Rana Elnaggar, Siyuan Chen, P. Song, K. Chakrabarty
{"title":"基于fpga的soc中Rowhammer攻击检测","authors":"Rana Elnaggar, Siyuan Chen, P. Song, K. Chakrabarty","doi":"10.1109/ETS48528.2020.9131554","DOIUrl":null,"url":null,"abstract":"Heterogeneous SoCs integrate FPGAs and microprocessor cores on the same fabric to accelerate applications such as cryptography and deep learning. Since FPGAs share resources with the microprocessor cores, they can launch non-cacheable SDRAM transactions through direct FPGA-to-microprocessor SDRAM interface. Therefore, if the FPGA 3rd party IPs (3PIPs) are malicious, they can launch rowhammer attacks on the SDRAM. Today's countermeasures based on performance counters cannot detect these attacks because memory transactions from FPGAs do not pass through the cache. In addition, countermeasures that count the frequency of activation of memory rows require structural changes to the memory controller or DRAM chips. Moreover, today's countermeasures cannot identify the IP that launches the attack. We present a security solution that monitors the SDRAM transactions from IPs on the FPGA to each bank of the microprocessor SDRAM through the FPGA-to-microprocessor SDRAM interface. The proposed monitor is implemented on the FPGA fabric. It can detect attempts to launch a rowhammer attack before it causes bit flips in the SDRAM. It utilizes only 1% of the adaptive logic modules (ALMs) available in an Intel Cyclone V FPGA to monitor the transactions from one IP.","PeriodicalId":267309,"journal":{"name":"2020 IEEE European Test Symposium (ETS)","volume":"102 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Detection of Rowhammer Attacks in SoCs with FPGAs\",\"authors\":\"Rana Elnaggar, Siyuan Chen, P. Song, K. Chakrabarty\",\"doi\":\"10.1109/ETS48528.2020.9131554\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Heterogeneous SoCs integrate FPGAs and microprocessor cores on the same fabric to accelerate applications such as cryptography and deep learning. Since FPGAs share resources with the microprocessor cores, they can launch non-cacheable SDRAM transactions through direct FPGA-to-microprocessor SDRAM interface. Therefore, if the FPGA 3rd party IPs (3PIPs) are malicious, they can launch rowhammer attacks on the SDRAM. Today's countermeasures based on performance counters cannot detect these attacks because memory transactions from FPGAs do not pass through the cache. In addition, countermeasures that count the frequency of activation of memory rows require structural changes to the memory controller or DRAM chips. Moreover, today's countermeasures cannot identify the IP that launches the attack. We present a security solution that monitors the SDRAM transactions from IPs on the FPGA to each bank of the microprocessor SDRAM through the FPGA-to-microprocessor SDRAM interface. The proposed monitor is implemented on the FPGA fabric. It can detect attempts to launch a rowhammer attack before it causes bit flips in the SDRAM. It utilizes only 1% of the adaptive logic modules (ALMs) available in an Intel Cyclone V FPGA to monitor the transactions from one IP.\",\"PeriodicalId\":267309,\"journal\":{\"name\":\"2020 IEEE European Test Symposium (ETS)\",\"volume\":\"102 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE European Test Symposium (ETS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ETS48528.2020.9131554\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE European Test Symposium (ETS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ETS48528.2020.9131554","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
摘要
异构soc将fpga和微处理器内核集成在同一结构上,以加速密码学和深度学习等应用。由于fpga与微处理器内核共享资源,它们可以通过直接fpga到微处理器的SDRAM接口启动不可缓存的SDRAM事务。因此,如果FPGA第三方ip (3pip)是恶意的,他们可以对SDRAM发起rowhammer攻击。目前基于性能计数器的对策无法检测到这些攻击,因为来自fpga的内存事务不通过缓存。此外,计算存储器行激活频率的对策需要对存储器控制器或DRAM芯片进行结构更改。此外,今天的对策无法识别发起攻击的IP。我们提出了一种安全解决方案,通过FPGA到微处理器SDRAM接口监控从FPGA上的ip到微处理器SDRAM的每组SDRAM事务。提出的监视器是在FPGA结构上实现的。它可以在引起SDRAM中的位翻转之前检测到发起打滑锤攻击的企图。它仅利用英特尔Cyclone V FPGA中可用的1%的自适应逻辑模块(alm)来监视来自一个IP的事务。
Heterogeneous SoCs integrate FPGAs and microprocessor cores on the same fabric to accelerate applications such as cryptography and deep learning. Since FPGAs share resources with the microprocessor cores, they can launch non-cacheable SDRAM transactions through direct FPGA-to-microprocessor SDRAM interface. Therefore, if the FPGA 3rd party IPs (3PIPs) are malicious, they can launch rowhammer attacks on the SDRAM. Today's countermeasures based on performance counters cannot detect these attacks because memory transactions from FPGAs do not pass through the cache. In addition, countermeasures that count the frequency of activation of memory rows require structural changes to the memory controller or DRAM chips. Moreover, today's countermeasures cannot identify the IP that launches the attack. We present a security solution that monitors the SDRAM transactions from IPs on the FPGA to each bank of the microprocessor SDRAM through the FPGA-to-microprocessor SDRAM interface. The proposed monitor is implemented on the FPGA fabric. It can detect attempts to launch a rowhammer attack before it causes bit flips in the SDRAM. It utilizes only 1% of the adaptive logic modules (ALMs) available in an Intel Cyclone V FPGA to monitor the transactions from one IP.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
