1 00:00:00,450 --> 00:00:02,855 Cool. So. I'm the second talk of the day. 2 00:00:03,493 --> 00:00:05,587 And my talk is gonna be about 3 00:00:06,185 --> 00:00:07,988 a paper with a pretty long title. 4 00:00:08,558 --> 00:00:10,393 It's called Row Hammer 5 00:00:11,411 --> 00:00:12,834 Flipping Bits in Memory 6 00:00:13,717 --> 00:00:14,934 Without Accessing Them 7 00:00:15,388 --> 00:00:16,768 colon, even more stuff. 8 00:00:17,152 --> 00:00:18,675 And experimenting something 9 00:00:19,291 --> 00:00:20,678 but that doesn't really matter. 10 00:00:21,150 --> 00:00:22,373 So, my name is Vishnu 11 00:00:22,881 --> 00:00:24,461 And I'm a year 4 Computer Science student 12 00:00:25,390 --> 00:00:25,979 just like Chin. 13 00:00:26,757 --> 00:00:28,766 and we are actually part of NUS Hackers. 14 00:00:29,590 --> 00:00:31,338 It is a club/society in NUS. 15 00:00:31,924 --> 00:00:33,472 This is my second time here. 16 00:00:33,846 --> 00:00:35,625 I was here exactly 12 Papers We Love ago. 17 00:00:36,199 --> 00:00:37,265 One year ago. 18 00:00:37,527 --> 00:00:39,194 Audience: aww "Anniversary!" 19 00:00:39,859 --> 00:00:42,027 ... presenting the Diffie-Hellman Key Exchange 20 00:00:42,577 --> 00:00:44,793 Which is also a security related paper 21 00:00:45,175 --> 00:00:46,636 And today is another security related paper 22 00:00:46,882 --> 00:00:49,026 Even though I have no academic experience 23 00:00:49,410 --> 00:00:50,545 in security at all, 24 00:00:50,866 --> 00:00:52,382 just seems to click with my interests. 25 00:00:52,753 --> 00:00:54,095 So, the paper, 26 00:00:54,359 --> 00:00:57,647 It's called... ah, colon... An Experimental Study of DRAM Disturbance Errors 27 00:00:58,226 --> 00:01:00,245 This is a joint publication 28 00:01:00,556 --> 00:01:01,827 by CMU and Intel Labs 29 00:01:02,177 --> 00:01:04,432 The reason why it fascinated me so much is 30 00:01:04,867 --> 00:01:07,581 We always talk about software exploits 31 00:01:07,788 --> 00:01:09,212 as something to do with software. 32 00:01:09,703 --> 00:01:10,158 It's a bug in software. 33 00:01:11,060 --> 00:01:12,645 Either programmer made a mistake. 34 00:01:12,929 --> 00:01:14,380 Or is usually a programmer made 35 00:01:14,784 --> 00:01:16,655 a mistake somewhere 36 00:01:17,555 --> 99:59:59,999 Or you forgot to check something. 37 99:59:59,999 --> 99:59:59,999 But this is a hardware bug. 38 99:59:59,999 --> 99:59:59,999 That affects software. 39 99:59:59,999 --> 99:59:59,999 And that fascinated me. 40 99:59:59,999 --> 99:59:59,999 A mistake in hardware, 41 99:59:59,999 --> 99:59:59,999 or so-called mistake in hardware, 42 99:59:59,999 --> 99:59:59,999 which you can not fix. 43 99:59:59,999 --> 99:59:59,999 Because you can't patch hardware. 44 99:59:59,999 --> 99:59:59,999 Is now affecting software forever. 45 99:59:59,999 --> 99:59:59,999 And it's almost unpatchable. 46 99:59:59,999 --> 99:59:59,999 Just because of the way hardware is. 47 99:59:59,999 --> 99:59:59,999 Once you release hardware. 48 99:59:59,999 --> 99:59:59,999 That's it. 49 99:59:59,999 --> 99:59:59,999 So before we talk about 50 99:59:59,999 --> 99:59:59,999 what this paper is about 51 99:59:59,999 --> 99:59:59,999 let me just give you a brief history lesson 52 99:59:59,999 --> 99:59:59,999 on what DRAM is. 53 99:59:59,999 --> 99:59:59,999 DRAM stands for 54 99:59:59,999 --> 99:59:59,999 Dynamic RAM 55 99:59:59,999 --> 99:59:59,999 And that's the kind of RAM 56 99:59:59,999 --> 99:59:59,999 that we have in all of our machines 57 99:59:59,999 --> 99:59:59,999 Chinmay: Sorry, memory lane... 58 99:59:59,999 --> 99:59:59,999 Thank you. 59 99:59:59,999 --> 99:59:59,999 Yep, a lot of jokes like that 60 99:59:59,999 --> 99:59:59,999 sprinkled inside this talk. 61 99:59:59,999 --> 99:59:59,999 So DRAM stands for Dynamic RAM. 62 99:59:59,999 --> 99:59:59,999 And it's the kind of RAM 63 99:59:59,999 --> 99:59:59,999 that we have in every single machine 64 99:59:59,999 --> 99:59:59,999 that we touch these days. 65 99:59:59,999 --> 99:59:59,999 Previously in the 90s there was 66 99:59:59,999 --> 99:59:59,999 a thing called SRAM 67 99:59:59,999 --> 99:59:59,999 but it wasn't performing enough 68 99:59:59,999 --> 99:59:59,999 so they made this thing called DRAM 69 99:59:59,999 --> 99:59:59,999 for Dynamic RAM. 70 99:59:59,999 --> 99:59:59,999 Here's an example of a kind of DRAM module 71 99:59:59,999 --> 99:59:59,999 This is the Micron something 72 99:59:59,999 --> 99:59:59,999 and this is a 1 MB chip. 73 99:59:59,999 --> 99:59:59,999 So this entire chip holds exactly 74 99:59:59,999 --> 99:59:59,999 1 megabyte of information 75 99:59:59,999 --> 99:59:59,999 Which means that... one million... 76 99:59:59,999 --> 99:59:59,999 Sorry...? 77 99:59:59,999 --> 99:59:59,999 Rahul: RAM chips are normally sold 78 99:59:59,999 --> 99:59:59,999 Rahul: in terms of bits. 79 99:59:59,999 --> 99:59:59,999 Rahul: So when you say 1024 80 99:59:59,999 --> 99:59:59,999 Rahul: that's 1024 megabit, usually. 81 99:59:59,999 --> 99:59:59,999 Sorry, megabit. Which makes it 128 KB. 82 99:59:59,999 --> 99:59:59,999 Sorry, you are right. it's actually 128 KB. 83 99:59:59,999 --> 99:59:59,999 And, yea, so there's actually like 84 99:59:59,999 --> 99:59:59,999 1 million dots in here. 85 99:59:59,999 --> 99:59:59,999 If you count. 86 99:59:59,999 --> 99:59:59,999 So each single dot here 87 99:59:59,999 --> 99:59:59,999 Is called DRAM cell 88 99:59:59,999 --> 99:59:59,999 And to understand the flaw here 89 99:59:59,999 --> 99:59:59,999 We actually need to learn 90 99:59:59,999 --> 99:59:59,999 exactly how a DRAM cell works.