Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh

TL;DR

Mithril is a novel cooperative DRAM-MC scheme leveraging the DDR5 RFM command to provide deterministic Row Hammer protection with minimal energy and performance overheads, addressing limitations of prior solutions.

Contribution

It introduces Mithril, the first RFM-compatible cooperative RH-protection scheme, and Mithril+, an extension that further reduces overheads with minimal modifications.

Findings

Mithril guarantees deterministic RH protection.

Mithril achieves minimal energy overheads in typical scenarios.

Mithril+ offers low performance overhead with slight MC modifications.

Abstract

Since its public introduction in the mid-2010s, the Row Hammer (RH) phenomenon has drawn significant attention from the research community due to its security implications. Although many RH-protection schemes have been proposed by processor vendors, DRAM manufacturers, and academia, they still have shortcomings. Solutions implemented in the memory controller (MC) incur increasingly higher costs due to their conservative design for the worst case in terms of the number of DRAM banks and RH threshold to support. Meanwhile, DRAM-side implementation either has a limited time margin for RH-protection measures or requires extensive modifications to the standard DRAM interface. Recently, a new command for RH-protection has been introduced in the DDR5/LPDDR5 standards, referred to as refresh management (RFM). RFM enables the separation of the tasks for RHprotection to both MC and DRAM by having the former generate an RFM command at a specific activation frequency and the latter take proper RH-protection measures within a given time window. Although promising, no existing study presents and analyzes RFM-based solutions for RH-protection. In this paper, we propose Mithril, the first RFM interfacecompatible, DRAM-MC cooperative RH-protection scheme providing deterministic protection guarantees. Mithril has minimal energy overheads for common use cases without adversarial memory access patterns. We also introduce Mithril+, an optional extension to provide minimal performance overheads at the expense of a tiny modification to the MC, while utilizing existing DRAM commands.