Papers
Topics
Authors
Recent
Search
2000 character limit reached

Memory-Centric Computing: Security Benefits and Challenges of Processing-in-DRAM

Published 18 Jun 2026 in cs.CR, cs.AR, and cs.DC | (2606.20786v1)

Abstract: Today's computing systems are processor-centric: they require frequent data movement between processing elements (e.g., CPU) and main memory (DRAM), leading to significant inefficiencies in performance and energy consumption. Memory-centric computing instead moves computation to the data, enabling computation capability in and near all places where data is generated and stored, and greatly reducing the performance and energy overheads of data access and data movement. This shift from a processor-centric to a memory-centric paradigm has important and underexplored consequences for system security. Turning memory from a dumb, inactive store into an active computing substrate introduces benefits as well as challenges for system security: it can provide new in-memory security primitives and also reduce data exposure, but it can also expose new attack surfaces. This work discusses the security benefits and challenges of memory-centric computing, specifically Processing-in-DRAM (PiD), a paradigm where the operational characteristics of a DRAM chip are exploited and enhanced to perform computation on data stored in DRAM. Specifically, we describe 1) new state-of-the-art DRAM-based true random number generators that provide up to 16.05 Gb/s throughput and physical unclonable functions with 5.75% lower evaluation latency than the prior state-of-the-art, both on real DRAM chips and 2) two key security challenges of PiD: amplified DRAM read disturbance (e.g., 158x reduction in the minimum number of DRAM accesses required to induce the first bitflip) and high throughput memory timing channels (e.g., a communication throughput of 14.8Mb/s). We believe it is time to design, use, and program DRAM, and in general memory, not as an inactive storage substrate, but as a combined computation, storage, and security substrate, where computational capability, storage density, and security are all key goals.

Summary

  • The paper introduces effective in-DRAM security primitives—SiMRA-TRNG achieving up to 16.05 Gb/s throughput and SiMRA-PUF with high response stability.
  • The analysis quantifies significant security vulnerabilities, revealing up to 158× reduction in hammer counts and 6.5× faster timing channels compared to conventional methods.
  • The study underscores the need for novel memory controller architectures to mitigate enhanced disturbance and timing attack risks in Processing-in-DRAM systems.

Memory-Centric Computing: System Security Opportunities and Risks in Processing-in-DRAM

Introduction

The processor-centric paradigm in computer architecture imposes significant performance and energy bottlenecks due to excessive data movement between CPUs and DRAM. Memory-centric computing, particularly Processing-in-DRAM (PiD), rearchitects the system by embedding computation capabilities directly into the memory substrate, reducing data transfer overheads and thereby potentially improving throughput, energy, and scalability across emerging data-centric workloads. The recharacterization of DRAM—from a passive store to an active computation-security substrate—introduces both novel security primitives as well as security and reliability threats. This paper rigorously analyzes these security opportunities and challenges, with an emphasis on secure primitive construction (true random number generators and physical unclonable functions) and the exacerbated risks related to read disturbance and memory-based timing attacks (2606.20786).

Security Primitives in Processing-in-DRAM

In-DRAM True Random Number Generation: SiMRA-TRNG

DRAM-based true random number generators (TRNGs) are attractive due to the ubiquity of DRAM across digital systems. The SiMRA-TRNG enables high-throughput random number generation by exploiting simultaneous multiple-row activation (SiMRA). The mechanism involves initializing DRAM rows with balanced data and then issuing a reduced-timing ACT→\rightarrowPRE→\rightarrowACT command sequence, causing charge sharing between oppositely-held cell values on the same bitline. These opposing contributions perturb the bitline voltage toward the reference, resulting in non-deterministic amplification by the sense amplifier. The process efficiently extracts high-quality randomness directly within the DRAM device. Figure 1

Figure 1: The SiMRA command sequence for in-DRAM random number generation, exploiting analog charge perturbation during simultaneous row activations.

Empirical analysis over 96 DDR4 COTS chips demonstrates a strong correlation between number of simultaneously activated rows and achieved entropy. Across tested density and die revisions, average 512-bit cache-block entropy monotonically increases with the number of activated rows—culminating in 40.41 bits at 32-row activation. Figure 2

Figure 2: Entropy scaling with increasing numbers of activated rows and DRAM architectures, directly demonstrating SiMRA's efficacy.

Throughput comparisons versus state-of-the-art DRAM TRNGs (e.g., QUAC-TRNG) reveal SiMRA-TRNG's substantial practical benefits: up to 1.99×\times higher throughput at 8-row activation, with average throughputs reaching 16.05 Gb/s. The design balances initialization latency with entropy per operation: higher row count yields more entropy (and passes all NIST STS tests), but with a throughput/latency tradeoff due to more expensive preparation. Figure 3

Figure 3: Throughput improvement of SiMRA-based TRNG over the prior art, as a function of simultaneously activated rows.

In-DRAM Physical Unclonable Functions: SiMRA-PUF

A robust runtime-accessible physical unclonable function (PUF) must yield device-unique, stable signatures at low latency without requiring power cycling or custom DRAM circuitry. The SiMRA-PUF leverages simultaneous charge sharing of oppositely-initialized DRAM rows, resolving in the sense amplifier to either random or stable logic states, depending on process variation.

Experimental evaluation on 112 COTS DDR4 chips quantifies stability (intra-Jaccard) and uniqueness (inter-Jaccard). SiMRA-PUF attains intra-Jaccard indices up to 94.86\% and inter-Jaccard as low as 2.37\%, effectively rivaling or surpassing previous high-throughput PUFs (e.g., Frac-based PUF). Notably, 2-row SiMRA-PUF achieves 5.75% lower evaluation latency, validating both practical deployability and suitability for runtime security protocols. Figure 4

Figure 4: Intra- and inter-Jaccard indices for SiMRA-PUF reflecting strong response stability and uniqueness; scalability is shown across varying N-row activations.

Security Threats in Processing-in-DRAM

Amplified Read Disturbance: PuDHammer

Processing-in-DRAM, particularly through mechanisms that repeatedly or simultaneously activate multiple rows (e.g., fast analog operations, in-DRAM copy), fundamentally alters traditional disturbance equilibrium. PuDHammer characterizes the vulnerability amplification due to simultaneous/consecutive multiple row activation (SiMRA/CoMRA) on 316 DDR4 chips from four manufacturers.

Double-sided SiMRA-based hammering achieves an up to 158×\times reduction in the minimum hammer count to induce a bit flip (HCfirstHC_{first}), dramatically lower than conventional double-sided RowHammer. This result directly underscores significantly heightened susceptibility to disturbance-induced corruption when using analog-optimized DRAM operations. Figure 5

Figure 5: Distributional shift in HCfirstHC_{first} for SiMRA-based attacks relative to RowHammer, evidencing exponential vulnerability amplification.

Standard RowHammer mitigation, such as Per-Row Activation Counting (PRAC), incurs on average 48.26% system performance overhead when adapted to PuD contexts. This inefficiency indicates existing countermeasures are not scalable for robust, high-bandwidth PiD systems with widespread analog operations.

High-Throughput Timing Channels: IMPACT

By enabling direct main memory access and bypassing the cache hierarchy, PiD opens new high-throughput timing attack surfaces. IMPACT demonstrates that shared row-buffer timing—exploitable via PiM-enabled instructions and in-DRAM copy (RowClone)—can sustain covert and side-channels. The attack flow (IMPACT-PuM) achieves a communication throughput of 14.8 Mb/s, a 6.5×\times increase over prior memory-based covert channels. Genome privacy attacks using this channel leak private query characteristics at 7.6 Mb/s with 96% accuracy. Figure 6

Figure 6: End-to-end IMPACT-PuM covert channel, demonstrating high-throughput transmission through orchestrated PiD memory accesses.

While four classes of defenses to eliminate the channel are evaluated, all incur substantial performance penalties, indicating that robust, low-overhead countermeasures for PiD-specific timing side-channels remain unsolved.

Implications and Outlook

DRAM's evolution to a compute-storage-security multi-role substrate compels a holistic reassessment of memory subsystem architecture. SiMRA-based security primitives provide backend, high-performance solutions for cryptography, authentication, and secure protocol bootstrapping—potentially transforming the trusted computing base by minimizing data exposure and removing reliance on external security coprocessors. Conversely, the same analog in-memory techniques exponentially heighten failure and exploitability risks: existing reliability boundaries are insufficient, while conventional security mitigations exhibit high system-level costs.

Adoption of PiD and related MCC architectures in AI and privacy-critical workloads will demand joint innovation in robust memory controller architectures, privilege and isolation enforcement for in-memory instructions, fine-grained access and activation tracking, and fundamentally new physical-layer resilience metrics. Future AI systems integrating or offloading security primitives to DRAM must jointly address system-level isolation, reliability, and side-channel containment.

Conclusion

This work provides a rigorous architectural and experimental investigation into the security consequences of memory-centric computing, focusing on Processing-in-DRAM. The demonstrated advancement in in-DRAM true random number generation and physically unclonable function construction exemplifies PiD's potential for efficient, secure primitive instantiation. At the same time, the paper uncovers and quantifies significantly enhanced read disturbance vulnerabilities and new high-throughput timing channel threats, challenging the viability of naïvely adopting PiD. Realizing the benefits and containing the risks of MCC and PiD demands a computing stack rearchitecture that treats memory as a security-critical compute substrate, not merely as passive storage. Widespread, secure deployment of PiD will require both recognition of these dualities and dedicated research across the entire system stack (2606.20786).

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.