{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,11]],"date-time":"2026-02-11T13:50:36Z","timestamp":1770817836742,"version":"3.50.1"},"reference-count":61,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T00:00:00Z","timestamp":1693526400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T00:00:00Z","timestamp":1693526400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T00:00:00Z","timestamp":1693526400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2020YFB1805402"],"award-info":[{"award-number":["2020YFB1805402"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002167"],"award-info":[{"award-number":["62002167"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62072239"],"award-info":[{"award-number":["62072239"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61802397"],"award-info":[{"award-number":["61802397"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Natural Science Foundation of JiangSu Province","award":["BK20200461"],"award-info":[{"award-number":["BK20200461"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2023,9,1]]},"DOI":"10.1109\/tdsc.2022.3214666","type":"journal-article","created":{"date-parts":[[2022,10,14]],"date-time":"2022-10-14T20:16:22Z","timestamp":1665778582000},"page":"3716-3733","source":"Crossref","is-referenced-by-count":15,"title":["<i>Implicit Hammer<\/i>: Cross-Privilege-Boundary Rowhammer Through Implicit Accesses"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3604-5369","authenticated-orcid":false,"given":"Zhi","family":"Zhang","sequence":"first","affiliation":[{"name":"Data61, CSIRO, Sydney, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9434-5218","authenticated-orcid":false,"given":"Wei","family":"He","sequence":"additional","affiliation":[{"name":"SKLOIS, Institute of Information Engineering, CAS, Beijing, China"}]},{"given":"Yueqiang","family":"Cheng","sequence":"additional","affiliation":[{"name":"NIO, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7294-2724","authenticated-orcid":false,"given":"Wenhao","family":"Wang","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5783-2172","authenticated-orcid":false,"given":"Yansong","family":"Gao","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, NanJing University of Science and Technology, Nanjing, China"}]},{"given":"Dongxi","family":"Liu","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Sydney, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3985-6116","authenticated-orcid":false,"given":"Kang","family":"Li","sequence":"additional","affiliation":[{"name":"Baidu Security, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3289-6599","authenticated-orcid":false,"given":"Surya","family":"Nepal","sequence":"additional","affiliation":[{"name":"Data61, CSIRO, Sydney, NSW, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1632-5737","authenticated-orcid":false,"given":"Anmin","family":"Fu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, NanJing University of Science and Technology, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4382-4670","authenticated-orcid":false,"given":"Yi","family":"Zou","sequence":"additional","affiliation":[{"name":"School of Microelectronics, South China University of Technology, Guangzhou, China"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665726"},{"key":"ref2","article-title":"Exploiting the DRAM rowhammer bug to gain kernel privileges","volume":"15","author":"Seaborn","year":"2015","journal-title":"Black Hat"},{"key":"ref3","first-page":"19","article-title":"One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation","volume-title":"Proc. USENIX Secur. Symp.","author":"Xiao"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_15"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.63"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2019.2946816"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00022"},{"key":"ref8","first-page":"213","article-title":"Throwhammer: Rowhammer attacks over the network and defenses","volume-title":"Proc. USENIX Annu. Tech. Conf.","author":"Tatar"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00031"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978406"},{"key":"ref11","first-page":"1","article-title":"Flip Feng Shui: Hammering a needle in the software stack","volume-title":"Proc. USENIX Secur. Symp.","author":"Razavi"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53140-2_29"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00020"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329827"},{"key":"ref15","first-page":"117","article-title":"CAnt Touch This: Software-only mitigation against rowhammer attacks targeting kernel memory","volume-title":"Proc. USENIX Secur. Symp.","author":"Brasser"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304039"},{"key":"ref17","article-title":"DDR4 SDRAM Datasheet","year":"2015"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3061639.3062281"},{"key":"ref19","first-page":"385","article-title":"TWiCe: Preventing row-hammering by exploiting time window counters","volume-title":"Proc. Int. Symp. Comput. Architecture","author":"Lee"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/54289.871709"},{"key":"ref21","first-page":"973","article-title":"Meltdown: Reading kernel memory from user space","volume-title":"Proc. USENIX Secur. Symp.","author":"Lipp"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO50266.2020.00016"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/1816038.1815970"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"ref25","first-page":"955","article-title":"Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Gras"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00090"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833772"},{"key":"ref28","first-page":"3807","article-title":"{Half-Double}: Hammering from the next row over","volume-title":"Proc. USENIX Secur. Symp.","author":"Kogler","year":"2022"},{"key":"ref29","article-title":"Low power double data rate 4 (LPDDR4)","year":"2015"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00089"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00085"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2016.7495576"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872390"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23294"},{"key":"ref35","first-page":"937","article-title":"Malicious management unit: Why stopping cache attacks in software is harder than you think","volume-title":"Proc. USENIX Secur. Symp.","author":"van Schaik"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00102"},{"key":"ref37","first-page":"565","article-title":"DRAMA: Exploiting DRAM addressing for cross-CPU attacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Pessl"},{"key":"ref38","first-page":"697","article-title":"ZebRAM: Comprehensive and compatible software protection against rowhammer attacks","volume-title":"Proc. Operating Syst. Des. Implementation","author":"Konoth"},{"key":"ref39","article-title":"Intel 64 and IA-32 architectures optimization reference manual","year":"2014"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_3"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/DSD.2015.56"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93387-0_5"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813708"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00042"},{"key":"ref46","first-page":"427","article-title":"Dynamically finding minimal eviction sets can be quicker than you think for {Side-Channel} attacks against the {LLC}","volume-title":"Proc. Symp. Res. Attacks Intrusions Defenses","author":"Song","year":"2019"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218599"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2021.3124728"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833802"},{"key":"ref50","first-page":"399","article-title":"SoftTRR: Protect page tables against rowhammer attacks using software-only target row refresh","author":"Zhang","year":"2022","journal-title":"USENIX Annu. Tech. Conf."},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00059"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"ref53","article-title":"Speculative buffer overflows: Attacks and defenses","author":"Kiriansky","year":"2018"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2014.2332177"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1109\/LCA.2016.2614497"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA.2018.00057"},{"key":"ref57","article-title":"Defending against rowhammer in the kernel","author":"Corbet","year":"2016"},{"key":"ref58","article-title":"Leveraging EM side-channel information to detect rowhammer attacks","author":"Zhang","year":"2019"},{"key":"ref59","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361385"},{"key":"ref61","first-page":"346","article-title":"Secure TLBs","volume-title":"Proc. Int. Symp. Comput. Architecture","author":"Deng"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10236919\/09919335.pdf?arnumber=9919335","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,22]],"date-time":"2024-01-22T22:56:42Z","timestamp":1705964202000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9919335\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,1]]},"references-count":61,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2022.3214666","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,1]]}}}