Probabilistic Tracker Management Policies for Low-Cost and Scalable Rowhammer Mitigation

TL;DR

Rowhammer threats grow as DRAM thresholds decline, making scalable, low-storage mitigation essential. PROTEAS introduces probabilistic tracker management with Probabilistic Request Stream Sampling and random replacement to render small in-DRAM trackers thrash-resistant while preserving mitigation efficacy. The methodology shows PROTEAS achieves substantial reductions in maximum and average disturbance compared with trackerless PARA/PRA and Samsung DSAC, especially when co-designed with DDR5’s Refresh Management to enable multiple mitigations per $tREFI$. With modest storage overhead (around a few KB per rank) and near-zero performance impact at higher $TRH$, PROTEAS offers a practical, scalable pathway to secure Rowhammer mitigation in future DRAM generations.

Abstract

This paper focuses on mitigating DRAM Rowhammer attacks. In recent years, solutions like TRR have been deployed in DDR4 DRAM to track aggressor rows and then issue a mitigative action by refreshing neighboring victim rows. Unfortunately, such in-DRAM solutions are resource-constrained (only able to provision few tens of counters to track aggressor rows) and are prone to thrashing based attacks, that have been used to fool them. Secure alternatives for in-DRAM trackers require tens of thousands of counters. In this work, we demonstrate secure and scalable rowhammer mitigation using resource-constrained trackers. Our key idea is to manage such trackers with probabilistic management policies (PROTEAS). PROTEAS includes component policies like request-stream sampling and random evictions which enable thrash-resistance for resource-constrained trackers. We show that PROTEAS can secure small in-DRAM trackers (with 16 counters per DRAM bank) even when Rowhammer thresholds drop to 500 while incurring less than 3% slowdown. Moreover, we show that PROTEAS significantly outperforms a recent similar probabilistic proposal from Samsung (called DSAC) while achieving 11X - 19X the resilience against Rowhammer.

Figures (14)

• Figure 1: (a) As Rowhammer thresholds drop below 1K, Rowhammer trackers require 1000s to 10,000s of counters to be secure, while resource-constrained trackers (like TRR or DSAC) with tens of counters, which are practical within the logic area in DRAM, provide little to no security. (b) This is because trackers with tens of counters are vulnerable to thrashing-based attacks, which can easily evict tracked entries to fool the tracker, exploiting its deterministic management. (c) PROTEAS provides strong security with a small 16-entry tracker, via thrash resistance through probabilistic sampling and random evictions.
• Figure 2: Overview of Tracker Management Policies and Potential for Probabilistic Policies for Thrash Resistance
• Figure 3: Probabilistic Sampling of (a) Request Stream and (b) Miss Stream
• Figure 4: Sensitivity of PMSS and PRSS to Sampling Probability ($p$). PRSS achieves a significantly lower minima for the maximum disturbance (2.2K) compared to PMSS (5.1K), due to its more effective thrash reduction.
• Figure 5: Sensitivity of PRSS to Replacement Policy. PRSS with Random Replacement achieves a 10% lower minima for maximum disturbance (2K) compared to LFU Replacement (2.2K).