Protect Non-volatile Memory from Wear-out Attack based on Timing Difference of Row Buffer Hit/Miss
Haiyu Mao1,2,a, Xian Zhang3,c, Guangyu Sun3,d and Jiwu Shu1,2,b
1Department of Computer Science and Technology, Tsinghua University, China.
amhy15@mails.tsinghua.edu.cn
bshujw@tsinghua.edu.cn
2Tsinghua National Laboratory for Information Science and Technology, Beijing, China
3Center for Energy-efficient Computing and Applications, Peking University, China
czhang.xian@pku.edu.cn
dgsun@pku.edu.cn
ABSTRACT
Non-volatile Memories (NVMs), such as PCM and ReRAM, have been widely proposed for future main memory design because of their low standby power, high storage density, fast access speed. However, these NVMs suffer from the write endurance problem. In order to prevent a malicious program from wearing out NVMs deliberately, researchers have proposed various wear-leveling methods, which remap logical addresses to physical addresses randomly and dynamically. However, we discover that side channel leakage based on NVM row buffer hit information can reveal details of address remappings. Consequently, it can be leveraged to side-step the wear-leveling. Our simulation shows that the proposed attack method in this paper can wear out a NVM within 137 seconds, even with the protection of state-of-the-art wear-leveling schemes. To counteract this attack, we further introduce an effective countermeasure named Intra-Row Swap (IRS) to hide the wearleveling details. The basic idea is to enable an additional intrarow block swap when a new logical address is remapped to the memory row. Experiments demonstrate that IRS can secure NVMs with negligible timing/energy overhead, compared with previous works.
