the need for improved hardware security measures to mitigate the risk of hardware-level attacks in computing systems based on eNVMs.”

Find the technical paper here. Published June 2024.

Felix Staudigl, Jan Philipp Thoma, Christian Niesler, Karl Sturm, Rebecca Pelke, Dominik Germek, Jan Moritz Joseph, Tim Güneysu, Lucas Davi, and Rainer Leupers. 2024. NVM-Flip: Non-Volatile-Memory BitFlips on the System Level. In Proceedings of the 2024 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems (SaT-CPS ’24). Association for Computing Machinery, New York, NY, USA, 11–20. https://doi.org/10.1145/3643650.3658606

The post NeuroHammer Attacks on ReRAM-Based Memories appeared first on Semiconductor Engineering.

The Anvil Hammer is a Colossal Weapon found in Elden Ring’s Shadow of the Erdtree expansion. It can deal some very hefty damage to your enemies while also breaking their stance easily, making this a top-notch choice for Strength builds seeking some extra power. If that sounds up your alley, you won’t want to miss this…

Read more...

The Black Steel Greathammer is a Greathammer found exclusively in Elden Ring’s Shadow of the Erdtree expansion. This big and powerful hammer can make short work of foes that stand in your way—so long as you have the appropriate stats to wield it. This is a weapon designed for a Strength/Faith hybrid build, so if that…

Read more...

Skulls! You’ve got one. I’ve got one. Everybody has a lovely skull keeping their lovely face right where it should be. Warhammer is big, so it needs must have multiple of them, hence their yearly event Skulls, which collates a bunch of Games Workshop related announcements into a sort of bizzaro world Nintendo Direct if Yoshi was actually a parasitic corpse emperor. There’s usually at least a few game announcements in there, and this year was a bumper. The headline announcement being an upcoming sequel to well-loved space-pope turn-based strategy Warhammer 40,000: Mechanicus. Yes, yes. I’m getting to the dog.

Read more

A technical paper titled “DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands” was published by researchers at Seoul National University and University of Illinois at Urbana-Champaign.

Abstract:

“The demand for precise information on DRAM microarchitectures and error characteristics has surged, driven by the need to explore processing in memory, enhance reliability, and mitigate security vulnerability. Nonetheless, DRAM manufacturers have disclosed only a limited amount of information, making it difficult to find specific information on their DRAM microarchitectures. This paper addresses this gap by presenting more rigorous findings on the microarchitectures of commodity DRAM chips and their impacts on the characteristics of activate-induced bitflips (AIBs), such as RowHammer and RowPress. The previous studies have also attempted to understand the DRAM microarchitectures and associated behaviors, but we have found some of their results to be misled by inaccurate address mapping and internal data swizzling, or lack of a deeper understanding of the modern DRAM cell structure. For accurate and efficient reverse-engineering, we use three tools: AIBs, retention time test, and RowCopy, which can be cross-validated. With these three tools, we first take a macroscopic view of modern DRAM chips to uncover the size, structure, and operation of their subarrays, memory array tiles (MATs), and rows. Then, we analyze AIB characteristics based on the microscopic view of the DRAM microarchitecture, such as 6F^2 cell layout, through which we rectify misunderstandings regarding AIBs and discover a new data pattern that accelerates AIBs. Lastly, based on our findings at both macroscopic and microscopic levels, we identify previously unknown AIB vulnerabilities and propose a simple yet effective protection solution.”

Find the technical paper here. Published May 2024.

Nam, Hwayong, Seungmin Baek, Minbok Wi, Michael Jaemin Kim, Jaehyun Park, Chihun Song, Nam Sung Kim, and Jung Ho Ahn. “DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands.” arXiv preprint arXiv:2405.02499 (2024).

Related Reading
Securing DRAM Against Evolving Rowhammer Threats
A multi-layered, system-level approach is crucial to DRAM protection.

The post DRAM Microarchitectures And Their Impacts On Activate-Induced Bitflips Such As RowHammer  appeared first on Semiconductor Engineering.

WWE 2K24 has unbanned modder WhatsTheStatus following complaints from its community.

WhatsTheStatus - who was banned last week for "violation of terms" - revealed on Twitter/X that, after speaking with 2K and the WWE team, they had "come to an agreement, and a fair one at that".

Originally, 2K and/or developer Visual Concepts was unhappy with WhatsTheStatus' mods, saying that as they "negatively impact the game experience for other players", the modder was banned in order to ensure there is a "positive WWE 2K24 experience for all players".

Read more

Advanced process nodes and higher silicon densities are heightening DRAM’s susceptibility to Rowhammer attacks, as reduced cell spacing significantly decreases the hammer count needed for bit flips.

Rowhammer exploits DRAM’s single-capacitor-per-bit design to trigger bit flips in adjacent cells through repeated memory row accesses. This vulnerability allows attackers to manipulate data, recover sensitive information, and crash processes or systems. First identified in 2014, evolving Rowhammer variants continue to target DRAM, successfully bypassing security techniques such as error correction code (ECC) and transactional row refresh (TRR).

Fig. 1: DRAMs on a DIMM, with corresponding mapping of row addresses and DRAM banks. A RowHammer attack can flip bits in the same victim row in multiple DRAMs, overwhelming ECC protection. Source: Rambus

Effectively protecting DRAM against Rowhammer requires a multi-layer, system-level implementation of robust security techniques, from encryption and obfuscation to enforced data isolation and advanced error correction schemes. This is easier said than done, however, as countermeasures can potentially impact power, performance, and area (PPA). Engineers should therefore evaluate PPA-security tradeoffs alongside key features and components at the start of the design process.

A top-down, system-level approach to securing DRAM
“Security is always a cat-and-mouse game, and the evolution of Rowhammer attacks and defenses is no different,” said Nicole Fern, senior security analyst at Riscure. “Researchers have demonstrated successful Rowhammer attacks on commercial DRAM modules employing both TRR and ECC, recovering TLS signing keys in several cryptographic libraries (Amazon-s2n (CVE-2022-42962), WolfSSL (CVE-2022-42961), and LibreSSL (CVE-2022-42963). Many speculate that real-world attacks are imminent. For countermeasures, the question should not be, ‘Will they ultimately be able to counter Rowhammer attacks in general?’ Rather, the question should be: ‘For a specific system and threat model, is the attack effort greater than the value of the assets being targeted and costs of a successful attack?’”

Traditionally, only PPA tradeoffs are considered during the silicon design process. However, recent hardware-based attacks, including Rowhammer, Meltdown, and Spectre, and those exploiting DVFS features to inject faults from software—such as clkscrew and Plundervolt—highlight the importance of prioritizing security during the design process. “Often, it is new features added for performance that create a foothold for attacks,” explained Fern. “As DRAM technology [nodes] shrink over time, with density and performance improving, susceptibility to Rowhammer increases. [Engineers] need to be aware of this effect and proactively design in appropriate countermeasures — with thorough testing ensuring these perform as expected as DRAM technology evolves.”

Jason Oberg, co-founder and CTO at Cycuity, agrees. “Hardware susceptibility is a key component of a larger chain of weaknesses used to exploit vulnerabilities. Rowhammer, a physical attack that’s done remotely, is one of those easy-to-exploit vectors, because if you can flip or modify a bit, you can chain that together with other software-based exploits. In isolation, it may be less of an issue, but in the context of a bigger strain of weaknesses that someone is exploiting, it’s problematic. Many systems vulnerable to Meltdown and Spectre, for example, are also points of concern for exploits like Rowhamer. You wouldn’t worry about these attacks on your smart light bulb or robot vacuum, but I would be concerned about my phone or laptop.”

To address these concerns, various encryption and obfuscation techniques have been proposed to protect DRAM from Rowhammer attacks. “If you encrypt or obfuscate your data, and then someone hammers a row and causes bits to flip, they won’t be able to target a specific bit,” Oberg explained. “They won’t know what the specific bit is. Whereas if it’s just plain text and it’s like a supervisor bit and they know where that supervisor bit is, then they can be very direct with what they’re doing.”

Although these techniques are crucial, Oberg emphasized that security considerations must be part of the design process, starting at the architectural level. “If I’m building a chip using licensed IP, I need to take a step back, analyze its function, and determine the assets that need to be protected,” Oberg noted. “From there, you can license a hardware-based root of trust. Maybe you trust one and not the other, even though it’s cheaper. These are the kind of decisions you should drive at the top level, and then try to manage as best you can without having full control of everything in your supply chain.”

Analyzing a system holistically also allows the design team to reduce the impact of security mitigation on PPA. “If you jump straight into saying, ‘I am concerned about memory,’ then you’re already very isolated,” he said. “If you start picking at each of the weaknesses independently, then the overhead goes up a lot higher because there may be an overlap between [mitigation techniques]. So you should take a higher-level view. It’s important to look at that top level and then drive your security program from that level. If you drive it from the bottom up, you’re going to have huge overheads, a lot of complexity, and you’re going to have problems.”

Ultimately, Oberg sees a combination of system-wide hardware and software solutions, paired with strict access controls and enforced data isolation, as a more effective method of countering exploits like Rowhammer. “In any multi-tenant or shared environment, containers are needed to isolate data. Data should also be assigned, for example, to processor thread A where it can’t be read by another thread. Of course, it can’t just be software. Foundation-level hardware protections are required. Otherwise, software protection will be subverted.”

Siloing processes and tagging memory
Kos Gitchev, senior technical market manager at Cadence, pointed to Arm’s confidential compute architecture (CCA) and memory tagging extension (MTE) as examples of a multi-layered, system-centric defense strategy against various attacks and exploits, including Rowhammer and RAMBleed. CCA ensures data protection during processing by isolating or siloing computation in a secure, hardware-backed environment, while MTE tags memory allocations with metadata that is verified during runtime operations. Although not specifically designed to counter Rowhammer or RAMBleed, both mechanisms help protect against such exploits.

“A Rowhammer attacker can’t say: ‘Well, I’ve taken over the machine and I want to go read this memory,’” Gitchev explained. “If you don’t have the appropriate MTE tags for your process, then you won’t be able to read it. The system will basically block it.”

To protect data held in DRAM, 128-bit or 256-bit AES encryption is also essential. “This is generally done by the memory subsystem, not the DRAM itself,” Gitchev noted. “Blocks of data will come in, they’ll get encrypted, and then pass to the memory. If anything happens to the encrypted data, it won’t properly decrypt. Encryption is almost always done in conjunction with ECC, so there are almost two layers of protection when you implement this scheme.”

Gitchev emphasized that encryption is only effective if keys are properly managed and secured. “A memory subsystem does the encryption. It has the algorithm and adds the XTS extension. Even when you write two blocks of the same data, they’ll look different on the bus to the memory. Of course, all of this can be overcome if someone compromises the encryption key.”

AES encryption can be added without major PPA penalties, making it an optimal choice for memory subsystems. “There are many different encryption schemes out there, but AES is easiest to implement,” said Gitchev. “Adding encryption, however, does increase the number of gates and power. To be fair, most of the memory subsystem power goes into driving the interface [for transferring data off-chip to the memory and back]. There is also a little bit of performance and area cost. The memory subsystem is now bigger because it needs to execute complex mathematical calculations for encryption and decryption in real time without significant latency.”

Tightly coupling encryption and decryption ciphering functions inside the DDR or LPDDR controllers facilitates maximum memory efficiency and lowest overall latency. “When doing both functions separately, certain functionality may have to be repeated, such as bus interface logic or support for read-modify-write operations,” said Ruud Derwig, system architect, solutions group at Synopsys. “When tightly integrated, the scheduler inside the controller can request encryption and decryption at the most optimal times, for example, when overlapping other controller operations or while waiting for data.”

Rowhammer and its variants aren’t necessarily the primary drivers for memory encryption solutions that require secure key management. “Inline memory encryption (IME) is mainly intended to defend against cold-boot attacks and provide confidential compute features,” Derwig said. “For example, a newly created virtual machine (VM) or process may get access to physical memory pages used previously by another VM or process when memory is not erased first, compromising the confidentiality of that previous computing context. With proper key management, IME mitigates these compromises. Or, when the hypervisor itself cannot be trusted, confidentiality of user data is still guaranteed by using different IME keys for different privilege levels and VMs.”

Nevertheless, IME contributes to Rowhammer attack countermeasures, as post-encryption data in the memory appears random to attackers. “Certain data patterns — rowstriped or checker patterns, for example — give the highest success rate for row hammering,” Derwig elaborated. “Moreover, when a single or a few bits are flipped, this is amplified to a full 128-bit decrypted block getting random data, so exploiting bit flips becomes much harder. When there is no attacker control over the changes, it is more likely to get detected by causing malfunctioning. IME [also offers] cryptographically strong integrity protection that mitigates bypassing less strong ECC protection.”

The cycle of Rowhammer attacks and countermeasures will continue as new vulnerabilities are identified and addressed. “Multi-level defenses and mitigations, such as hardware design of memory chips and memory controllers, as well as system software mitigations in hypervisors and operating systems, are needed to [counter] evolving threats,” Derwig added.

Bolstering DRAM reliability in data centers
Although Rowhammer can target any device equipped with DRAM, protecting the data center remains a priority for the semiconductor industry and many security researchers. “New memory used to debut in high-performance PCs and then move into servers,” said Steven Woo, fellow and distinguished inventor at Rambus Labs. “These days, new memory technologies debut for AI [applications] in data centers. The concern is, ‘What if somebody gains access to many servers in the data center and launches programs that intentionally try to repeatedly activate addresses?’ If enough bits flip and can’t be corrected, it could cause what looks like a large hardware fault. You might have to take down memory channels or a machine.”

While the risks of Rowhammer and other exploits in the data center are well known, the semiconductor industry may need more time to comprehensively bolster DRAM security and reliability at the design and system levels. “If you go back 25 or 30 years, nobody was really that concerned about power,” Woo stated. “You can dissipate the heat. You just burn a little more power to get more performance. But today, power is a first-class design parameter that everybody thinks about. Reliability is in that same place that power was in the 2000 to 2005 timeframe, where people are starting to realize, ‘Well, wait a minute, things aren’t infinitely reliable. We’re now going to have to consider DRAM reliability as a first-class design parameter.'”

As DRAM process geometries continue to shrink, electronic engineers will need to develop new or improved architectures and techniques that resist deliberate and repeated errors caused by attackers. “And the tradeoff is, ‘What are you willing to pay to do that? Is there a performance hit? Is there an area hit? Are we storing lots of extra bits?’ In 10 years, we’ll look back and we’ll be talking about reliability in the same way that we talk about power today,” he said.

Bolstering DRAM security and reliability without significantly impacting PPA was the primary driver behind the development of Rambus Labs’ RAMPART: Rowhammer mitigation and repair for server memory systems. Essentially, RAMPART mitigates Rowhammer attacks and improves server memory system reliability by remapping addresses in each DRAM, confining bit flips to a single device for any victim row address. When paired with existing error detection and correction methods, such as single-device data correction (SDDC) and patrol scrub, the system successfully detects and corrects bit flips. To effectively minimize mitigation overhead, RAMPART employs BRC-VL, a variation of DDR5’s bounded refresh configuration (BRC).

Fig. 2: RAMPART row address mappings produce unique neighbors, so Rowhammer attacks have different victim addresses in each DRAM. (a) Circular left shifts of controller row addresses based on unique DRAM IDs are shown. The tables at the bottom illustrate how controller row addresses map to internal bank rows in each DRAM. Row addresses 0x0000 and 0x0001 are bolded to highlight increasing separation with larger shifts. (b) Hammering controller row address 0x0001 flips bits in controller row addresses 0x0000 and 0x0002 in DRAM 0, but controller row addresses 0x8000 and 0x8001 in DRAM 1. A subsequent read to controller row address 0x0000 sees errors only from DRAM 0 that can be corrected with SDDC ECC. Source: Rambus

Assuming 70% area utilization and conservative routing, RAMPART reaches a speed of 2.85GHz in an area of 3910µm², or roughly 51K NAND2 gates. For a server with 1,024 banks, the total area required is only 0.1251mm². “We did a sample implementation at TSMC’s 7nm process, showing RAMPART’s small [footprint],” Woo said. “The controller side of it that does the tracking and figures out how often to issue a mitigation operation is very small, just a few gates. It’s very reasonable to implement something like this in a memory controller, and it has no die size impact as far as we can tell. There’s no latency impact on the accesses. It’s a very simple remapping change. And the DRAM is already doing remapping, so it’s not like asking for a new function. It’s simply modifying an existing function.

Conclusion
The continued proliferation of new and improved Rowhammer variants highlights the critical importance of implementing multi-layered, system-level countermeasures to protect DRAM, alongside of other key components and features. These should encompass a wide range of security techniques, from encryption and obfuscation to advanced error correction, address remapping, and data isolation. Still, to fully optimize performance and minimize latency, PPA security tradeoffs must be assessed from the top down at the start of the design process.

Related Reading
Power/Performance Costs Of Securing Systems
Security requires significant overhead, but it is no longer an option to ignore it. Cybercriminals will continue to exploit weak components.
Developing An Unbreakable Cybersecurity System
New approaches are in research, but threats continue to grow.
DRAM Choices Are Suddenly Much More Complicated
The number of options and tradeoffs is exploding as multiple flavors of DRAM are combined in a single design.

The post Securing DRAM Against Evolving Rowhammer Threats appeared first on Semiconductor Engineering.

Peacock’s selection of horror and sci-fi movies is quite good, but its genre library also has tons of titles you’ve probably never heard of, including overlooked oddities—and several outright howlers. We’ve combed through Peacock’s sci-fi category to find 10 of the most WTF titles you can stream. Are these…

Read more...

By this headline, I really don't mean that Warhammer 40k is rubbish. But if you have no idea what it is apart from "thing Henry Cavill got made fun of for enjoying on the Graham Norton Show" or "reason I walk past a bunch of beardy lads taking a vape break outside a small shop with steamed up windows every time I go down Lower Glanmire Road", PowerWash Simulator's latest officially licensed IP tie-in DLC could act like a sort of gateway drug. A first step on the path to buying a bunch of miniatures. It's out now, for £6.50/$8/€8 on Steam, and it's very fun.

Read more

My experience with Warhams isn't flat zero - I had some minifigs when I was a teenager and played a few of the Dawn Of War video games - but I haven't actively checked in on it for a while. I know enough to make "[x] for the [x] throne!" jokes, basically. My experience with cleaning-stuff-sim PowerWash Simulator is extensive, though, and I was excited when the crossover with Warhammer 40K was teased a while back. Last night we got a full trailer and release date of Frebruary 27th - next week! - and I'm now earnestly very excited. The trailer is both very funny and shows off massive things to clean. Win win, innit.

Read more