Talk Title:
Imaging and Reverse Engineering Sense Amplifiers in Modern DRAM
Abstract:
DRAM vendors do not disclose the architecture of the sense amplifiers deployed in their chips. Unfortunately, this hinders academic research that focuses on studying or improving DRAM. Without knowing the circuit topology, transistor dimensions, and layout of the sense amplifiers, researchers are forced to rely on best guesses, impairing the fidelity of their studies. We aim to fill this gap between academia and industry for the first time by performing Scanning Electron Microscopy (SEM) with Focused Ion Beam (FIB) on recent commodity DDR4 and DDR5 DRAM chips from the three major vendors.
This required us to adequately prepare the samples, identify the sensing area, and align images from the different FIB slices. Using the acquired images, we reverse engineer the circuits, measure transistor dimensions and extract physical layouts of sense amplifiers — all previously unavailable to researchers.
Our findings show that the commonly assumed classical sense amplifier topology has been replaced with the more sophisticated offset-cancellation design by two of the three major DRAM vendors. Furthermore, the transistor dimensions of sense amplifiers and their revealed physical layouts are significantly different than what is assumed in existing literature. Given commodity DRAM, our analysis shows that the public DRAM models are up to 9x inaccurate, and existing research has up to 175x error when estimating the impact of the proposed changes. To enable high-fidelity DRAM research in the future, we open source our data, including the reverse engineered circuits and layouts.
Speaker Bio:
Michele Marazzi has just completed a PhD at ETH Zurich focusing on DRAM security. Through his research, he demonstrated how it is possible to protect DRAM from Rowhammer attacks with designs based on mathematical proofs or by changing the internal DRAM architecture. Recently, he showed that it is possible to perform Rowhammer on RISC-V CPUs for the first time. Michele led the HiFi-DRAM project, which will be presented at Hardwear.io, where DDR4 and DDR5 DRAM chips were photographed and reconstructed.
