Preventing Row Hammer Attacks by Dynamic Indirection of Row Addresses

Row hammer in dynamic random access memories (DRAM) is an effect by which repeatedly activating a row of the DRAM causes bits in nearby rows to flip. Because OS and program variables can be stored adjacent to each other in the DRAM, a malicious program can repeatedly activate DRAM rows to flip nearby bits that store important OS states (e.g., program privileges). In this manner, an attacker can gain unauthorized, privileged access to a computer. This disclosure describes techniques that use a combination of indirection and randomization to make it difficult for an attacker to hammer DRAM rows. Per the techniques, the relationship between memory addresses and physical rows is made random and dynamic, such that the physical relationship between the rows is difficult, if not impossible, to discover and exploit

RAMPART: RowHammer Mitigation and Repair for Server Memory Systems

RowHammer attacks are a growing security and reliability concern for DRAMs and computer systems as they can induce many bit errors that overwhelm error detection and correction capabilities. System-level solutions are needed as process technology and circuit improvements alone are unlikely to provide complete protection against RowHammer attacks in the future. This paper introduces RAMPART, a novel approach to mitigating RowHammer attacks and improving server memory system reliability by remapping addresses in each DRAM in a way that confines RowHammer bit flips to a single device for any victim row address. When RAMPART is paired with Single Device Data Correction (SDDC) and patrol scrub, error detection and correction methods in use today, the system can detect and correct bit flips from a successful attack, allowing the memory system to heal itself. RAMPART is compatible with DDR5 RowHammer mitigation features, as well as a wide variety of algorithmic and probabilistic tracking methods. We also introduce BRC-VL, a variation of DDR5 Bounded Refresh Configuration (BRC) that improves system performance by reducing mitigation overhead and show that it works well with probabilistic sampling methods to combat traditional and victim-focused mitigation attacks like Half-Double. The combination of RAMPART, SDDC, and scrubbing enables stronger RowHammer resistance by correcting bit flips from one successful attack. Uncorrectable errors are much less likely, requiring two successful attacks before the memory system is scrubbed.Comment: 16 pages, 13 figures. A version of this paper will appear in the Proceedings of MEMSYS2