DRAMDig: A Knowledge-assisted Tool to Uncover DRAM Address Mapping
This addresses a security vulnerability for systems using Intel-based DRAM, though it is incremental as it builds on prior work with a more efficient and deterministic approach.
The paper tackled the problem of uncovering undocumented DRAM address mappings, which are critical for rowhammer exploits, by proposing DRAMDig, a knowledge-assisted tool that efficiently and deterministically reverse-engineered these mappings on Intel-based machines in an average of 7.8 minutes, leading to significantly more bit flips in rowhammer tests.
As recently emerged rowhammer exploits require undocumented DRAM address mapping, we propose a generic knowledge-assisted tool, DRAMDig, which takes domain knowledge into consideration to efficiently and deterministically uncover the DRAM address mappings on any Intel-based machines. We test DRAMDig on a number of machines with different combinations of DRAM chips and microarchitectures ranging from Intel Sandy Bridge to Coffee Lake. Comparing to previous works, DRAMDig deterministically reverse-engineered DRAM address mappings on all the test machines with only 7.8 minutes on average. Based on the uncovered mappings, we perform double-sided rowhammer tests and the results show that DRAMDig induced significantly more bit flips than previous works, justifying the correctness of the uncovered DRAM address mappings.