This paper investigates secure low-cost in-DRAM trackers for mitigating Rowhammer (RH). In-DRAM solutions have the advantage that they can solve the RH problem within the DRAM chip, without relying on other parts of the system. However, in-DRAM mitigation suffers from two key challenges: First, the mitigations are synchronized with refresh, which means we cannot mitigate at arbitrary times. Second, the SRAM area available for aggressor tracking is severely limited, to only a few bytes. Existing low-cost in-DRAM trackers (such as TRR) have been broken by well-crafted access patterns, whereas prior counter-based schemes require impractical overheads of hundreds or thousands of entries per bank. The goal of our paper is to develop an ultra low-cost secure in-DRAM tracker. Our solution is based on a simple observation: if only one row can be mitigated at refresh, then we should ideally need to track only one row. We propose a Minimalist In-DRAM Tracker (MINT), which provides secure mitigation with just a single entry. At each refresh, MINT probabilistically decides which activation in the upcoming interval will be selected for mitigation at the next refresh. MINT provides guaranteed protection against classic single and double-sided attacks. We also derive the minimum RH threshold (MinTRH) tolerated by MINT across all patterns. MINT has a MinTRH of 1482 which can be lowered to 356 with RFM. The MinTRH of MINT is lower than a prior counter-based design with 677 entries per bank, and is within 2x of the MinTRH of an idealized design that stores one-counter-per-row. We also analyze the impact of refresh postponement on the MinTRH of low-cost in-DRAM trackers, and propose an efficient solution to make such trackers compatible with refresh postponement.

翻译：本文研究用于缓解Rowhammer（RH）攻击的安全低成本内存追踪器方案。内存内解决方案的优势在于其可在DRAM芯片内部解决RH问题，无需依赖系统其他部件。然而，内存内缓解方案面临两个关键挑战：首先，缓解措施与刷新操作同步，这意味着无法在任意时间执行缓解；其次，可用于攻击行追踪的SRAM区域严重受限，仅有数个字节。现有低成本内存内追踪器（如TRR）已被精心设计的访问模式攻破，而先前的基于计数器的方案需要每个存储体数百至数千条目的不切实际开销。本文旨在开发一种超低成本的安全内存内追踪器。我们的解决方案基于一个简单观察：若每次刷新仅能缓解一行，则理想情况下只需追踪一行。我们提出极简内存追踪器（MINT），仅需单个条目即可提供安全缓解。在每次刷新时，MINT以概率方式决定在即将到来的时间间隔中，哪个激活操作将在下次刷新时被选定进行缓解。MINT为经典单侧及双侧攻击提供可验证的保护。我们还推导出MINT在所有攻击模式下可容忍的最小RH阈值（MinTRH）。MINT的MinTRH为1482，结合RFM可降至356。该值低于先前每个存储体需677条目的计数器设计方案，且达到每行单计数器理想化设计MinTRH值的2倍范围内。本文还分析了刷新延迟对低成本内存内追踪器MinTRH的影响，并提出一种高效解决方案使此类追踪器兼容刷新延迟机制。