Deliberately Flipping Bits in Memristive Crossbar Arrays
摘要
This chapter introduces NeuroHammer, a hardware attack on memristive crossbar arrays. The attack induces bit-flips by combining the V/2 scheme with thermal crosstalk that speeds SET kinetics. A dual-simulation workflow evaluates feasibility. COMSOL extracts thermal coupling ( \(\alpha \) ) and device thermal resistance. Cadence Virtuoso with a modified JART VCM model uses these \(\alpha \) values to emulate crosstalk in circuits. Key factors are mapped: pulse length, electrode spacing, ambient temperature, and attack patterns. Results show fewer pulses are needed with longer pulses, tighter spacing, and higher temperature. Passive arrays are vulnerable. In 1T1R arrays, leakage through access transistors can re-enable risk, depending on device variability and technology node. Pseudo 1T1R shows strong immunity due to missing shared electrodes. A case study links the crossbar simulator to gem5 and demonstrates RSA-CRT key leakage by flipping bits in ReRAM caches. Limitations and open defenses are outlined, including measurement-based calibration and countermeasures for future work.