WEBVTT 00:00:00.450 --> 00:00:02.855 Cool. So. I'm the second talk of the day. 00:00:03.493 --> 00:00:05.587 And my talk is gonna be about 00:00:06.185 --> 00:00:07.988 a paper with a pretty long title. 00:00:08.558 --> 00:00:10.393 It's called Row Hammer 00:00:11.411 --> 00:00:12.834 Flipping Bits in Memory 00:00:13.717 --> 00:00:14.934 Without Accessing Them 00:00:15.388 --> 00:00:16.768 colon, even more stuff. 00:00:17.152 --> 00:00:18.675 And experimenting something 00:00:19.291 --> 00:00:20.678 but that doesn't really matter. 00:00:21.150 --> 00:00:22.373 So, my name is Vishnu 00:00:22.881 --> 00:00:24.461 And I'm a year 4 Computer Science student 00:00:25.390 --> 00:00:25.979 just like Chin. 00:00:26.757 --> 00:00:28.766 and we are actually part of NUS Hackers. 00:00:29.590 --> 00:00:31.338 It is a club/society in NUS. 00:00:31.924 --> 00:00:33.472 This is my second time here. 00:00:33.846 --> 00:00:35.625 I was here exactly 12 Papers We Love ago. 00:00:36.199 --> 00:00:37.265 One year ago. 00:00:37.527 --> 00:00:39.194 Audience: aww "Anniversary!" 00:00:39.859 --> 00:00:42.027 ... presenting the Diffie-Hellman Key Exchange 00:00:42.577 --> 00:00:44.793 Which is also a security related paper 00:00:45.175 --> 00:00:46.636 And today is another security related paper 00:00:46.882 --> 00:00:49.026 Even though I have no academic experience 00:00:49.410 --> 00:00:50.545 in security at all, 00:00:50.866 --> 00:00:52.382 just seems to click with my interests. 00:00:52.753 --> 00:00:54.095 So, the paper, 00:00:54.359 --> 00:00:57.647 It's called... ah, colon... An Experimental Study of DRAM Disturbance Errors 00:00:58.226 --> 00:01:00.245 This is a joint publication 00:01:00.556 --> 00:01:01.827 by CMU and Intel Labs 00:01:02.177 --> 00:01:04.432 The reason why it fascinated me so much is 00:01:04.867 --> 00:01:07.581 We always talk about software exploits 00:01:07.788 --> 00:01:09.212 as something to do with software. 00:01:09.703 --> 00:01:10.158 It's a bug in software. 00:01:11.060 --> 00:01:12.645 Either programmer made a mistake. 00:01:12.929 --> 00:01:14.380 Or is usually a programmer made 00:01:14.784 --> 00:01:16.655 a mistake somewhere 00:01:17.555 --> 99:59:59.999 Or you forgot to check something. 99:59:59.999 --> 99:59:59.999 But this is a hardware bug. 99:59:59.999 --> 99:59:59.999 That affects software. 99:59:59.999 --> 99:59:59.999 And that fascinated me. 99:59:59.999 --> 99:59:59.999 A mistake in hardware, 99:59:59.999 --> 99:59:59.999 or so-called mistake in hardware, 99:59:59.999 --> 99:59:59.999 which you can not fix. 99:59:59.999 --> 99:59:59.999 Because you can't patch hardware. 99:59:59.999 --> 99:59:59.999 Is now affecting software forever. 99:59:59.999 --> 99:59:59.999 And it's almost unpatchable. 99:59:59.999 --> 99:59:59.999 Just because of the way hardware is. 99:59:59.999 --> 99:59:59.999 Once you release hardware. 99:59:59.999 --> 99:59:59.999 That's it. 99:59:59.999 --> 99:59:59.999 So before we talk about 99:59:59.999 --> 99:59:59.999 what this paper is about 99:59:59.999 --> 99:59:59.999 let me just give you a brief history lesson 99:59:59.999 --> 99:59:59.999 on what DRAM is. 99:59:59.999 --> 99:59:59.999 DRAM stands for 99:59:59.999 --> 99:59:59.999 Dynamic RAM 99:59:59.999 --> 99:59:59.999 And that's the kind of RAM 99:59:59.999 --> 99:59:59.999 that we have in all of our machines 99:59:59.999 --> 99:59:59.999 Chinmay: Sorry, memory lane... 99:59:59.999 --> 99:59:59.999 Thank you. 99:59:59.999 --> 99:59:59.999 Yep, a lot of jokes like that 99:59:59.999 --> 99:59:59.999 sprinkled inside this talk. 99:59:59.999 --> 99:59:59.999 So DRAM stands for Dynamic RAM. 99:59:59.999 --> 99:59:59.999 And it's the kind of RAM 99:59:59.999 --> 99:59:59.999 that we have in every single machine 99:59:59.999 --> 99:59:59.999 that we touch these days. 99:59:59.999 --> 99:59:59.999 Previously in the 90s there was 99:59:59.999 --> 99:59:59.999 a thing called SRAM 99:59:59.999 --> 99:59:59.999 but it wasn't performing enough 99:59:59.999 --> 99:59:59.999 so they made this thing called DRAM 99:59:59.999 --> 99:59:59.999 for Dynamic RAM. 99:59:59.999 --> 99:59:59.999 Here's an example of a kind of DRAM module 99:59:59.999 --> 99:59:59.999 This is the Micron something 99:59:59.999 --> 99:59:59.999 and this is a 1 MB chip. 99:59:59.999 --> 99:59:59.999 So this entire chip holds exactly 99:59:59.999 --> 99:59:59.999 1 megabyte of information 99:59:59.999 --> 99:59:59.999 Which means that... one million... 99:59:59.999 --> 99:59:59.999 Sorry...? 99:59:59.999 --> 99:59:59.999 Rahul: RAM chips are normally sold 99:59:59.999 --> 99:59:59.999 Rahul: in terms of bits. 99:59:59.999 --> 99:59:59.999 Rahul: So when you say 1024 99:59:59.999 --> 99:59:59.999 Rahul: that's 1024 megabit, usually. 99:59:59.999 --> 99:59:59.999 Sorry, megabit. Which makes it 128 KB. 99:59:59.999 --> 99:59:59.999 Sorry, you are right. it's actually 128 KB. 99:59:59.999 --> 99:59:59.999 And, yea, so there's actually like 99:59:59.999 --> 99:59:59.999 1 million dots in here. 99:59:59.999 --> 99:59:59.999 If you count. 99:59:59.999 --> 99:59:59.999 So each single dot here 99:59:59.999 --> 99:59:59.999 Is called DRAM cell 99:59:59.999 --> 99:59:59.999 And to understand the flaw here 99:59:59.999 --> 99:59:59.999 We actually need to learn 99:59:59.999 --> 99:59:59.999 exactly how a DRAM cell works.