Rowhammer attack strategy TRRespass wins Pwnie award
Last week at the annual BlackHat Europe conference, the rowhammer attack strategy TRRespass won the Pwnie award in the most innovative research category. TRRespass was a result of a fruitful collaboration between Prof. Kaveh Razavi, Prof. Onur Mutlu and researchers in the Netherlands. Pwnies are the most prestigious industrial awards in the security community.
For many years now, the security of data stored on DRAM chips inside mobile phones, laptops and even servers system, has been under intense scrutiny due to the RowHammer vulnerability. CPU and DRAM vendors have promised a RowHammer-free world with a mitigation known as Target Row Refresh. TRRespass sheds light on this little-known mitigation and shows for the first time that recent systems employ this mitigation entirely inside DRAM chips. Our deep and novel analysis shows that various TRR mitigations can be bypassed by a new variant which we call many-sided RowHammer. Unlike CPU vulnerabilities that can often be fixed with a microcode patch, the issues uncovered by TRRespass will unfortunately stay with us for many years to come. As a result of our efforts there is now a dedicated task group inside JEDEC (DRAM standardization body) encompassing all major CPU and DRAM players to tackle the issues discovered by TRRespass.
TRRespass has previously won the best paper award in IEEE Security and Privacy conference in May. IEEE Security and Privacy is a flagship conference in security.
News items on the COMSEC (Prof. Kaveh Razavi) and SAFARI (Prof. Onur Mutlu) websites:
https://comsec.ethz.ch/pwnie-award-for-trrespass/
https://comsec.ethz.ch/trrespass-wins-best-paper-award-at-sp/
https://safari.ethz.ch/tresspass-wins-the-best-paper-award-at-ieee-ssp/