research-article

Public Access

HammerScope: Observing DRAM Power Consumption Using Rowhammer

Authors:

Kevin Sam Tharayil,

Angelos D. Keromytis,

Yuval YaromAuthors Info & Claims

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages 547 - 561

https://doi.org/10.1145/3548606.3560688

Published: 07 November 2022 Publication History

Abstract

The constant reduction in memory cell sizes has increased memory density and reduced power consumption, but has also affected its reliability. The Rowhammer attack exploits this reduced reliability to induce bit flips in memory, without directly accessing these bits. Most Rowhammer attacks target software integrity, but some recent attacks demonstrated its use for compromising confidentiality.

Continuing this trend, in this paper we observe that the \rh attack strongly correlates with the memory instantaneous power consumption. We exploit this observation to design HammerScope, a Rowhammer-based attack technique for measuring the power consumption of the memory unit. Because the power consumption correlates with the level of activity of the memory, \hs allows an attacker to infer memory activity.

To demonstrate the offensive capabilities of HammerScope, we use it to mount three information leakage attacks. We first show that \hs can be used to break kernel address-space layout randomization (KASLR). Our second attack uses memory activity as a covert channel for a Spectre attack, allowing us to leak information from the operating system kernel. Finally, we demonstrate the use of HammerScope for performing website fingerprinting, compromising user privacy. Our work demonstrates the importance of finding systematic solutions for Rowhammer attacks.

References

[1]

Zelalem Birhanu Aweke, Salessawi Ferede Yitbarek, Rui Qiao, Reetuparna Das, Matthew Hicks, Yossi Oren, and Todd M. Austin. 2016. ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks. In ASPLOS. 743--755. https://doi.org/10.1145/2872362.2872390

Digital Library

[2]

Tanj Bennett, Stefan Saroiu, Alec Wolman, and Lucian Cojocar. 2021. Panopticon: A Complete In-DRAM Rowhammer Mitigation. In DRAMSec. https://dramsec.ethz.ch/papers/panopticon.pdf

[3]

Ishwar Bhati, Mu-Tien Chang, Zeshan Chishti, Shih-Lien Lu, and Bruce L. Jacob. 2016. DRAM Refresh Mechanisms, Penalties, and Trade-Offs. IEEE Trans. Computers, Vol. 65, 1 (2016), 108--121. https://doi.org/10.1109/TC.2015.2417540

Digital Library

[4]

Sarani Bhattacharya and Debdeep Mukhopadhyay. 2016. Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis. In CHES. 602--624. https://doi.org/10.1007/978--3--662--53140--2_29

[5]

Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. CAn't Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In USENIX Security. 117--130. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/brasser

[6]

Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, and Auré lien Francillon. 2018. Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers. In CCS. 163--177. https://doi.org/10.1145/3243734.3243802

Digital Library

[7]

Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS. 769--784. https://doi.org/10.1145/3319535.3363219

Digital Library

[8]

Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, and Daniel Gruss. 2020. KASLR: Break It, Fix It, Repeat. In AsiaCCS. 481--493. https://doi.org/10.1145/3320269.3384747

Digital Library

[9]

Kevin K. Chang, Abdullah Giray Yaglikcc i, Saugata Ghose, Aditya Agrawal, Niladrish Chatterjee, Abhijith Kashyap, Donghyuk Lee, Mike O'Connor, Hasan Hassan, and Onur Mutlu. 2017. Understanding Reduced-Voltage Operation in Modern DRAM Devices: Experimental Characterization, Analysis, and Mechanisms. Proc. ACM Meas. Anal. Comput. Syst., Vol. 1, 1 (2017), 10:1--10:42. https://doi.org/10.1145/3084447

Digital Library

[10]

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, and Herbert Bos. 2019. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. In IEEE SP. 55--71. https://doi.org/10.1109/SP.2019.00089

[11]

Howard David, Eugene Gorbatov, Ulf R. Hanebutte, Rahul Khanna, and Christian Le. 2010. RAPL: memory power estimation and capping. In ISLPED. 189--194. https://doi.org/10.1145/1840845.1840883

Digital Library

[12]

Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2021. SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript. In USENIX Security. 1001--1018. https://www.usenix.org/conference/usenixsecurity21/presentation/ridder

[13]

Spencer Desrochers, Chad Paradis, and Vincent M. Weaver. 2016. A Validation of DRAM RAPL Power Measurements. MEMSYS. 455--470. https://doi.org/10.1145/2989081.2989088

Digital Library

[14]

Steven A. Frank. 2018. Control Theory Tutorial. Springer International Publishing.

[15]

Jeffrey Friedman. 1972. Tempest: A signal problem. NSA Cryptologic Spectrum, Vol. 2, 3 (1972). https://www.nsa.gov/portals/75/documents/news-features/declassified-documents/cryptologic-spectrum/tempest.pdf

[16]

Pietro Frigo, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU. In IEEE SP. 195--210. https://doi.org/10.1109/SP.2018.00022

[17]

Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TRRespass: Exploiting the Many Sides of Target Row Refresh. In IEEE SP. 747--762. https://doi.org/10.1109/SP46214.2022.9833664

[18]

Karine Gandolfi, Christophe Mourtel, and Francis Olivier. 2001. Electromagnetic Analysis: Concrete Results. In CHES. 251--261. https://doi.org/10.1007/3--540--44709--1_21

[19]

Daniel Genkin, Noam Nissan, Roei Schuster, and Eran Tromer. 2022. Lend Me Your Ear: Passive Remote Physical Side Channels on PCs. In USENIX Security. 4437--4454. https://outflux.net/slides/2013/lss/kaslr.pdf

[20]

Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs - Extended version. J. Cryptogr. Eng., Vol. 5, 2 (2015), 95--112. https://doi.org/10.1007/s13389-015-0100--7

[21]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clé mentine Maurice, and Stefan Mangard. 2017. KASLR is Dead: Long Live KASLR. In ESSoS. 161--176. https://doi.org/10.1007/978--3--319--62105-0_11

[22]

Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another Flip in the Wall of Rowhammer Defenses. IEEE SP. 245--261. https://doi.org/10.1109/SP.2018.00031

[23]

Daniel Gruss, Clé mentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016b. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In CCS. 368--379. https://doi.org/10.1145/2976749.2978356

Digital Library

[24]

Daniel Gruss, Clé mentine Maurice, and Stefan Mangard. 2016a. Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript. In DIMVA. 300--321. https://doi.org/10.1007/978--3--319--40667--1_15

[25]

Hasan Hassan, Yahya Can Tugrul, Jeremie S. Kim, Victor van der Veen, Kaveh Razavi, and Onur Mutlu. 2021. Uncovering In-DRAM RowHammer Protection Mechanisms: A New Methodology, Custom RowHammer Patterns, and Implications. In MICRO. 1198--1213. https://doi.org/10.1145/3466752.3480110

Digital Library

[26]

Yeongjin Jang, Jaehyuk Lee, Sangho Lee, and Taesoo Kim. 2017. SGX-Bomb: Locking Down the Processor via Rowhammer Attack. In SysTEX. 5:1--5:6. https://doi.org/10.1145/3152701.3152709

Digital Library

[27]

Patrick Jattke, Victor van der Veen, Pietro Frigo, Stijn Gunter, and Kaveh Razavi. 2022. BLACKSMITH: Scalable Rowhammering in the Frequency Domain. In IEEE SP. 716--734. https://doi.org/10.1109/SP46214.2022.9833772

[28]

Yichen Jiang, Huifeng Zhu, Dean Sullivan, Xiaolong Guo, Xuan Zhang, and Yier Jin. 2021. Quantifying Rowhammer Vulnerability for DRAM Security. In DAC. 73--78. https://doi.org/10.1109/DAC18074.2021.9586119

Digital Library

[29]

Jeremie S. Kim, Minesh Patel, Abdullah Giray Yaglikcc i, Hasan Hassan, Roknoddin Azizi, Lois Orosa, and Onur Mutlu. 2020. Revisiting RowHammer: An Experimental Analysis of Modern DRAM Devices and Mitigation Techniques. In ISCA. 638--651. https://doi.org/10.1109/ISCA45697.2020.00059

Digital Library

[30]

Yoongu Kim, Ross Daly, Jeremie S. Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ISCA. 361--372. https://doi.org/10.1109/ISCA.2014.6853210

[31]

Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In CRYPTO. 388--397. https://doi.org/10.1007/3--540--48405--1_25

[32]

Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, and Daniel Gruss. 2022. Half-Double: Hammering from the Next Row Over. In USENIX Security. 3807--3824. https://www.usenix.org/conference/usenixsecurity22/presentation/kogler-half-double

[33]

Robert Kotcher, Yutong Pei, Pranjal Jumde, and Collin Jackson. 2013. Cross-Origin Pixel Stealing: Timing Attacks Using CSS Filters. In CCS. 1055--1062. https://doi.org/10.1145/2508859.2516712

Digital Library

[34]

Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. 2020. RAMBleed: Reading Bits in Memory Without Accessing Them. In IEEE SP. 695--711. https://doi.org/10.1109/SP40000.2020.00020

[35]

Eojin Lee, Ingab Kang, Sukhan Lee, G. Edward Suh, and Jung Ho Ahn. 2019. TWiCe: Preventing Row-hammering by Exploiting Time Window Counters. In ISCA. 385--396. https://doi.org/10.1145/3307650.3322232

Digital Library

[36]

Pavel Lifshits, Roni Forte, Yedid Hoshen, Matt Halpern, Manuel Philipose, Mohit Tiwari, and Mark Silberstein. 2018. Power to peep-all: Inference Attacks by Malicious Batteries on Mobile Devices. PoPETs, Vol. 2018, 4 (2018), 141--158. https://doi.org/10.1515/popets-2018-0036

[37]

Moritz Lipp, Daniel Gruss, and Michael Schwarz. 2022. AMD Prefetch Attacks through Power and Time. In USENIX Security. 643--660. https://www.usenix.org/conference/usenixsecurity22/presentation/lipp

[38]

Moritz Lipp, Andreas Kogler, David F. Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. 2021. PLATYPUS: Software-based Power Side-Channel Attacks on x86. In IEEE SP. 355--371. https://doi.org/10.1109/SP40001.2021.00063

[39]

Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clé mentine Maurice, and Daniel Gruss. 2020. Nethammer: Inducing Rowhammer Faults through Network Requests. In EuroS&P Workshops. 710--719. https://doi.org/10.1109/EuroSPW51379.2020.00102

[40]

Kevin Loughlin, Stefan Saroiu, Alec Wolman, and Baris Kasikci. 2021. Stop! Hammer Time: Rethinking our Approach to Rowhammer Mitigations. In HotOS. 88--95. https://doi.org/10.1145/3458336.3465295

Digital Library

[41]

Stefan Mangard, Elisabeth Oswald, and Thomas Popp. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer.

Digital Library

[42]

Hector Marco-Gisbert and Ismael Ripoll Ripoll. 2019. Address space layout randomization next generation. Applied Sciences, Vol. 9, 14 (2019), 2928. https://doi.org/10.3390/app9142928

[43]

Colin O'Flynn and Alex Dewar. 2019. On-Device Power Analysis Across Hardware Security Domains. Stop Hitting Yourself. IACR Trans. Cryptogr. Hardw. Embed. Syst., Vol. 2019, 4 (2019), 126--153. https://doi.org/10.13154/tches.v2019.i4.126--153

[44]

Lukasz Olejnik, Gunes Acar, Claude Castelluccia, and Claudia D'i az. 2015. The Leaking Battery - A Privacy Analysis of the HTML5 Battery Status API. In DPM/QASA at ESORICS. 254--263. https://doi.org/10.1007/978--3--319--29883--2_18

[45]

Yossef Oren and Adi Shamir. 2007. Remote Password Extraction from RFID Tags. IEEE Trans. Computers, Vol. 56, 9 (2007), 1292--1296. https://doi.org/10.1109/TC.2007.1050

Digital Library

[46]

Peter Pessl, Daniel Gruss, Clé mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security. 565--581. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/pessl

[47]

Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. 2016. Flip Feng Shui: Hammering a Needle in the Software Stack. In USENIX Security. 1--18. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/razavi

[48]

Falk Schellenberg, Dennis R. E. Gnad, Amir Moradi, and Mehdi Baradaran Tahoori. 2018. An inside job: Remote power analysis attacks on FPGAs. In DATE. 1111--1116. https://doi.org/10.23919/DATE.2018.8342177

[49]

Martin Schwarzl, Thomas Schuster, Michael Schwarz, and Daniel Gruss. 2021. Speculative dereferencing of registers: Reviving Foreshadow. In FC. 311--330. https://doi.org/10.1007/978--3--662--64322--8_15

[50]

Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html. (2015).

[51]

Mungyu Son, Hyunsun Park, Junwhan Ahn, and Sungjoo Yoo. 2017. Making DRAM Stronger Against Row Hammering. In DAC. 55:1--55:6. https://doi.org/10.1145/3061639.3062281

Digital Library

[52]

Andrei Tatar, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018a. Defeating Software Mitigations Against Rowhammer: A Surgical Precision Hammer. In RAID. 47--66. https://doi.org/10.1007/978--3-030-00470--5_3

[53]

Andrei Tatar, Radhesh Krishnan Konoth, Elias Athanasopoulos, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018b. Throwhammer: Rowhammer Attacks over the Network and Defenses. In USENIX ATC. 213--226. https://www.usenix.org/conference/atc18/presentation/tatar

Digital Library

[54]

Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, and Kang G. Shin. 2022. SpecHammer: Combining Spectre and Rowhammer for New Speculative Attacks. In IEEE SP. 681--698. https://doi.org/10.1109/SP46214.2022.9833802

[55]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic. In CCS. 178--195. https://doi.org/10.1145/3243734.3243822

Digital Library

[56]

Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. 2016. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS. 1675--1689. https://doi.org/10.1145/2976749.2978406

Digital Library

[57]

Victor Van der Veen, Martina Lindorfer, Yanick Fratantonio, Harikrishnan Padmanabha Pillai, Giovanni Vigna, Christopher Kruegel, Herbert Bos, and Kaveh Razavi. 2018. GuardION: Practical Mitigation of DMA-Based Rowhammer Attacks on ARM. In DIMVA. 92--113. https://doi.org/10.1007/978--3--319--93411--2_5

[58]

VLSI System Design Corporation. 2017. Effect of Coupling Capacitance. (2017). https://www.vlsisystemdesign.com/effect-of-coupling-capacitance/

[59]

Andrew J. Walker, Sungkwon Lee, and Dafna Beery. 2021. On DRAM Rowhammer and the Physics of Insecurity. IEEE Transactions on Electron Devices, Vol. 68, 4 (2021), 1400--1410. https://doi.org/10.1109/TED.2021.3060362

[60]

Zane Weissman, Thore Tiemann, Daniel Moghimi, Evan Custodio, Thomas Eisenbarth, and Berk Sunar. 2020. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms. IACR Trans. Cryptogr. Hardw. Embed. Syst., Vol. 2020, 3 (2020), 169--195. https://doi.org/10.13154/tches.v2020.i3.169--195

[61]

Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In USENIX Security. 19--35. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/xiao

[62]

Abdullah Giray Yaglikcc i, Haocong Luo, Geraldo F. de Oliviera, Ataberk Olgun, Minesh Patel, Jisung Park, Hasan Hassan, Jeremie S. Kim, Lois Orosa, and Onur Mutlu. 2022. Understanding RowHammer Under Reduced Wordline Voltage: An Experimental Study Using Real DRAM Devices. In DSN. 475--487. https://doi.org/10.1109/DSN53405.2022.00054

[63]

Qing Yang, Paolo Gasti, Gang Zhou, Aydin Farajidavar, and Kiran S. Balagani. 2017. On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-Channel. IEEE Trans. Inf. Forensics Secur., Vol. 12, 5 (2017), 1056--1066. https://doi.org/10.1109/TIFS.2016.2639446

Digital Library

[64]

Jung Min You and Joon-Sung Yang. 2019. MRLoc: Mitigating Row-hammering Based on Memory Locality. In DAC. 19. https://doi.org/10.1145/3316781.3317866

Digital Library

[65]

Zhi Zhang, Yueqiang Cheng, Dongxi Liu, Surya Nepal, Zhi Wang, and Yuval Yarom. 2020. PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses. In MICRO. 28--41. https://doi.org/10.1109/MICRO50266.2020.00016

[66]

Kenneth M. Zick, Meeta Srivastav, Wei Zhang, and Matthew French. 2013. Sensing Nanosecond-Scale Voltage Attacks and Natural Transients in FPGAs. In FPGA. 101--104. https://doi.org/10.1145/2435264.2435283 io

Digital Library

Cited By

Hertogh MWiebing SGiuffrida C(2024)Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00158(3773-3788)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00158
Canpolat OYağlıkçı AOlgun AYuksel ITuğrul YKanellopoulos KErgin OMutlu O(2024)BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO61859.2024.00072(915-934)Online publication date: 2-Nov-2024
https://doi.org/10.1109/MICRO61859.2024.00072
Nam HBaek SWi MKim MPark JSong CKim NAhn J(2024)DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00083(1097-1111)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00083
Show More Cited By

Index Terms

HammerScope: Observing DRAM Power Consumption Using Rowhammer
1. Hardware
  1. Integrated circuits
    1. Semiconductor memory
      1. Dynamic memory
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS'16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS '16: Proceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...
ANVIL: Software-Based Protection Against Next-Generation Rowhammer Attacks
ASPLOS '16

Ensuring the integrity and security of the memory system is critical. Recent studies have shown serious security concerns due to "rowhammer" attacks, where repeated accesses to a row of memory cause bit flips in adjacent rows. Recent work by Google's ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

November 2022

3598 pages

ISBN:9781450394505

DOI:10.1145/3548606

General Chairs:
Heng Yin
University of California, Riverside
,
Angelos Stavrou
Virginia Tech
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Elaine Shi
Carnegie Mellon University

Copyright © 2022 ACM.

© 2022 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

ARC Discovery Early Career Researcher Award
Air Force Office of Scientific Research (AFOSR)
National Science Foundation
ARC Discovery Project
Blavatnik ICRC at Tel-Aviv University
Amd
Intel Corporation

Conference

CCS '22

Sponsor:

SIGSAC

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security

November 7 - 11, 2022

CA, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
951
Total Downloads

Downloads (Last 12 months)499
Downloads (Last 6 weeks)40

Reflects downloads up to 28 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Hertogh MWiebing SGiuffrida C(2024)Leaky Address Masking: Exploiting Unmasked Spectre Gadgets with Noncanonical Address Translation2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00158(3773-3788)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00158
Canpolat OYağlıkçı AOlgun AYuksel ITuğrul YKanellopoulos KErgin OMutlu O(2024)BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO61859.2024.00072(915-934)Online publication date: 2-Nov-2024
https://doi.org/10.1109/MICRO61859.2024.00072
Nam HBaek SWi MKim MPark JSong CKim NAhn J(2024)DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA)10.1109/ISCA59077.2024.00083(1097-1111)Online publication date: 29-Jun-2024
https://doi.org/10.1109/ISCA59077.2024.00083
Bostanci FYüksel IOlgun AKanellopoulos KTuğrul YYağliçi ASadrosadati MMutlu O(2024)CoMeT: Count-Min-Sketch-based Row Tracking to Mitigate RowHammer at Low Cost2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00050(593-612)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00050
Yağlıkçı ATuğrul YOliveira GYüksel İOlgun ALuo HMutlu O(2024)Spatial Variation-Aware Read Disturbance Defenses: Experimental Analysis of Real DRAM Chips and Implications on Future Solutions2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00048(560-577)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00048
Zhang XZhang ZShen QWang WGao YYang ZZhang J(2024)SegScope: Probing Fine-grained Interrupts via Architectural Footprints2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA)10.1109/HPCA57654.2024.00039(424-438)Online publication date: 2-Mar-2024
https://doi.org/10.1109/HPCA57654.2024.00039
Olgun AOsseiran MYağlıkçı ATuğrul YLuo HRhyner SSalami BLuna JMutlu O(2024)Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00022(75-89)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00022
Orosa LRührmair UGiray Yağlikçi ALuo HOlgun AJattke PPatel MKim JRazavi KMutlu O(2024)SpyHammer: Understanding and Exploiting RowHammer Under Fine-Grained Temperature VariationsIEEE Access10.1109/ACCESS.2024.340938912(80986-81003)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3409389
Olgun AOsseiran MYağlıkçı ATuğrul YLuo HRhyner SSalami BLuna JMutlu O(2023)An Experimental Analysis of RowHammer in HBM2 DRAM Chips2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume (DSN-S)10.1109/DSN-S58398.2023.00042(151-156)Online publication date: Jul-2023
https://doi.org/10.1109/DSN-S58398.2023.00042

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten