The 2020 Pwnie Award For Most Innovative Research
TRRespass: When Memory Vendors Tell You Their Chips Are Rowhammer-free, They Are Not.
After an initial onslaught of high-profile RowHammer attacks, CPU and DRAM vendors scrambled to deliver what was meant to be the ultimate hardware solution against the RowHammer problem: Target Row Refresh (TRR). In fact, it was considered powerful enough that the DRAM vendors started advertising their DDR4 as absolutely “Rowhammer free”. Except they were wrong. Two years of reverse engineering revealed that TRR is not protecting us from Rowhammer at all. Once it became clear how the defense worked in detail, it also became trivial to bypass it and it turns out that so-called Rowhammer-free DRAM chips, from all major vendors, are even more vulnerable to Rowhammer than older DDR3 memory. Since firmware fixes are not possible for memory chips, software solutions are have prohibitive overheads, and once deployed DRAM stays in use for years, Rowhammer will remain a major threat for a long time still. The research community awarded the effort with a best paper award at the IEEE Symposium on Security & Privacy.