[Cryptography] How to make rowhammer less likely
leichter at lrw.com
Tue Jun 19 13:39:44 EDT 2018
>> It is much simpler and cheaper to just increase the RAM
>> refresh rate, use ECC, and monitor performance counters to detect
>> excessive cache flushes generated by a single program.
> I would expect that non-volatile RAM (like STT-MRAM or Intel Optane ReRAM) should make all of this moot. Anyone know?
Rowhammer is a targeted attack against a specific memory technology - and even, if you dig into it, against particular hardware implementations of that specific memory technology. It seem highly unlikely that *this particular attack* would work against a very different memory technology like STT-MRAM or Optane.
For the matter, it's very unlikely that it will continue to work against next-generation memory chips which will be designed specifically to resist it.
Of course, saying "rowhammer won't work against XYZ" should absolutely not be taken as equivalent to "XYZ is secure". Now that the seed has been planted, attackers will be looking for other attacks against other technologies. Some will perhaps be similar; others very different but inspired by our emerging appreciation that our reliance on hardware based on its external specs, when operating in "typical" environments, has to stop. Attacks for the last couple of years have increasing gone "down the technology stack", piercing the abstractions that we've built our trust upon. Defenses will have to do the same.
More information about the cryptography