The adoption of processing-in-memory (PiM) architectures has been gaining momentum because they provide high performance and low energy consumption by alleviating the data movement bottleneck. Yet, the security of such architectures has not been thoroughly explored. The adoption of PiM solutions provides a new way to directly access main memory, which can be potentially exploited by malicious user applications. We show that this new way to access main memory opens opportunities for high-throughput timing attack vectors that are hard-to-mitigate without significant performance overhead. We introduce IMPACT, a set of high-throughput main memory-based timing attacks that leverage characteristics of PiM architectures to establish covert and side channels. IMPACT enables high-throughput communication and private information leakage. To achieve this, IMPACT (i) eliminates expensive cache bypassing steps required by processor-centric main memory and cache-based timing attacks and (ii) leverages the intrinsic parallelism of PiM operations. First, we showcase two covert-channel attack variants that run on the host CPU and leverage PiM architectures to gain direct and fast access to main memory and establish high-throughput communication covert channels. Second, we showcase a side-channel attack on a DNA sequence analysis application that leaks the private characteristics of a user's sample genome by leveraging PiM operations. Our results demonstrate that (i) our covert channels achieve up to 14.16 Mb/s communication throughput, which is 6.38x faster than the state-of-the-art main memory-based covert channels, and (ii) our side-channel attack allows the attacker to determine the properties of a sample genome at a throughput of 7.5 Mb/s with 96% accuracy. We discuss and evaluate several countermeasures for IMPACT to enable secure and robust PiM architectures.

翻译：内存计算（Processing-in-Memory, PiM）架构的采用正日益流行，因其能缓解数据移动瓶颈，实现高性能与低能耗。然而，此类架构的安全性尚未得到充分探索。PiM解决方案提供了直接访问主存的新途径，可能被恶意用户应用程序利用。我们证明，这种新式主存访问方式为高吞吐量时序攻击向量创造了机会，且难以在不显著降低性能的前提下加以缓解。我们提出IMPACT——一组基于主存的高吞吐量时序攻击方法，利用PiM架构特性建立隐蔽信道与侧信道，实现高吞吐量通信与隐私信息泄露。为此，IMPACT：（i）消除了以处理器为中心的主存与缓存时序攻击所需的昂贵缓存旁路步骤；（ii）利用了PiM操作的内在并行性。首先，我们展示两种在主机CPU上运行的隐蔽信道攻击变体，它们利用PiM架构直接快速访问主存，建立高吞吐量通信隐蔽信道。其次，我们展示针对DNA序列分析应用的侧信道攻击，通过PiM操作泄露用户样本基因组的隐私特征。实验结果表明：（i）我们的隐蔽信道通信吞吐量可达14.16 Mb/s，比现有最先进的主存隐蔽信道快6.38倍；（ii）侧信道攻击能以7.5 Mb/s的吞吐量和96%的准确率判定样本基因组属性。我们讨论并评估了针对IMPACT的多种防御措施，以构建安全可靠的PiM架构。