0:00:00.450,0:00:02.855 Cool. So. I'm the second talk of the day. 0:00:03.493,0:00:05.587 And my talk is gonna be about 0:00:06.185,0:00:07.988 a paper with a pretty long title. 0:00:08.558,0:00:10.393 It's called Row Hammer 0:00:11.411,0:00:12.834 Flipping Bits in Memory 0:00:13.717,0:00:14.934 Without Accessing Them 0:00:15.388,0:00:16.768 colon, even more stuff. 0:00:17.152,0:00:18.675 And experimenting something 0:00:19.291,0:00:20.678 but that doesn't really matter. 0:00:21.150,0:00:22.373 So, my name is Vishnu 0:00:22.881,0:00:24.461 And I'm a year 4 Computer Science student 0:00:25.390,0:00:25.979 just like Chin. 0:00:26.757,0:00:28.766 and we are actually part of NUS Hackers. 0:00:29.590,0:00:31.338 It is a club/society in NUS. 0:00:31.924,0:00:33.472 This is my second time here. 0:00:33.846,0:00:35.625 I was here exactly 12 Papers We Love ago. 0:00:36.199,0:00:37.265 One year ago. 0:00:37.527,0:00:39.194 Audience: aww "Anniversary!" 0:00:39.859,0:00:42.027 ... presenting the Diffie-Hellman Key Exchange 0:00:42.577,0:00:44.793 Which is also a security related paper 0:00:45.175,0:00:46.636 And today is another security related paper 0:00:46.882,0:00:49.026 Even though I have no academic experience 0:00:49.410,0:00:50.545 in security at all, 0:00:50.866,0:00:52.382 just seems to click with my interests. 0:00:52.753,0:00:54.095 So, the paper, 0:00:54.359,0:00:57.647 It's called... ah, colon... An Experimental Study of DRAM Disturbance Errors 0:00:58.226,0:01:00.245 This is a joint publication 0:01:00.556,0:01:01.827 by CMU and Intel Labs 0:01:02.177,0:01:04.432 The reason why it fascinated me so much is 0:01:04.867,0:01:07.581 We always talk about software exploits 0:01:07.788,0:01:09.212 as something to do with software. 0:01:09.703,0:01:10.158 It's a bug in software. 0:01:11.060,0:01:12.645 Either programmer made a mistake. 0:01:12.929,0:01:14.380 Or is usually a programmer made 0:01:14.784,0:01:16.655 a mistake somewhere 0:01:17.555,9:59:59.000 Or you forgot to check something. 9:59:59.000,9:59:59.000 But this is a hardware bug. 9:59:59.000,9:59:59.000 That affects software. 9:59:59.000,9:59:59.000 And that fascinated me. 9:59:59.000,9:59:59.000 A mistake in hardware, 9:59:59.000,9:59:59.000 or so-called mistake in hardware, 9:59:59.000,9:59:59.000 which you can not fix. 9:59:59.000,9:59:59.000 Because you can't patch hardware. 9:59:59.000,9:59:59.000 Is now affecting software forever. 9:59:59.000,9:59:59.000 And it's almost unpatchable. 9:59:59.000,9:59:59.000 Just because of the way hardware is. 9:59:59.000,9:59:59.000 Once you release hardware. 9:59:59.000,9:59:59.000 That's it. 9:59:59.000,9:59:59.000 So before we talk about 9:59:59.000,9:59:59.000 what this paper is about 9:59:59.000,9:59:59.000 let me just give you a brief history lesson 9:59:59.000,9:59:59.000 on what DRAM is. 9:59:59.000,9:59:59.000 DRAM stands for 9:59:59.000,9:59:59.000 Dynamic RAM 9:59:59.000,9:59:59.000 And that's the kind of RAM 9:59:59.000,9:59:59.000 that we have in all of our machines 9:59:59.000,9:59:59.000 Chinmay: Sorry, memory lane... 9:59:59.000,9:59:59.000 Thank you. 9:59:59.000,9:59:59.000 Yep, a lot of jokes like that 9:59:59.000,9:59:59.000 sprinkled inside this talk. 9:59:59.000,9:59:59.000 So DRAM stands for Dynamic RAM. 9:59:59.000,9:59:59.000 And it's the kind of RAM 9:59:59.000,9:59:59.000 that we have in every single machine 9:59:59.000,9:59:59.000 that we touch these days. 9:59:59.000,9:59:59.000 Previously in the 90s there was 9:59:59.000,9:59:59.000 a thing called SRAM 9:59:59.000,9:59:59.000 but it wasn't performing enough 9:59:59.000,9:59:59.000 so they made this thing called DRAM 9:59:59.000,9:59:59.000 for Dynamic RAM. 9:59:59.000,9:59:59.000 Here's an example of a kind of DRAM module 9:59:59.000,9:59:59.000 This is the Micron something 9:59:59.000,9:59:59.000 and this is a 1 MB chip. 9:59:59.000,9:59:59.000 So this entire chip holds exactly 9:59:59.000,9:59:59.000 1 megabyte of information 9:59:59.000,9:59:59.000 Which means that... one million... 9:59:59.000,9:59:59.000 Sorry...? 9:59:59.000,9:59:59.000 Rahul: RAM chips are normally sold 9:59:59.000,9:59:59.000 Rahul: in terms of bits. 9:59:59.000,9:59:59.000 Rahul: So when you say 1024 9:59:59.000,9:59:59.000 Rahul: that's 1024 megabit, usually. 9:59:59.000,9:59:59.000 Sorry, megabit. Which makes it 128 KB. 9:59:59.000,9:59:59.000 Sorry, you are right. it's actually 128 KB. 9:59:59.000,9:59:59.000 And, yea, so there's actually like 9:59:59.000,9:59:59.000 1 million dots in here. 9:59:59.000,9:59:59.000 If you count. 9:59:59.000,9:59:59.000 So each single dot here 9:59:59.000,9:59:59.000 Is called DRAM cell 9:59:59.000,9:59:59.000 And to understand the flaw here 9:59:59.000,9:59:59.000 We actually need to learn 9:59:59.000,9:59:59.000 exactly how a DRAM cell works.