A Retrospective and Futurespective of Rowhammer Attacks and Defenses on DRAM

Rowhammer has drawn much attention from both academia and industry in the last few years as rowhammer exploitation poses severe consequences to system security. Since the first comprehensive study of rowhammer in 2014, a number of rowhammer attacks have been demonstrated against ubiquitous dynamic random access memory (DRAM)-based commodity systems to cause denial-of-service, gain privilege escalation, leak sensitive information or degrade DNN model inference accuracy. Accordingly, numerous software defenses have been proposed to protect legacy systems while hardware defenses aim to protect next-generation DRAM-based systems. In this paper, we systematize rowhammer attacks and defenses with a focus on DRAM. Particularly, we characterize rowhammer attacks comprehensively, shedding lights on possible new attack vectors that have not yet been explored. We further summarize and classify existing software defenses, from which new defense strategies are identified and worth future exploring. We also categorize proposed hardware defenses from both industry and academia and summarize their limitations. In particular, most industrial solutions have turned out to be ineffective against rowhammer while on-die ECC's susceptibility to rowhammer calls for a comprehensive study. Our work is expected to inspire software-security community to identify new rowhammer attack vectors while present novel defense solutions against them in legacy systems. More importantly, both software and hardware security communities should work together to develop more effective and practical defense solutions.