Secure and Scalable Rowhammer Mitigation using Probabilistic Tracker Management Policies

Probabilistic tracker management policies (PROTEAS) can enable secure and scalable Rowhammer mitigation using resource-constrained in-DRAM trackers.

The paper focuses on mitigating DRAM Rowhammer attacks, which can cause security vulnerabilities by inducing bit-flips in neighboring DRAM rows through rapid activations. Recent solutions like Targeted Row Refresh (TRR) use in-DRAM trackers to identify aggressor rows and mitigate the attack by refreshing neighboring victim rows. However, these trackers are resource-constrained, typically storing only tens of entries, making them vulnerable to thrashing-based attacks that can evict tracked entries. The authors propose PROTEAS, a set of probabilistic tracker management policies, to enable secure and scalable Rowhammer mitigation using these resource-constrained trackers. PROTEAS includes two key components: Probabilistic Sampling: PROTEAS uses probabilistic request stream sampling (PRSS) to limit the number of insertions into the tracker, making it resistant to thrashing attacks. The sampling probability is carefully selected to ensure at least one insertion per refresh interval. Random Replacement: PROTEAS employs a random replacement policy for evictions, instead of a deterministic least-frequently-used (LFU) policy. This introduces non-determinism and ensures a diversity of rows are retained in the tracker, preventing targeted evictions. The authors evaluate PROTEAS against recent probabilistic defenses like DSAC and PARA. With a 16-entry tracker, PROTEAS limits the maximum disturbance (activations before mitigation) to 2.1K at 1 mitigation per refresh interval, 35x lower than a deterministic baseline. As the number of mitigations per interval increases to 2, 4, and 8, PROTEAS further reduces the maximum disturbance to 1.1K, 585, and 305, respectively, outperforming prior proposals by 60x to 222x. The authors also co-design PROTEAS with the Refresh Management (RFM) feature in DDR5, which allows additional mitigations per refresh interval. This enables PROTEAS to effectively mitigate Rowhammer even as the threshold (TRH) drops to 1K or 500, unlike deterministic trackers which benefit minimally from extra mitigations. The average performance impact of PROTEAS is less than 1% for TRH of 1K and 3% for TRH of 500.

The Rowhammer threshold (TRH) has dropped from 140K in DDR3 to just 4.9K in LPDDR4 over the last decade. The number of counters required for secure trackers increases from 87K to 512K as TRH drops from 1K to 500. With 1 mitigation per tREFI, the baseline deterministic tracker has a maximum disturbance of 74K activations. With 8 mitigations per tREFI, the baseline deterministic tracker still has a maximum disturbance of 65K-67K activations. With 1 mitigation per tREFI, PROTEAS has a maximum disturbance of 2.1K activations, 35x lower than the baseline. With 8 mitigations per tREFI, PROTEAS has a maximum disturbance of 305 activations, 222x lower than the baseline.

"Rowhammer bit-flips are not just a reliability problem, but also a major security threat. Numerous studies have illustrated exploits using Rowhammer [1], [5], [8]–[10], [23], [37], [41]." "Such in-DRAM solutions are resource-constrained (only able to provision few tens of counters to track aggressor rows) and are prone to thrashing based attacks, that have been used to fool them." "PROTEAS can secure small in-DRAM trackers (with 16 counters per DRAM bank) even when Rowhammer thresholds drop to 500 while incurring less than 3% slowdown."