Google says Rowhammer attacks are gaining range as RAM is getting denser

3 views
Skip to first unread message

Carl Hewitt

unread,
May 28, 2021, 5:02:01 PMMay 28
to fr...@googlegroups.com

Mark S. Miller

unread,
May 28, 2021, 5:12:01 PMMay 28
to fr...@googlegroups.com
Wow. This is really terrible news. I mean, really awful. Much worse than Meltdown and Spectre, even though it'll never get that level of publicity.

Carl, given your juxtaposition, I'll point out that blockchains are not vulnerable to this.

Unfortunately, all the machines that talk to blockchains are. And any individual validator is. But massive redundancy and cross-checking is an adequate defense for the blockchain-based computation itself.



On Fri, May 28, 2021 at 2:02 PM Carl Hewitt <hew...@irobust.org> wrote:

--
You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/friam/BY5PR10MB42746C3D925E522B23188E3BD9229%40BY5PR10MB4274.namprd10.prod.outlook.com.

Carl Hewitt

unread,
May 28, 2021, 5:39:01 PMMay 28
to fr...@googlegroups.com

Mark:

 

This may not be as bad as you imagine.

Hardware mitigations are possible.

 

Ledgers will play a small part in some Intelligent Applications.

 

The big picture is that massive concurrency with indeterminacy will be crucial for Intelligent Systems.

 

Regards,

Carl

 

https://professorhewitt.blogspot.com/

Tony Arcieri

unread,
May 28, 2021, 5:44:26 PMMay 28
to fr...@googlegroups.com
On Fri, May 28, 2021 at 2:39 PM Carl Hewitt <hew...@irobust.org> wrote:

This may not be as bad as you imagine.

Hardware mitigations are possible.


Notably ARM has nearly zero-overhead cryptographic authentication (and encryption) of all data stored in ARM, in a tree-like data structure which authenticates a global view of RAM, available as an optional hardware feature. In systems with this feature, all RAM can be authenticated (and encrypted) by default in hardware.

Intel SGX has something much less cool, with much more overhead (e.g. the EPC, but also general slowdowns), truncated MACs providing less cryptographic security, and much more additional complexity and attack surface.

--
Tony Arcieri

Carl Hewitt

unread,
May 28, 2021, 5:52:32 PMMay 28
to fr...@googlegroups.com

Excellent point, Tony!

 

Encrypted/signed RAM is important to defend against may other attacks besides RowHammer

 

Regards,

Carl

 

https://professorhewitt.blogspot.com/

 

From: fr...@googlegroups.com <fr...@googlegroups.com> On Behalf Of Tony Arcieri
Sent: Friday, May 28, 2021 14:44
To: fr...@googlegroups.com
Subject: Re: [friam] Google says Rowhammer attacks are gaining range as RAM is getting denser

 

On Fri, May 28, 2021 at 2:39 PM Carl Hewitt <hew...@irobust.org> wrote:

--

You received this message because you are subscribed to the Google Groups "friam" group.
To unsubscribe from this group and stop receiving emails from it, send an email to friam+un...@googlegroups.com.

Reply all
Reply to author
Forward
0 new messages