In this paper, we investigate the advanced circuit features such as wordline- (WL) underdrive (prevents retention failure) and overdrive (assists write) employed in the peripherals of Dynamic RAM (DRAM) memories from a security perspective. In an ideal environment, these features ensure fast and reliable read and write operations. However, an adversary can re-purpose them by inserting Trojans to deliver malicious payloads such as fault injections, Denial-of-Service (DoS), and information leakage attacks when activated by the adversary. Simulation results indicate that wordline voltage can be increased to cause retention failure and thereby launch a DoS attack in DRAM memory. Furthermore, two wordlines or bitlines can be shorted to leak information or inject faults by exploiting the DRAM's refresh operation. We demonstrate an information leakage system exploit by implementing TrappeD on RocketChip SoC.

中文翻译：

---

TrappeD：用于信息泄漏和故障注入攻击的 DRAM 木马设计

在本文中，我们从安全角度研究了动态 RAM (DRAM) 存储器外围设备中采用的高级电路功能，例如字线 (WL) 欠驱动（防止保留故障）和过驱动（辅助写入）。在理想环境中，这些功能可确保快速可靠的读写操作。然而，攻击者可以通过插入木马程序来重新利用它们，以在被攻击者激活时提供恶意负载，例如故障注入、拒绝服务 (DoS) 和信息泄漏攻击。仿真结果表明，增加字线电压会导致保留失败，从而在 DRAM 内存中发起 DoS 攻击。此外，通过利用 DRAM 的刷新操作，可以将两条字线或位线短路以泄漏信息或注入故障。