DLS Talk by Stefan Saroiu (Microsoft Research)

Speaker:  Stefan Saroiu, Senior Principal Researcher, Microsoft Research

Title:  Six Years of Rowhammer: Breakthroughs and Future Directions

Abstract:

This talk will present the work done over the past six years as part of Project STEMA at Microsoft. STEMA stands for Secure, Trusted, and Enhanced Memory for Azure. We will discuss our journey in understanding Rowhammer and our methodology for determining whether cloud servers are vulnerable to these attacks. We will also explain why Rowhammer is a significant concern, particularly in the context of nation-state attacks, and how this led us to develop a pragmatic solution called Panopticon.

We will then introduce Panopticon, an in-DRAM Rowhammer defense that is cost-effective and requires no hardware changes beyond DRAM itself. Unlike previous solutions that monitor Rowhammer in SRAM or CAM memories, Panopticon is the first to implement monitoring within the DRAM fabric. Combined with its alert system, Panopticon has the potential to address Rowhammer once and for all.

Panopticon's approach has caught the attention of industry, leading to the development of Per-Row Activation Counting (PRAC), a groundbreaking Rowhammer defense that will soon be widely deployed in most, if not all, DRAM. In the final part of our talk, we will do a brief technical deep dive into PRAC. While PRAC marks a significant advance in DRAM security, its specification leaves some questions unanswered and exposes potential gaps and challenges. This presents a huge opportunity for the research community to address these issues.

Bio:

Stefan Saroiu is a researcher with Microsoft Research. His research interests cover many aspects of systems and networks, although his recent work has primarily focused on systems security. Stefan's work has been published at top conferences in the fields of security, systems, networking, and mobile computing.

Stefan takes his work beyond publishing results. With his colleagues at Microsoft, he (1) designed Panopticon, a Rowhammer defense adopted by the DRAM industry, (2) designed, deployed, and operated Microsoft Embedded Social, a cloud service aimed at user engagement in mobile apps, which had 20 million users, (3) created the reference implementation of a software-based Trusted Platform Module (TPM) used in hundreds of millions of smartphones and tablets, and (4) designed and operated Zero-Effort Payments (ZEP), one of the first face recognition-based payment systems in the world.

Before joining Microsoft in 2008, Stefan spent three years as an Assistant Professor at the University of Toronto, and four months as a visiting researcher at Amazon.com, where he contributed to the early designs of their new shopping cart system, also known as Dynamo. Stefan has a PhD from the University of Washington and is an ACM Fellow.

Host:  Aastha Mehta, UBC Computer Science