This work uncovers a novel high-throughput main-memory side-channel threat in Processing-in-Memory (PiM) architectures, exploiting shared DRAM row-buffers to establish covert communication and cross-application information leakage channels. Addressing the high overhead and limited parallelism of conventional cache-bypassing attacks, we propose IMPACT—the first PiM-native timing-channel attack paradigm—featuring row-buffer contention modeling, fine-grained PiM instruction-level timing control, CPU-PiM cooperative scheduling, and quantitative conflict analysis, enabling cache-free, efficient exploitation. Experiments demonstrate a covert channel throughput of 12.87–14.16 Mb/s, representing a 4.91×–5.41× improvement over the state-of-the-art; side-channel key leakage error rates are significantly reduced. We further design and validate three low-overhead defense mechanisms.

The adoption of processing-in-memory (PiM) architectures has been gaining momentum because they provide high performance and low energy consumption by alleviating the data movement bottleneck. Yet, the security of such architectures has not been thoroughly explored. The adoption of PiM solutions provides a new way to directly access main memory, which malicious user applications can exploit. We show that this new way to access main memory opens opportunities for high-throughput timing attacks that are hard-to-mitigate without significant performance overhead. We introduce IMPACT, a set of high-throughput main memory-based timing attacks that leverage characteristics of PiM architectures to establish covert and side channels. IMPACT enables high-throughput communication and private information leakage by exploiting the shared DRAM row buffer. To achieve high throughput, IMPACT (i) eliminates cache bypassing steps required by processor-centric main memory and cache-based timing attacks and (ii) leverages the intrinsic parallelism of PiM operations. We showcase two applications of IMPACT. First, we build two covert-channel attacks that run on the host CPU and leverage different PiM approaches to gain direct and fast access to main memory and establish high-throughput communication covert channels. Second, we showcase a side-channel attack that leaks private information of concurrently running victim applications that are accelerated with PiM. Our results demonstrate that (i) our covert channels achieve 12.87 Mb/s and 14.16 Mb/s communication throughput, respectively, which is up to 4.91x and 5.41x faster than the state-of-the-art main memory-based covert channels, and (ii) our side-channel attack allows the attacker to leak secrets with a low error rate. To avoid such covert and side channels in emerging PiM systems, we propose and evaluate three defenses.