M. Merrell, P. Gratz, S. Kalafatis
Texas A&M University, Texas, United States
Keywords: rowhammer, security, dram, memory, architecture
Rowhammer leverages disturbance effects in DRAM memories to modify other processes sharing that memory. This can result in the failure or compromise and control of that process. To prevent these attacks, designers have introduced mitigations to hinder attackers, making these attacks difficult to carry out. These mitigations can take many forms, but have shifted towards the hardware space due to the difficulty of software-hardware cooperation. Mitigations can incur performance overheads from false-positives, requiring designs that are highly aware of performance implications of any mitigation taken. Other features in microarchitectures can interact with these Rowhammer mitigations. One common feature, cache prefetchers, attempt to speculatively bring data into the processor caches before use. We show that prefetchers can exhibit behaviors that exacerbate the rate of false-positives from Rowhammer mitigations, resulting in performance degradation. Worse, we show that these same behaviors can be leveraged by attackers to amplify their own attacks via parallelism. Since prefetchers exist only within hardware, they are invisible to the software space, allowing attackers to bypass software mitigations via this invisible channel. We argue that new prefetcher designs must consider how attackers may exploit their designs, and take precautions against it.