Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations

TL;DR

This paper introduces Rubix and Rubix-D, innovative memory mapping techniques that significantly reduce Rowhammer attack vulnerabilities and mitigative slowdowns by randomizing address mappings, making defenses more practical at low thresholds.

Contribution

It proposes encrypted and dynamic line-to-row mapping methods, Rubix and Rubix-D, to drastically lower hot-rows and improve Rowhammer mitigation efficiency.

Findings

Rubix reduces mitigation slowdowns from 15-600% to under 3%.

Hot-rows are decreased by 2 to 3 orders of magnitude.

Rubix-D makes it harder for adversaries to learn spatial neighborhood.

Abstract

Modern systems mitigate Rowhammer using victim refresh, which refreshes the two neighbours of an aggressor row when it encounters a specified number of activations. Unfortunately, complex attack patterns like Half-Double break victim-refresh, rendering current systems vulnerable. Instead, recently proposed secure Rowhammer mitigations rely on performing mitigative action on the aggressor rather than the victims. Such schemes employ mitigative actions such as row-migration or access-control and include AQUA, SRS, and Blockhammer. While these schemes incur only modest slowdowns at Rowhammer thresholds of few thousand, they incur prohibitive slowdowns (15%-600%) for lower thresholds that are likely in the near future. The goal of our paper is to make secure Rowhammer mitigations practical at such low thresholds. Our paper provides the key insights that benign application encounter thousands of hot rows (receiving more activations than the threshold) due to the memory mapping, which places spatially proximate lines in the same row to maximize row-buffer hitrate. Unfortunately, this causes row to receive activations for many frequently used lines. We propose Rubix, which breaks the spatial correlation in the line-to-row mapping by using an encrypted address to access the memory, reducing the likelihood of hot rows by 2 to 3 orders of magnitude. To aid row-buffer hits, Rubix randomizes a group of 1-4 lines. We also propose Rubix-D, which dynamically changes the line-to-row mapping. Rubix-D minimizes hot-rows and makes it much harder for an adversary to learn the spatial neighbourhood of a row. Rubix reduces the slowdown of AQUA (from 15% to 1%), SRS (from 60% to 2%), and Blockhammer (from 600% to 3%) while incurring a storage of less than 1 Kilobyte.