Detection of Rowhammer Attacks in SoCs with FPGAs

Abstract

Heterogeneous SoCs integrate FPGAs and microprocessor cores on the same fabric to accelerate applications such as cryptography and deep learning. Since FPGAs share resources with the microprocessor cores, they can launch non-cacheable SDRAM transactions through direct FPGA-to-microprocessor SDRAM interface. Therefore, if the FPGA 3rd party IPs (3PIPs) are malicious, they can launch rowhammer attacks on the SDRAM. Today's countermeasures based on performance counters cannot detect these attacks because memory transactions from FPGAs do not pass through the cache. In addition, countermeasures that count the frequency of activation of memory rows require structural changes to the memory controller or DRAM chips. Moreover, today's countermeasures cannot identify the IP that launches the attack. We present a security solution that monitors the SDRAM transactions from IPs on the FPGA to each bank of the microprocessor SDRAM through the FPGA-to-microprocessor SDRAM interface. The proposed monitor is implemented on the FPGA fabric. It can detect attempts to launch a rowhammer attack before it causes bit flips in the SDRAM. It utilizes only 1% of the adaptive logic modules (ALMs) available in an Intel Cyclone V FPGA to monitor the transactions from one IP.