By: rwessel (rwessel.delete@this.yahoo.com), January 7, 2021 10:06 am
Room: Moderated Discussions
Gabriele Svelto (gabriele.svelto.delete@this.gmail.com) on January 7, 2021 5:33 am wrote:
> Chester (lamchester.delete@this.gmail.com) on January 7, 2021 5:00 am wrote:
> > Except if we're talking about malicious attacks, researchers figured out they could flip three bits
> > and cause an undetectable error. Why not tighten refresh timings until the attack no longer works?
>
> Can they flip three bits without causing a storm of single- and double-bit flips?
> If you have any kind of monitoring that kind of activity should be very visible.
Traditional SECDEC will typically "detect" all three bit errors, but will incorrectly process many of them as single bit errors, returning a mangled word, but still reporting a single bit error. So even if some process magically manages to produce masses of three bit errors, but no one or two bit errors, you're still going to see vast numbers of one bit errors reported (as well as a bunch of two bit errors).
> Chester (lamchester.delete@this.gmail.com) on January 7, 2021 5:00 am wrote:
> > Except if we're talking about malicious attacks, researchers figured out they could flip three bits
> > and cause an undetectable error. Why not tighten refresh timings until the attack no longer works?
>
> Can they flip three bits without causing a storm of single- and double-bit flips?
> If you have any kind of monitoring that kind of activity should be very visible.
Traditional SECDEC will typically "detect" all three bit errors, but will incorrectly process many of them as single bit errors, returning a mangled word, but still reporting a single bit error. So even if some process magically manages to produce masses of three bit errors, but no one or two bit errors, you're still going to see vast numbers of one bit errors reported (as well as a bunch of two bit errors).