Related papers: Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations

Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations

URL: http://arxiv.org/abs/2308.14907v1
Date: Mon, 28 Aug 2023 21:22:15 GMT
Title: Randomized Line-to-Row Mapping for Low-Overhead Rowhammer Mitigations
Authors: Anish Saxena, Saurav Mathur, Moinuddin Qureshi,
Abstract summary: Recently proposed secure Rowhammer mitigations rely on performing mitigative action on the aggressor rather than the victims. We propose Rubix, which breaks the spatial correlation in the line-to-row mapping by using an encrypted address to access the memory. We also propose Rubix-D, which dynamically changes the line-to-row mapping.
Score: 0.716879432974126
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Modern systems mitigate Rowhammer using victim refresh, which refreshes the two neighbours of an aggressor row when it encounters a specified number of activations. Unfortunately, complex attack patterns like Half-Double break victim-refresh, rendering current systems vulnerable. Instead, recently proposed secure Rowhammer mitigations rely on performing mitigative action on the aggressor rather than the victims. Such schemes employ mitigative actions such as row-migration or access-control and include AQUA, SRS, and Blockhammer. While these schemes incur only modest slowdowns at Rowhammer thresholds of few thousand, they incur prohibitive slowdowns (15%-600%) for lower thresholds that are likely in the near future. The goal of our paper is to make secure Rowhammer mitigations practical at such low thresholds. Our paper provides the key insights that benign application encounter thousands of hot rows (receiving more activations than the threshold) due to the memory mapping, which places spatially proximate lines in the same row to maximize row-buffer hitrate. Unfortunately, this causes row to receive activations for many frequently used lines. We propose Rubix, which breaks the spatial correlation in the line-to-row mapping by using an encrypted address to access the memory, reducing the likelihood of hot rows by 2 to 3 orders of magnitude. To aid row-buffer hits, Rubix randomizes a group of 1-4 lines. We also propose Rubix-D, which dynamically changes the line-to-row mapping. Rubix-D minimizes hot-rows and makes it much harder for an adversary to learn the spatial neighbourhood of a row. Rubix reduces the slowdown of AQUA (from 15% to 1%), SRS (from 60% to 2%), and Blockhammer (from 600% to 3%) while incurring a storage of less than 1 Kilobyte.

Related papers

ImPress: Securing DRAM Against Data-Disturbance Errors via Implicit Row-Press Mitigation [1.3921736520874155]
DRAM cells are susceptible to Data-Disturbance Errors (DDE) Rowhammer is a well-known DDE vulnerability that occurs when a row is repeatedly activated. Row-Press (RP) is a new DDE vulnerability that occurs when a row is kept open for a long time.
arXiv Detail & Related papers (2024-07-22T19:20:14Z)
Probabilistic Tracker Management Policies for Low-Cost and Scalable Rowhammer Mitigation [5.597216094757414]
In recent years, solutions like TRR have been deployed in DDR4 DRAM to track aggressor rows and then issue a mitigative action by refreshing neighboring rows. Such in-DRAM solutions are resource-constrained (only able to provision few tens of counters to track aggressor rows) and are prone to thrashing based attacks, that have been used to fool them. In this work, we demonstrate secure and scalable rowhammer mitigation using resource-constrained trackers.
arXiv Detail & Related papers (2024-04-24T23:57:58Z)
BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads [5.767293823380473]
RowHammer is a read disturbance mechanism in DRAM where repeatedly accessing (hammering) a row of DRAM cells (DRAM row) induces bitflips in other physically nearby DRAM rows. RowHammer solutions perform preventive actions (e.g., refresh neighbor rows of the hammered row) that mitigate such bitflips. As shrinking technology node size over DRAM chip generations exacerbates RowHammer, the overheads of RowHammer solutions become prohibitively expensive. In this work, we tackle the performance overheads of RowHammer solutions by tracking and throttling the generators of memory accesses that trigger RowHammer solutions.
arXiv Detail & Related papers (2024-04-20T22:09:38Z)
Action-Quantized Offline Reinforcement Learning for Robotic Skill Learning [68.16998247593209]
offline reinforcement learning (RL) paradigm provides recipe to convert static behavior datasets into policies that can perform better than the policy that collected the data. In this paper, we propose an adaptive scheme for action quantization. We show that several state-of-the-art offline RL methods such as IQL, CQL, and BRAC improve in performance on benchmarks when combined with our proposed discretization scheme.
arXiv Detail & Related papers (2023-10-18T06:07:10Z)
ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation [6.570851573752742]
We introduce ABACuS, a new low-cost hardware-counter-based RowHammer mitigation technique. ABACuS uses a single shared row activation counter to track activations to the rows with the same row address in all DRAM banks. Our evaluations show that ABACuS securely prevents RowHammer bitflip/energy overhead and low area cost.
arXiv Detail & Related papers (2023-10-15T23:04:30Z)
Scalable and Configurable Tracking for Any Rowhammer Threshold [0.8057006406834466]
The Rowhammer vulnerability continues to get worse, with the Rowhammer Threshold (TRH) reducing from 139K activations to 4.8K activations over the last decade. The number of possible aggressors increases with lowering thresholds making it difficult to reliably track such rows in a storage-efficient manner. Recent in-DRAM trackers from industry, such as DSAC-TRR, perform approximate tracking, sacrificing guaranteed protection for reduced storage overheads. We propose START - a scalable tracker for Any Rowhammer Threshold.
arXiv Detail & Related papers (2023-08-28T20:24:49Z)
One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training [54.622474306336635]
A new weight modification attack called bit flip attack (BFA) was proposed, which exploits memory fault inject techniques. We propose a training-assisted bit flip attack, in which the adversary is involved in the training stage to build a high-risk model to release.
arXiv Detail & Related papers (2023-08-12T09:34:43Z)
Sparse and Imperceptible Adversarial Attack via a Homotopy Algorithm [93.80082636284922]
Sparse adversarial attacks can fool deep networks (DNNs) by only perturbing a few pixels. Recent efforts combine it with another l_infty perturbation on magnitudes. We propose a homotopy algorithm to tackle the sparsity and neural perturbation framework.
arXiv Detail & Related papers (2021-06-10T20:11:36Z)
Scaling the Convex Barrier with Sparse Dual Algorithms [141.4085318878354]
We present two novel dual algorithms for tight and efficient neural network bounding. Both methods recover the strengths of the new relaxation: tightness and a linear separation oracle. We can obtain better bounds than off-the-shelf solvers in only a fraction of their running time.
arXiv Detail & Related papers (2021-01-14T19:45:17Z)
Nearly Dimension-Independent Sparse Linear Bandit over Small Action Spaces via Best Subset Selection [71.9765117768556]
We consider the contextual bandit problem under the high dimensional linear model. This setting finds essential applications such as personalized recommendation, online advertisement, and personalized medicine. We propose doubly growing epochs and estimating the parameter using the best subset selection method.
arXiv Detail & Related papers (2020-09-04T04:10:39Z)
RayS: A Ray Searching Method for Hard-label Adversarial Attack [99.72117609513589]
We present the Ray Searching attack (RayS), which greatly improves the hard-label attack effectiveness as well as efficiency. RayS attack can also be used as a sanity check for possible "falsely robust" models.
arXiv Detail & Related papers (2020-06-23T07:01:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.