论文标题
被困:DRAM Trojan设计用于信息泄漏和故障注射攻击
TrappeD: DRAM Trojan Designs for Information Leakage and Fault Injection Attacks
论文作者
论文摘要
在本文中,我们从安全性的角度研究了在动态RAM(DRAM)内存中使用的高级电路功能,例如Wordline-(WL)下驾驶(防止保留失败)和超速驾驶(助攻写)。在理想的环境中,这些功能可确保快速可靠的读写操作。但是,对手可以通过插入特洛伊木马来提供恶意有效载荷,例如注射故障,拒绝服务(DOS)和信息泄漏攻击时,可以将其重新定位。仿真结果表明,可以增加文字电压以导致保留失败,从而在DRAM内存中发起DOS攻击。此外,可以通过利用DRAM的刷新操作来泄漏两种单词或位线以泄漏信息或注入故障。我们通过在Rocketchip Soc上实施实施信息来证明信息泄漏系统的利用。
In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to deliver malicious payloads such as fault injections, Denial-of-Service (DoS), and information leakage attacks when activated by the adversary. Simulation results indicate that wordline voltage can be increased to cause retention failure and thereby launch a DoS attack in DRAM memory. Furthermore, two wordlines or bitlines can be shorted to leak information or inject faults by exploiting the DRAM's refresh operation. We demonstrate an information leakage system exploit by implementing TrappeD on RocketChip SoC.
