DRAM chips are vulnerable to read disturbance phenomena (e.g., RowHammer and RowPress), where repeatedly accessing or keeping open a DRAM row causes bitflips in nearby rows. Attackers leverage RowHammer bitflips in real systems to take over systems and leak data. Consequently, many prior works propose defenses, including recent DDR specifications introducing new defenses (e.g., PRAC and RFM). For robust operation, it is critical to analyze other security implications of RowHammer defenses. Unfortunately, no prior work analyzes the timing covert and side channel vulnerabilities introduced by RowHammer defenses. This paper presents the first analysis and evaluation of timing covert and side channel vulnerabilities introduced by state-of-the-art RowHammer defenses. We demonstrate that RowHammer defenses' preventive actions have two fundamental features that enable timing channels. First, preventive actions reduce DRAM bandwidth availability, resulting in longer memory latencies. Second, preventive actions can be triggered on demand depending on memory access patterns. We introduce LeakyHammer, a new class of attacks that leverage the RowHammer defense-induced memory latency differences to establish communication channels and leak secrets. First, we build two covert channel attacks exploiting two state-of-the-art RowHammer defenses, achieving 39.0 Kbps and 48.7 Kbps channel capacity. Second, we demonstrate a website fingerprinting attack that identifies visited websites based on the RowHammer-preventive actions they cause. We propose and evaluate three countermeasures against LeakyHammer. Our results show that fundamentally mitigating LeakyHammer induces large performance overheads in highly RowHammer-vulnerable systems. We believe and hope our work can enable and aid future work on designing better solutions and more robust systems in the presence of such new vulnerabilities.

翻译：DRAM芯片易受读取干扰现象（例如RowHammer和RowPress）的影响，即重复访问或保持打开DRAM行会导致邻近行发生比特翻转。攻击者在实际系统中利用RowHammer比特翻转来接管系统并泄露数据。因此，许多先前的研究提出了防御措施，包括近期DDR规范引入的新防御机制（例如PRAC和RFM）。为确保稳健运行，分析RowHammer防御的其他安全影响至关重要。遗憾的是，尚无研究分析RowHammer防御引入的时序隐蔽信道和侧信道漏洞。本文首次对最先进的RowHammer防御引入的时序隐蔽信道和侧信道漏洞进行了分析与评估。我们证明RowHammer防御的预防性操作具有两个基本特征，能够实现时序信道。首先，预防性操作会降低DRAM带宽可用性，导致内存延迟增加。其次，预防性操作可根据内存访问模式按需触发。我们提出了LeakyHammer，这是一类新型攻击，利用RowHammer防御引起的内存延迟差异建立通信信道并泄露机密信息。首先，我们构建了两种利用最先进RowHammer防御的隐蔽信道攻击，分别实现了39.0 Kbps和48.7 Kbps的信道容量。其次，我们展示了一种网站指纹识别攻击，该攻击基于网站触发的RowHammer预防性操作来识别访问过的网站。我们提出并评估了三种针对LeakyHammer的防御对策。结果表明，在RowHammer高度脆弱的系统中，从根本上缓解LeakyHammer会带来较大的性能开销。我们相信并希望本研究能够促进和帮助未来工作，在设计更优解决方案和构建更稳健系统时应对此类新型漏洞。