BLASTER: Characterizing the Blast Radius of Rowhammer
Published in Third Workshop on DRAM Security (DRAMSec), co-located with ISCA 2023, 2023
A decade after Rowhammer was first exposed, we are still learning about the intricacies of this vulnerability inside DRAM. Making things worse, the shrinking of technology nodes seems to expose new effects with significant implications for both attackers and defenders. One of these effects, known as Half- Double, shows that Rowhammer can affect victim rows located two rows away from the aggressor row. Understanding the impact of Half-Double is essential for the design of secure mitigations. We characterize Half-Double using 24 commodity DDR4 DRAM chips from the three major DRAM vendors. Furthermore, we introduce BLASTER as a generalization of the Half-Double access patterns, encompassing aggressor rows located multiple rows away from the victim. In particular, we show for the first time that BLASTER significantly reduces the number of necessary activations to the victim-adjacent aggressors using other aggressor rows that are up to four rows away from the victim. We discuss the implications of BLASTER on the design of future Rowhammer mitigations.