pith. sign in

arxiv: 2605.27803 · v1 · pith:4KLEW4LKnew · submitted 2026-05-27 · 💻 cs.CR · cs.AR

HammerSim: A System-Level Tool to Model RowHammer

Kaustav Goswami , Ayaz Akram , Hari Venugopalan , Jason Lowe-Power This is my paper

Pith reviewed 2026-06-29 12:12 UTC · model grok-4.3

classification 💻 cs.CR cs.AR
keywords RowHammergem5bitflip modelingmemory securityDDR4mitigationssystem simulationJS divergence
0
0 comments X

The pith

HammerSim adds probability-driven RowHammer bitflip modeling to gem5 for full-system security studies.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Existing architecture simulators cannot analyze RowHammer because they lack models for this memory vulnerability that worsens with scaling. HammerSim supplies a gem5 extension that uses probability-driven bitflip modeling to simulate realistic RowHammer behavior at the full-system level. The model is validated by comparing its outputs to measurements taken from real DDR4 DIMMs, using Jensen-Shannon divergence as the metric. The resulting framework supports experiments with hardware mitigations such as target row refresh and software techniques such as selective error correction. It is intended to let researchers examine interactions between attacks, defenses, operating systems, and workloads without requiring physical hardware for every test.

Core claim

HammerSim is a gem5-based framework that integrates probability-driven bitflip modeling to capture RowHammer behavior at the full-system level, enabling evaluation of mitigations such as TRR and selective ECC while validated against real DDR4 DIMMs using JS divergence.

What carries the argument

The probability-driven bitflip modeling extension inside gem5 that generates RowHammer-induced flips according to distributions measured on real hardware.

If this is right

  • Full-system effects of RowHammer attacks and cross-layer mitigations can now be studied inside a simulator.
  • Workload susceptibility to RowHammer can be quantified across different operating systems and applications.
  • New hardware and software defenses can be prototyped and compared before silicon or kernel changes are made.
  • The framework supplies an extensible base that can incorporate additional DRAM features or mitigation strategies.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same modeling approach could be extended to other DRAM failure modes such as data retention or read disturb.
  • Integration with cycle-accurate DRAM timing models would allow finer-grained study of attack timing.
  • The tool could support rapid evaluation of proposed RowHammer defenses before they are implemented in real hardware.

Load-bearing premise

The probability-driven bitflip model accurately represents real DDR4 DIMM behavior as measured by JS divergence.

What would settle it

Running the same validation procedure on a new collection of DDR4 DIMMs and obtaining a substantially higher JS divergence than the values reported in the paper.

Figures

Figures reproduced from arXiv: 2605.27803 by Ayaz Akram, Hari Venugopalan, Jason Lowe-Power, Kaustav Goswami.

Figure 1
Figure 1. Figure 1: Count of unique bitflips on different DRAM [PITH_FULL_IMAGE:figures/full_fig_p001_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: This figure shows a single rank of a DRAM [PITH_FULL_IMAGE:figures/full_fig_p002_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: High-level overview of RowHammer Modeling [PITH_FULL_IMAGE:figures/full_fig_p003_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Observed bitflips on a single row on a width 8 [PITH_FULL_IMAGE:figures/full_fig_p004_4.png] view at source ↗
Figure 6
Figure 6. Figure 6: HammerSim maintains structural counter-pairs per [PITH_FULL_IMAGE:figures/full_fig_p005_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: JS divergence heatmaps across different victim rows of the same DIMM and across multiple DIMMs on real [PITH_FULL_IMAGE:figures/full_fig_p007_7.png] view at source ↗
Figure 9
Figure 9. Figure 9: stdout of rowhammer-test when the single￾sided RowHammer attack was performed online using Ham￾merSim. As mentioned in Section 4.2, we do not model true and anti-DRAM cells. For a bitflip, we flip the contents of the capacitor regardless of a charged or an unchanged capacitor. rowhammer-test writes 0xFF as the data pattern and compares it for bitflips later. Bitflips are XOR on the exact capacitor location… view at source ↗
Figure 8
Figure 8. Figure 8: Reported bit errors by the simulator. output is printed on stdout with the number of bitflips and the change in data, as shown in [PITH_FULL_IMAGE:figures/full_fig_p008_8.png] view at source ↗
Figure 10
Figure 10. Figure 10: Offline estimation of bitflips by varying the [PITH_FULL_IMAGE:figures/full_fig_p009_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Simulated RowHammer result of bitflips on a [PITH_FULL_IMAGE:figures/full_fig_p010_11.png] view at source ↗
read the original abstract

Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models needed to study complex OS effects and cross-layer mitigations. This tool deficiency leaves modern computing platforms exposed to severe reliability and security risks. In this work, we present HammerSim, a gem5-based framework for modeling RowHammer at the full-system level. HammerSim integrates probability-driven bitflip modeling to realistically capture the behavior of RowHammer. It further enables evaluation of hardware and software mitigations such as TRR and selective ECC. We validate HammerSim's bitflip modeling against real DDR4 DIMMs using JS divergence, demonstrating its utility in studying attacks, defenses, and benign workload susceptibility. Our framework provides an extensible platform to bridge the gap between hardware experiments and architectural simulation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper presents HammerSim, a gem5-based framework for full-system modeling of RowHammer. It integrates probability-driven bitflip modeling, enables evaluation of mitigations like TRR and selective ECC, and validates the bitflip model against real DDR4 DIMMs using JS divergence to study attacks, defenses, and workload susceptibility.

Significance. If the probability-driven model accurately represents real hardware behavior as claimed, HammerSim would provide an important tool for architecture researchers to evaluate system-level effects of RowHammer and mitigations, filling a gap in current simulators.

major comments (2)
  1. [Abstract] Abstract: the validation claim using JS divergence against real DDR4 DIMMs is presented without any equations, raw flip-rate data, JS values, or description of how the probability model was constructed or fitted, making it impossible to assess whether the model realistically captures hardware behavior.
  2. [Abstract] Abstract: the central claim that the simulator can be used to study attacks, defenses, and workload susceptibility rests on the unshown probability-driven bitflip model; absent details on parameter construction or post-hoc choice avoidance, the soundness of this claim cannot be evaluated.
minor comments (1)
  1. The abstract would be strengthened by including at least one quantitative result from the JS divergence validation or a high-level description of the bitflip probability model.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their review. The comments focus on the level of detail in the abstract regarding the bitflip model and validation. The abstract is a high-level summary; the full construction of the probability model, fitting procedure, raw data, equations, and JS divergence results appear in the body of the manuscript (primarily Sections 3 and 4). We address each point below.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the validation claim using JS divergence against real DDR4 DIMMs is presented without any equations, raw flip-rate data, JS values, or description of how the probability model was constructed or fitted, making it impossible to assess whether the model realistically captures hardware behavior.

    Authors: We agree that the abstract itself contains none of the requested equations, raw flip-rate tables, specific JS values, or model-fitting description; this is inherent to the length and purpose of an abstract. The probability model is constructed from measured flip rates on real DDR4 DIMMs, with the fitting procedure, avoidance of post-hoc parameter selection, and resulting JS divergence values (including per-DIMM comparisons) presented in Section 4. We are willing to revise the abstract to add one sentence that explicitly references Section 4 for the validation details. revision: partial

  2. Referee: [Abstract] Abstract: the central claim that the simulator can be used to study attacks, defenses, and workload susceptibility rests on the unshown probability-driven bitflip model; absent details on parameter construction or post-hoc choice avoidance, the soundness of this claim cannot be evaluated.

    Authors: The probability-driven bitflip model and its parameter construction are shown in Section 3, where the model is derived directly from hardware measurements on multiple DDR4 DIMMs and the procedure for selecting parameters (including explicit steps taken to avoid post-hoc fitting to particular attack traces) is described. Sections 5 and 6 then demonstrate the simulator's use for attack, defense (TRR, selective ECC), and workload-susceptibility studies using that model. The abstract claim therefore rests on material that is present in the manuscript; we do not believe additional changes are required beyond the abstract clarification noted above. revision: no

Circularity Check

0 steps flagged

No significant circularity in HammerSim derivation chain

full rationale

The paper presents HammerSim as a new gem5-based modeling framework that integrates probability-driven bitflip modeling and validates it externally against real DDR4 DIMMs via JS divergence. No equations, fitted parameters, self-citations, or ansatzes are shown that reduce any prediction or claim to its own inputs by construction. The central contribution is a new simulation tool whose validity is tied to independent hardware measurements rather than internal redefinitions or self-referential fits, rendering the derivation self-contained.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Only the abstract is available; no specific free parameters, axioms, or invented entities can be extracted or audited from the provided text.

pith-pipeline@v0.9.1-grok · 5686 in / 1047 out tokens · 26470 ms · 2026-06-29T12:12:50.190657+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

107 extracted references · 28 canonical work pages · 2 internal anchors

  1. [1]

    Ddr memory errors caused by row hammer,

    B. Aichinger, “Ddr memory errors caused by row hammer,” in2015 IEEE High Performance Extreme Computing Conference (HPEC), 2015, pp. 1–5

    2015

  2. [2]

    Dram fault analysis and test generation,

    Z. Al-Ars, “Dram fault analysis and test generation,” 2005

    2005

  3. [3]

    Anvil: Software-based protection against next- generation rowhammer attacks,

    Z. B. Aweke, S. F. Yitbarek, R. Qiao, R. Das, M. Hicks, Y . Oren, and T. Austin, “Anvil: Software-based protection against next- generation rowhammer attacks,” inProceedings of the Twenty-First International Conference on Architectural Support for Programming Languages and Operating Systems, ser. ASPLOS ’16. New York, NY , USA: Association for Computing M...

    work page doi:10.1145/2872362.2872390 2016

  4. [4]

    The NAS Parallel Benchmarks,

    D. H. Bailey, E. Barszcz, J. T. Barton, D. S. Browning, R. L. Carter, L. Dagum, R. A. Fatoohi, P. O. Frederickson, T. A. Lasinski, R. S. Schreiberet al., “The NAS Parallel Benchmarks,”The International Journal of Supercomputing Applic ations, vol. 5, no. 3, pp. 63–73, 1991

    1991

  5. [5]

    Distributed row hammer tracking,

    K. S. Bains and J. B. Halbert, “Distributed row hammer tracking,” 2012, US Patent US20140095780A1

    2012

  6. [6]

    The GAP Benchmark Suite

    S. Beamer, K. Asanovi ´c, and D. Patterson, “The GAP Benchmark Suite,”arXiv preprint arXiv:1508.03619, 2015

    work page internal anchor Pith review Pith/arXiv arXiv 2015

  7. [7]

    Panopticon: A complete in-dram rowhammer mitigation,

    T. Bennett, S. Saroiu, A. Wolman, and L. Cojocar, “Panopticon: A complete in-dram rowhammer mitigation,” inWorkshop on DRAM Security (DRAMSec), vol. 22, 2021, p. 110

    2021

  8. [8]

    Curious case of rowhammer: Flipping secret exponent bits using timing analysis,

    S. Bhattacharya and D. Mukhopadhyay, “Curious case of rowhammer: Flipping secret exponent bits using timing analysis,” Cryptology ePrint Archive, Paper 2016/618, 2016. [Online]. Available: https://eprint.iacr.org/2016/618

    2016

  9. [9]

    Designing reliable systems from unreliable components: the challenges of transistor variability and degradation,

    S. Borkar, “Designing reliable systems from unreliable components: the challenges of transistor variability and degradation,”IEEE Micro, vol. 25, no. 6, pp. 10–16, 2005

    2005

  10. [10]

    Dedup est machina: Memory deduplication as an advanced exploitation vector,

    E. Bosman, K. Razavi, H. Bos, and C. Giuffrida, “Dedup est machina: Memory deduplication as an advanced exploitation vector,” in2016 IEEE Symposium on Security and Privacy (SP), 2016, pp. 987–1004

    2016

  11. [11]

    Enabling reproducible and agile full-system simulation,

    B. R. Bruce, A. Akram, H. Nguyen, K. Roarty, M. Samani, M. Fri- borz, T. Reddy, M. D. Sinclair, and J. Lowe-Power, “Enabling reproducible and agile full-system simulation,” in2021 IEEE In- ternational Symposium on Performance Analysis of Systems and Software (ISPASS), 2021, pp. 183–193

    2021

  12. [12]

    Are we susceptible to rowhammer? an end-to-end methodology for cloud providers,

    L. Cojocar, J. Kim, M. Patel, L. Tsai, S. Saroiu, A. Wolman, and O. Mutlu, “Are we susceptible to rowhammer? an end-to-end methodology for cloud providers,” in2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 712–728

    2020

  13. [13]

    Exploiting correct- ing codes: On the effectiveness of ecc memory against rowhammer attacks,

    L. Cojocar, K. Razavi, C. Giuffrida, and H. Bos, “Exploiting correct- ing codes: On the effectiveness of ecc memory against rowhammer attacks,” in2019 IEEE Symposium on Security and Privacy (SP), 2019, pp. 55–71

    2019

  14. [14]

    SMASH: Synchronized many-sided rowhammer attacks from JavaScript,

    F. de Ridder, P. Frigo, E. Vannacci, H. Bos, C. Giuffrida, and K. Razavi, “SMASH: Synchronized many-sided rowhammer attacks from JavaScript,” in30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Aug. 2021, pp. 1001–1018. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity21/presentation/ridder

    2021

  15. [15]

    Softhammer: Exploiting rowhammer bit flips without crashing,

    F. de Ridder, P. Jattke, and K. Razavi, “Softhammer: Exploiting rowhammer bit flips without crashing,” in5th Workshop on DRAM Security (DRAMSec). ETH Zurich, 2025

    2025

  16. [16]

    A gem5 based platform for micro-architectural security analysis,

    Q. Forcioli, J.-L. Danger, and S. Chaudhuri, “A gem5 based platform for micro-architectural security analysis,” inProceedings of the 12th International Workshop on Hardware and Architectural Support for Security and Privacy, ser. HASP ’23. New York, NY , USA: Association for Computing Machinery, 2023, p. 91–99. [Online]. Available: https://doi.org/10.1145...

    work page doi:10.1145/3623652.3623674 2023

  17. [17]

    Im- plementing rowhammer memory corruption in the gem5 simulator,

    L. France, F. Bruguier, M. Mushtaq, D. Novo, and P. Benoit, “Im- plementing rowhammer memory corruption in the gem5 simulator,” in2021 IEEE International Workshop on Rapid System Prototyping (RSP). IEEE, 2021, pp. 36–42

    2021

  18. [18]

    Vulnerability assessment of the rowhammer attack using machine learning and the gem5 simulator - work in progress,

    L. France, M. Mushtaq, F. Bruguier, D. Novo, and P. Benoit, “Vulnerability assessment of the rowhammer attack using machine learning and the gem5 simulator - work in progress,”Proceedings of the 2021 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, 2021. [Online]. Available: https://api.semanticscholar.org/ CorpusID:233384386

    2021

  19. [19]

    Grand pwning unit: Accelerating microarchitectural attacks with the gpu,

    P. Frigo, C. Giuffrida, H. Bos, and K. Razavi, “Grand pwning unit: Accelerating microarchitectural attacks with the gpu,” in2018 IEEE Symposium on Security and Privacy (SP), 2018, pp. 195–210

    2018

  20. [20]

    Trrespass: Exploiting the many sides of target row refresh,

    P. Frigo, E. Vannacci, H. Hassan, V . van der Veen, O. Mutlu, C. Giuffrida, H. Bos, and K. Razavi, “Trrespass: Exploiting the many sides of target row refresh,” 2020. [Online]. Available: https://arxiv.org/abs/2004.01807

    work page arXiv 2020

  21. [21]

    A rowhammer reproduction study using the blacksmith fuzzer,

    L. Gerlach, F. Thomas, R. Pietsch, and M. Schwarz, “A rowhammer reproduction study using the blacksmith fuzzer,” inESORICS, 2023

    2023

  22. [22]

    What your dram power models are not telling you: Lessons from a detailed experimental study,

    S. Ghose, A. G. Yaglikçi, R. Gupta, D. Lee, K. Kudrolli, W. X. Liu, H. Hassan, K. K. Chang, N. Chatterjee, A. Agrawal, M. O’Connor, and O. Mutlu, “What your dram power models are not telling you: Lessons from a detailed experimental study,”Proc. ACM Meas. Anal. Comput. Syst., vol. 2, no. 3, dec 2018. [Online]. Available: https://doi.org/10.1145/3224419

    work page doi:10.1145/3224419 2018

  23. [23]

    “Half-Double

    Google LLC, ““Half-Double”: Next-Row-Over Assisted Rowham- mer,” 2021. [Online]. Available: https://raw.githubusercontent.com/ google/hammer-kit/main/20210525_half_double.pdf

    work page arXiv 2021

  24. [24]

    Towards enhanced system efficiency while mitigating row hammer,

    K. Goswami, D. S. Banerjee, and S. Das, “Towards enhanced system efficiency while mitigating row hammer,”ACM Trans. Archit. Code Optim., vol. 18, no. 4, Jul. 2021. [Online]. Available: https://doi.org/10.1145/3458749

    work page doi:10.1145/3458749 2021

  25. [25]

    A case for amplifying row hammer attacks via cell-coupling in dram devices,

    K. Goswami, S. Das, S. Satapathy, and D. S. Banerjee, “A case for amplifying row hammer attacks via cell-coupling in dram devices,” inProceedings of the 2022 International Symposium on Memory Systems, ser. MEMSYS ’22. New York, NY , USA: Association for Computing Machinery, 2023. [Online]. Available: https://doi.org/10.1145/3565053.3565056

    work page doi:10.1145/3565053.3565056 2022

  26. [26]

    Another Flip in the Wall of Rowhammer Defenses

    D. Gruss, M. Lipp, M. Schwarz, D. Genkin, J. Juffinger, S. O’Connell, W. Schoechl, and Y . Yarom, “Another flip in the wall of rowhammer defenses,” 2018. [Online]. Available: https://arxiv.org/abs/1710.00551

    work page internal anchor Pith review Pith/arXiv arXiv 2018

  27. [27]

    Rowhammer. js: A re- mote software-induced fault attack in javascript,

    D. Gruss, C. Maurice, and S. Mangard, “Rowhammer. js: A re- mote software-induced fault attack in javascript,” inDetection of Intrusions and Malware, and Vulnerability Assessment: 13th Inter- national Conference, DIMVA 2016, San Sebastián, Spain, July 7-8, 2016, Proceedings 13. Springer, 2016, pp. 300–321

    2016

  28. [28]

    Simulating dram controllers for future system architecture explo- ration,

    A. Hansson, N. Agarwal, A. Kolli, T. Wenisch, and A. N. Udipi, “Simulating dram controllers for future system architecture explo- ration,” in2014 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), 2014, pp. 201–210

    2014

  29. [29]

    Crow: A low-cost substrate for improving dram performance, energy efficiency, and reliability,

    H. Hassan, M. Patel, J. S. Kim, A. G. Yaglikci, N. Vijaykumar, N. M. Ghiasi, S. Ghose, and O. Mutlu, “Crow: A low-cost substrate for improving dram performance, energy efficiency, and reliability,” inProceedings of the 46th international symposium on computer architecture, 2019, pp. 129–142

    2019

  30. [30]

    Uncovering in-dram rowhammer protection mechanisms: A new methodology, custom rowhammer patterns, and implications,

    H. Hassan, Y . C. Tugrul, J. S. Kim, V . van der Veen, K. Razavi, and O. Mutlu, “Uncovering in-dram rowhammer protection mechanisms: A new methodology, custom rowhammer patterns, and implications,”

  31. [31]

    Available: https://arxiv.org/abs/2110.10603 11

    [Online]. Available: https://arxiv.org/abs/2110.10603 11

    work page arXiv

  32. [32]

    Softmc: A flexible and practical open-source infrastructure for enabling experimental dram studies,

    H. Hassan, N. Vijaykumar, S. Khan, S. Ghose, K. Chang, G. Pekhi- menko, D. Lee, O. Ergin, and O. Mutlu, “Softmc: A flexible and practical open-source infrastructure for enabling experimental dram studies,” in2017 IEEE International Symposium on High Perfor- mance Computer Architecture (HPCA). IEEE, 2017, pp. 241–252

    2017

  33. [33]

    Gddrhammer: Greatly disturbing dram rows—cross- component rowhammer attacks from modern gpus,

    Y . Hu, N. Brown, Y . Chen, J. Bakita, T. Chen, D. Genkin, and A. Kwong, “Gddrhammer: Greatly disturbing dram rows—cross- component rowhammer attacks from modern gpus,” inProceedings of the 2026 IEEE Symposium on Security and Privacy (SP). San Francisco, CA, USA: IEEE, 2026

    2026

  34. [34]

    Datasheet for 1Gb (32Mx32) GDDR5 SGRAM H5GQ1H24AFR,

    Hynix Semiconductor, “Datasheet for 1Gb (32Mx32) GDDR5 SGRAM H5GQ1H24AFR,” Tech. Rep. H5GQ1H24AFR, 2009

    2009

  35. [35]

    Jacob, S

    B. Jacob, S. Ng, and D. Wang,Memory Systems: Cache, DRAM, Disk. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 2007

    2007

  36. [36]

    Sgx-bomb: Locking down the processor via rowhammer attack,

    Y . Jang, J. Lee, S. Lee, and T. Kim, “Sgx-bomb: Locking down the processor via rowhammer attack,” inProceedings of the 2nd Workshop on System Software for Trusted Execution, ser. SysTEX’17. New York, NY , USA: Association for Computing Machinery, 2017. [Online]. Available: https://doi.org/10.1145/ 3152701.3152709

    work page arXiv 2017

  37. [37]

    Blacksmith: Scalable rowhammering in the frequency domain,

    P. Jattke, V . Van Der Veen, P. Frigo, S. Gunter, and K. Razavi, “Blacksmith: Scalable rowhammering in the frequency domain,” in 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 716–734

    2022

  38. [38]

    BLACKSMITH: Rowhammering in the Frequency Domain,

    P. Jattke, V . van der Veen, P. Frigo, S. Gunter, and K. Razavi, “BLACKSMITH: Rowhammering in the Frequency Domain,” 2022- 05, https://github.com/comsec-group/blacksmith

    2022

  39. [39]

    ZenHammer: Rowhammer attacks on AMD zen-based platforms,

    P. Jattke, M. Wipfli, F. Solt, M. Marazzi, M. Bölcskei, and K. Razavi, “ZenHammer: Rowhammer attacks on AMD zen-based platforms,” in33rd USENIX Security Symposium (USENIX Security 24). Philadelphia, PA: USENIX Association, Aug. 2024, pp. 1615–1633. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity24/presentation/jattke

    2024

  40. [40]

    DDR5 SDRAM,

    JEDEC, “DDR5 SDRAM,” Tech. Rep. JESD79-5B, August 2022

    2022

  41. [41]

    Quantifying rowhammer vulnerability for dram security,

    Y . Jiang, H. Zhu, D. Sullivan, X. Guo, X. Zhang, and Y . Jin, “Quantifying rowhammer vulnerability for dram security,” in2021 58th ACM/IEEE Design Automation Conference (DAC), 2021, pp. 73–78

    2021

  42. [42]

    {SledgeHammer}: Amplifying rowham- mer via bank-level parallelism,

    I. Kang, W. Wang, J. Kim, S. van Schaik, Y . Tobah, D. Genkin, A. Kwong, and Y . Yarom, “{SledgeHammer}: Amplifying rowham- mer via bank-level parallelism,” in33rd USENIX Security Sympo- sium (USENIX Security 24), 2024, pp. 1597–1614

    2024

  43. [43]

    Analysis of row hammer attack on sttram,

    M. N. I. Khan and S. Ghosh, “Analysis of row hammer attack on sttram,” in2018 IEEE 36th International Conference on Computer Design (ICCD), 2018, pp. 75–82

    2018

  44. [44]

    Revisiting rowhammer: An experimental analy- sis of modern dram devices and mitigation techniques,

    J. S. Kim, M. Patel, A. G. Ya ˘glıkçı, H. Hassan, R. Azizi, L. Orosa, and O. Mutlu, “Revisiting rowhammer: An experimental analy- sis of modern dram devices and mitigation techniques,” in2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA). IEEE, 2020, pp. 638–651

    2020

  45. [45]

    Flipping bits in memory without accessing them: An experimental study of dram disturbance errors,

    Y . Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping bits in memory without accessing them: An experimental study of dram disturbance errors,” inPro- ceeding of the 41st Annual International Symposium on Computer Architecture. IEEE Press, 2014

    2014

  46. [46]

    Ramulator: A fast and extensible dram simulator,

    Y . Kim, W. Yang, and O. Mutlu, “Ramulator: A fast and extensible dram simulator,”IEEE Computer Architecture Letters, vol. 15, no. 1, pp. 45–49, 2016

    2016

  47. [47]

    Half-Double: Hammering from the next row over,

    A. Kogler, J. Juffinger, S. Qazi, Y . Kim, M. Lipp, N. Boichat, E. Shiu, M. Nissler, and D. Gruss, “Half-Double: Hammering from the next row over,” in31st USENIX Security Symposium (USENIX Security 22). Boston, MA: USENIX Association, Aug. 2022, pp. 3807–3824. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity22/presentation/kogler-half-double

    2022

  48. [48]

    TWiCe: Preventing Row-Hammering by Exploiting Time Window Counters,

    E. Lee, I. Kang, S. Lee, G. E. Suh, and J. H. Ahn, “TWiCe: Preventing Row-Hammering by Exploiting Time Window Counters,” inProceedings of the 46th International Symposium on Computer Architecture, ser. ISCA ’19. New York, NY , USA: Association for Computing Machinery, 2019, p. 385–396. [Online]. Available: https://doi.org/10.1145/3307650.3322232

    work page doi:10.1145/3307650.3322232 2019

  49. [49]

    Fphammer: A device identification framework based on dram fingerprinting,

    D. Li, D. Liu, Y . Ren, Z. Wang, Y . Sun, Z. Guan, Q. Wu, and J. Liu, “Fphammer: A device identification framework based on dram fingerprinting,” in2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2023, pp. 1031–1040

    2023

  50. [50]

    Dramsim3: A cycle-accurate, thermal-capable dram simulator,

    S. Li, Z. Yang, D. Reddy, A. Srivastava, and B. Jacob, “Dramsim3: A cycle-accurate, thermal-capable dram simulator,”IEEE Computer Architecture Letters, vol. 19, no. 2, pp. 106–109, 2020

    2020

  51. [51]

    GPUHammer: Rowhammer attacks on GPU memories are practical,

    C. S. Lin, J. Qu, and G. Saileshwar, “GPUHammer: Rowhammer attacks on GPU memories are practical,” in 34th USENIX Security Symposium (USENIX Security 25). Seattle, W A: USENIX Association, Aug. 2025, pp. 5719–

    2025

  52. [52]

    Available: https://www.usenix.org/conference/ usenixsecurity25/presentation/lin-shaopeng

    [Online]. Available: https://www.usenix.org/conference/ usenixsecurity25/presentation/lin-shaopeng

  53. [53]

    Moesi-prime: Preventing coherence-induced hammering in commodity workloads,

    K. Loughlin, S. Saroiu, A. Wolman, Y . A. Manerkar, and B. Kasikci, “Moesi-prime: Preventing coherence-induced hammering in commodity workloads,” inProceedings of the 49th Annual International Symposium on Computer Architecture, ser. ISCA ’22. New York, NY , USA: Association for Computing Machinery, 2022, p. 670–684. [Online]. Available: https://doi.org/1...

    work page doi:10.1145/3470496.3527427 2022

  54. [54]

    Visualizing spectre with gem5,

    J. Lowe-Power, “Visualizing spectre with gem5,” June

  55. [55]

    Available: http://www.lowepower.com/jason/ visualizing-spectre-with-gem5.html

    [Online]. Available: http://www.lowepower.com/jason/ visualizing-spectre-with-gem5.html

  56. [56]

    The gem5 simulator: Version 20.0+,

    J. Lowe-Power, A. M. Ahmad, A. Akram, M. Alian, R. Amslinger, M. Andreozzi, A. Armejach, N. Asmussen, B. Beckmann, S. Bharadwaj, G. Black, G. Bloom, B. R. Bruce, D. R. Carvalho, J. Castrillon, L. Chen, N. Derumigny, S. Diestelhorst, W. Elsasser, C. Escuin, M. Fariborz, A. Farmahini-Farahani, P. Fotouhi, R. Gambord, J. Gandhi, D. Gope, T. Grass, A. Gutierr...

    work page arXiv 2020

  57. [57]

    Rowpress: Amplifying read disturbance in modern dram chips,

    H. Luo, A. Olgun, A. G. Ya ˘glıkçı, Y . C. Tu˘grul, S. Rhyner, M. B. Cavlak, J. Lindegger, M. Sadrosadati, and O. Mutlu, “Rowpress: Amplifying read disturbance in modern dram chips,” inProceedings of the 50th Annual International Symposium on Computer Architec- ture, 2023, pp. 1–18

    2023

  58. [58]

    Starnuma: Mitigating numa challenges with memory pooling,

    E. Manzhosov and S. Sethumadhavan, “Polymorphic error correction,” inProceedings of the 2024 57th IEEE/ACM International Symposium on Microarchitecture, ser. MICRO ’24. IEEE Press, 2024, p. 246–262. [Online]. Available: https://doi.org/10.1109/MICRO61859.2024.00027

    work page doi:10.1109/micro61859.2024.00027 2024

  59. [59]

    Risc-h: Rowhammer attacks on risc- v,

    M. Marazzi and K. Razavi, “Risc-h: Rowhammer attacks on risc- v,” in4th Workshop on DRAM Security (DRAMSec) co-located with ISCA 2024. ETH Zurich, 2024

    2024

  60. [60]

    Phoenix: Rowhammer attacks on ddr5 with self- correcting synchronization,

    D. Meyer, P. Jattke, M. Marazzi, S. Qazi, D. Moghimi, and K. Razavi, “Phoenix: Rowhammer attacks on ddr5 with self- correcting synchronization,” 2026

    2026

  61. [61]

    TN-46-12: Mobile DRAM Power-Saving Fea- tures and Power Calculations,

    Micron Technology, “TN-46-12: Mobile DRAM Power-Saving Fea- tures and Power Calculations,” Tech. Rep. TN46_12, 2005

    2005

  62. [62]

    DDR2 SDRAM ,

    ——, “DDR2 SDRAM ,” Tech. Rep. MT47H512M4,MT47H256M8,MT47H128M16, 2006. 12

    2006

  63. [63]

    TN-41-01: Calculating Memory System Power for DDR3,

    ——, “TN-41-01: Calculating Memory System Power for DDR3,” Tech. Rep. TN41_01DDR3, January 2007

    2007

  64. [64]

    1.35V DDR3L SDRAM SODIMM,

    ——, “1.35V DDR3L SDRAM SODIMM,” Tech. Rep. MT16KTF51264HZ, MT16KTF1G64HZ, 2011

    2011

  65. [65]

    DDR4 SDRAM,

    Micron Technology,, “DDR4 SDRAM,” Tech. Rep. MT40A2G4, MT40A1G8, MT40A512M16, 2015

    2015

  66. [66]

    TN-ED-03: GDDR6: The Next-Generation Graphics DRAM ,

    Micron Technology, “TN-ED-03: GDDR6: The Next-Generation Graphics DRAM ,” Tech. Rep. TN-ED-03: GDDR6, 2017

    2017

  67. [67]

    Rowhammer: A retrospective,

    O. Mutlu and J. S. Kim, “Rowhammer: A retrospective,”Trans. Comp.-Aided Des. Integ. Cir. Sys., vol. 39, no. 8, p. 1555–1571, aug 2020. [Online]. Available: https://doi.org/10.1109/TCAD.2019. 2915318

    work page doi:10.1109/tcad.2019 2020

  68. [68]

    Jensen-Shannon Divergence,

    Notes on AI, “Jensen-Shannon Divergence,” https://notesonai.com/ Jensen%E2%80%93Shannon+Divergence

  69. [69]

    DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the- art DRAM Chips,

    A. Olgun, H. Hassan, A. G. Yaglikci, Y . C. Tugrul, L. Orosa, H. Luo, M. Patel, O. Ergin, and O. Mutlu, “DRAM Bender: An Extensible and Versatile FPGA-based Infrastructure to Easily Test State-of-the- art DRAM Chips,”IEEE TCAD, 2023

    2023

  70. [70]

    Abacus: All-bank activation counters for scalable and low overhead rowhammer mit- igation,

    A. Olgun, Y . C. Tugrul, N. Bostanci, I. E. Yuksel, H. Luo, S. Rhyner, A. G. Yaglikci, G. F. Oliveira, and O. Mutlu, “Abacus: All-bank activation counters for scalable and low overhead rowhammer mit- igation,” 2023

    2023

  71. [71]

    Spyhammer: Using rowhammer to remotely spy on temperature,

    L. Orosa, U. Rührmair, A. G. Yaglikci, H. Luo, A. Olgun, P. Jat- tke, M. Patel, J. Kim, K. Razavi, and O. Mutlu, “Spyhammer: Using rowhammer to remotely spy on temperature,”arXiv preprint arXiv:2210.04084, 2022

    work page arXiv 2022

  72. [72]

    A deeper look into rowhammer’s sensitivities: Experimental analysis of real dram chips and implications on future attacks and defenses,

    L. Orosa, A. G. Yaglikci, H. Luo, A. Olgun, J. Park, H. Hassan, M. Patel, J. S. Kim, and O. Mutlu, “A deeper look into rowhammer’s sensitivities: Experimental analysis of real dram chips and implications on future attacks and defenses,” in MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture, ser. MICRO ’21. New York, NY , USA: Asso...

    work page doi:10.1145/3466752.3480069 2021

  73. [73]

    Statistical distributions of row- hammering induced failures in ddr3 components,

    K. Park, D. Yun, and S. Baeg, “Statistical distributions of row- hammering induced failures in ddr3 components,”Microelectronics Reliability, vol. 67, pp. 143–149, 2016. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0026271416304000

    2016

  74. [74]

    Graphene: Strong yet lightweight row hammer protection,

    Y . Park, W. Kwon, E. Lee, T. J. Ham, J. Ho Ahn, and J. W. Lee, “Graphene: Strong yet lightweight row hammer protection,” in2020 53rd Annual IEEE/ACM International Symposium on Microarchitec- ture (MICRO), 2020, pp. 1–13

    2020

  75. [75]

    D. A. Patterson and J. L. Hennessy,Computer Architecture: A Quan- titative Approach. San Francisco, CA, USA: Morgan Kaufmann Publishers Inc., 1990

    1990

  76. [76]

    DRAMA: Exploiting DRAM addressing for Cross-CPU attacks,

    P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard, “DRAMA: Exploiting DRAM addressing for Cross-CPU attacks,” in25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, Aug. 2016, pp. 565–581. [Online]. Available: https://www.usenix.org/conference/ usenixsecurity16/technical-sessions/presentation/pessl

    2016

  77. [77]

    Opengl gpu-based rowham- mer attack (work in progress),

    A. Plin, F. Fauberteau, and N. Nguyen, “Opengl gpu-based rowham- mer attack (work in progress),” inEuropean Symposium on Research in Computer Security. Springer, 2025, pp. 347–358

    2025

  78. [78]

    Nvmain: An architectural-level main memory simulator for emerging non-volatile memories,

    M. Poremba and Y . Xie, “Nvmain: An architectural-level main memory simulator for emerging non-volatile memories,” in2012 IEEE Computer Society Annual Symposium on VLSI, 2012, pp. 392– 397

    2012

  79. [79]

    gem5-gpu: A heterogeneous cpu-gpu simulator,

    J. Power, J. Hestness, M. S. Orr, M. D. Hill, and D. A. Wood, “gem5-gpu: A heterogeneous cpu-gpu simulator,”IEEE Computer Architecture Letters, vol. 14, no. 1, pp. 34–36, 2014

    2014

  80. [80]

    Rethinking ecc in the era of row-hammer,

    M. Qureshi, “Rethinking ecc in the era of row-hammer,”DRAMSec, 2021

    2021

Showing first 80 references.