Abstract:This paper investigates secure low-cost in-DRAM trackers for mitigating Rowhammer (RH). In-DRAM solutions have the advantage that they can solve the RH problem within the DRAM chip, without relying on other parts of the system. However, in-DRAM mitigation suffers from two key challenges: First, the mitigations are synchronized with refresh, which means we cannot mitigate at arbitrary times. Second, the SRAM area available for aggressor tracking is severely limited, to only a few bytes. Existing low-cost in-DRAM trackers (such as TRR) have been broken by well-crafted access patterns, whereas prior counter-based schemes require impractical overheads of hundreds or thousands of entries per bank. The goal of our paper is to develop an ultra low-cost secure in-DRAM tracker. Our solution is based on a simple observation: if only one row can be mitigated at refresh, then we should ideally need to track only one row. We propose a Minimalist In-DRAM Tracker (MINT), which provides secure mitigation with just a single entry. At each refresh, MINT probabilistically decides which activation in the upcoming interval will be selected for mitigation at the next refresh. MINT provides guaranteed protection against classic single and double-sided attacks. We also derive the minimum RH threshold (MinTRH) tolerated by MINT across all patterns. MINT has a MinTRH of 1482 which can be lowered to 356 with RFM. The MinTRH of MINT is lower than a prior counter-based design with 677 entries per bank, and is within 2x of the MinTRH of an idealized design that stores one-counter-per-row. We also analyze the impact of refresh postponement on the MinTRH of low-cost in-DRAM trackers, and propose an efficient solution to make such trackers compatible with refresh postponement.

What problem does this paper attempt to address?

The problem this paper attempts to address is: how to design a low-cost and secure Rowhammer mitigation solution in Dynamic Random Access Memory (DRAM). Specifically, the paper proposes a solution called Minimalist In-DRAM Tracker (MINT), which aims to effectively defend against Rowhammer attacks with minimal SRAM overhead (only a few bytes per bank). ### Background and Problem Rowhammer is a phenomenon where frequent activation of a DRAM row causes bit flips in adjacent rows, affecting data integrity and potentially being exploited as an attack vector, such as flipping bits in page tables to escalate privileges or compromise confidentiality. As DRAM technology advances, the number of activations required to trigger Rowhammer (TRH) has decreased, from approximately 139,000 in 2014 to about 4,800 in 2020, making Rowhammer a serious security threat. ### Limitations of Existing Solutions 1. **Hardware Mitigation Mechanisms**: Existing hardware mitigation solutions typically rely on tracking mechanisms to identify frequently activated rows (aggressor rows) and refresh the adjacent victim rows. These solutions can be deployed in the memory controller (MC) or within the DRAM chip (in-DRAM). The advantage of in-DRAM methods is that they can address the issue transparently within the DRAM chip without requiring changes to other parts of the system, but they face two main challenges: - **Synchronization Constraints**: Mitigation operations must be synchronized with refresh operations, meaning they cannot be performed at arbitrary times. - **Limited SRAM Resources**: The SRAM space available for tracking aggressor rows is very limited, usually only a few bytes per bank, which restricts the number of aggressor rows that can be tracked. 2. **Shortcomings of Existing Low-Cost In-DRAM Trackers**: - **Trackers like TRR**: Trackers such as Targeted Row Refresh (TRR) in DDR4, while low-cost, can be defeated by carefully crafted attack patterns (e.g., TRRespass and Blacksmith). - **Counter-Based Solutions**: Require significant SRAM overhead, making them impractical. ### Proposed Solution The paper proposes MINT (Minimalist In-DRAM Tracker), a future-selection-based tracker. The core idea is to randomly select a future activation event for mitigation during each refresh. Key features include: - **Single-Entry Tracking**: MINT requires only one entry to store the selected activation position, avoiding the coverage issues of existing trackers. - **Uniform Selection**: MINT ensures that each activation has the same probability of being selected through uniform random selection, enhancing security. - **Compatible with Refresh Delays**: The paper also introduces a mechanism called Delayed Mitigation Queue (DMQ), allowing MINT to be compatible with the refresh delays permitted by DDR5, further improving system robustness. ### Main Contributions 1. **Proposing MINT**: A secure Rowhammer mitigation solution requiring only a single entry. 2. **Performance Analysis**: MINT's minimum Rowhammer threshold (MinTRH) is 2800 (1400 for double-sided attacks), close to the optimal tracker with 677 entries. 3. **Support for Refresh Delays**: Combined with DMQ, MINT's MinTRH-D is 1482 when supporting refresh delays. 4. **Integration with DDR5 Features**: Leveraging DDR5's RFM features, MINT's MinTRH-D can be as low as 356. In summary, the paper presents MINT as an efficient, secure, and low-cost Rowhammer mitigation solution, significantly enhancing the security and reliability of DRAM.

MINT: Securely Mitigating Rowhammer with a Minimalist In-DRAM Tracker