🤖 AI Summary
This work addresses the vulnerability of existing in-DRAM Rowhammer defense mechanisms, which rely on fixed thresholds and thus fail to adapt to temperature-induced variations in the true Rowhammer threshold (TRHD). To overcome this limitation, we propose the first defense-agnostic runtime dynamic threshold management framework. By integrating a lightweight linear temperature model, a guardband design inspired by VRD principles, and a physical TRHD scaling mechanism, our approach periodically adjusts the activation threshold to track the actual TRHD. The framework seamlessly integrates with mainstream in-DRAM defenses—including SALT-C, PRAC, and TRR—demonstrating significant efficacy: under 85°C, it reduces PRAC’s aging attack count from 72 to zero and eliminates all SALT-C vulnerabilities in boot mode, while incurring no more than 5.1% additional latency overhead.
📝 Abstract
In-DRAM Rowhammer defenses pin the mitigation threshold at manufacture time, yet the true Rowhammer Threshold (TRHD) varies with runtime temperature. We propose \emph{Dynamic Rowhammer Threshold Management}, a defense-agnostic runtime layer that re-sources each defense's threshold from the observed temperature once per epoch via a linear-$T$ model with a VRD-motivated guardband $g$, projecting the result onto SALT-C, PRAC, and TRR through each defense's threshold parameter. A decoupled oracle that scales physical TRHD per-DIMM by $δ\sim \mathrm{N}(1, σ)$ breaks model self-consistency. The layer drives PRAC's 72 staleness breaches at 85$^\circ$C to zero; at $σ{=}0.10$, sweeping $g$ collapses PRAC breaches from 38.4 ($g{=}1.0$) to 9.6 ($g{=}0.9$). SALT-C drops from 10 nominal-static breaches to 2 (Dynamic) to 0 (bootstrap), at $\leq$5.1\% latency. TRR is capacity-limited; the layer acts as a diagnostic.