{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:46:35Z","timestamp":1773193595188,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,10,24]],"date-time":"2016-10-24T00:00:00Z","timestamp":1477267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,10,24]]},"DOI":"10.1145\/2976749.2978406","type":"proceedings-article","created":{"date-parts":[[2016,10,25]],"date-time":"2016-10-25T12:46:35Z","timestamp":1477399595000},"page":"1675-1689","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":210,"title":["Drammer"],"prefix":"10.1145","author":[{"given":"Victor","family":"van der Veen","sequence":"first","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"given":"Yanick","family":"Fratantonio","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, CA, USA"}]},{"given":"Martina","family":"Lindorfer","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, CA, USA"}]},{"given":"Daniel","family":"Gruss","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Vienna, Austria"}]},{"given":"Clementine","family":"Maurice","sequence":"additional","affiliation":[{"name":"Graz University of Technology, Vienna, Austria"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"UC Santa Barbara, Santa Barbara, CA, USA"}]},{"given":"Herbert","family":"Bos","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"given":"Kaveh","family":"Razavi","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"given":"Cristiano","family":"Giuffrida","sequence":"additional","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]}],"member":"320","published-online":{"date-parts":[[2016,10,24]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Low RAM Con guration. https:\/\/source.android.com\/devices\/tech\/con g\/low-ram.html.  Low RAM Con guration. https:\/\/source.android.com\/devices\/tech\/con g\/low-ram.html."},{"key":"e_1_3_2_1_2_1","unstructured":"Transparent Hugepage Support. https:\/\/www.kernel.org\/doc\/Documentation\/vm\/transhuge.txt.  Transparent Hugepage Support. https:\/\/www.kernel.org\/doc\/Documentation\/vm\/transhuge.txt."},{"key":"e_1_3_2_1_3_1","volume-title":"Embedded Linux Conference (ELC)","author":"Abbott L.","year":"2016","unstructured":"L. Abbott . Lessons from Ion . Embedded Linux Conference (ELC) , April 2016 . L. Abbott. Lessons from Ion. Embedded Linux Conference (ELC), April 2016."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPEC.2015.7322462"},{"key":"e_1_3_2_1_5_1","volume-title":"June","author":"Apple Inc.","year":"2015","unstructured":"Apple Inc. Mac EFI Security Update 2015-001. https:\/\/support.apple.com\/en-us\/HT204934 , June 2015 . Apple Inc. Mac EFI Security Update 2015-001. https:\/\/support.apple.com\/en-us\/HT204934, June 2015."},{"key":"e_1_3_2_1_6_1","unstructured":"A. Arcangeli. Transparent Hugepage Support. http:\/\/www.linux-kvm.org\/images\/9\/9e\/2010-forum-thp.pdf August 2010.  A. Arcangeli. Transparent Hugepage Support. http:\/\/www.linux-kvm.org\/images\/9\/9e\/2010-forum-thp.pdf August 2010."},{"key":"e_1_3_2_1_7_1","volume-title":"ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition","author":"Limited ARM","year":"2012","unstructured":"ARM Limited . ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition , 2012 . ARM Limited. ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition, 2012."},{"key":"e_1_3_2_1_8_1","volume-title":"ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile","author":"Limited ARM","year":"2013","unstructured":"ARM Limited . ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile , 2013 . ARM Limited. ARM Architecture Reference Manual. ARMv8, for ARMv8-A architecture profile, 2013."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872390"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2015.2417540"},{"key":"e_1_3_2_1_11_1","volume-title":"Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P)","author":"Bosman E.","year":"2016","unstructured":"E. Bosman , K. Razavi , H. Bos , and C. Giu rida. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector . In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P) , 2016 . E. Bosman, K. Razavi, H. Bos, and C. Giu rida. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P), 2016."},{"key":"e_1_3_2_1_12_1","unstructured":"L. Campbell. Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332. http:\/\/googleprojectzero.blogspot.com\/2015\/01\/exploiting-nvmap-to-escape-chrome.html January 2015.  L. Campbell. Exploiting NVMAP to escape the Chrome sandbox - CVE-2014-5332. http:\/\/googleprojectzero.blogspot.com\/2015\/01\/exploiting-nvmap-to-escape-chrome.html January 2015."},{"key":"e_1_3_2_1_13_1","volume-title":"Null Singapore","author":"Flake H.","year":"2016","unstructured":"H. Flake . Three Things that Rowhammer Taught Me . Null Singapore , March 2016 . H. Flake. Three Things that Rowhammer Taught Me. Null Singapore, March 2016."},{"key":"e_1_3_2_1_14_1","unstructured":"M. Ghasempour M. Lujan and J. Garside. ARMOR: A Run-Time Memory Hot-Row Detector. http:\/\/apt.cs.manchester.ac.uk\/projects\/ARMOR\/RowHammer 2015.  M. Ghasempour M. Lujan and J. Garside. ARMOR: A Run-Time Memory Hot-Row Detector. http:\/\/apt.cs.manchester.ac.uk\/projects\/ARMOR\/RowHammer 2015."},{"key":"e_1_3_2_1_15_1","volume-title":"Understanding the Linux Virtual Memory Manager","author":"Gorman M.","year":"2007","unstructured":"M. Gorman . Understanding the Linux Virtual Memory Manager . Prentice Hall PTR , 2007 . M. Gorman. Understanding the Linux Virtual Memory Manager. Prentice Hall PTR, 2007."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_15"},{"key":"e_1_3_2_1_17_1","volume-title":"Black Hat USA (BH-US)","author":"Herath N.","year":"2015","unstructured":"N. Herath and A. Fogh . These are Not Your Grand Daddy's CPU Performance Counters - CPU Hardware Performance Counters for Security . In Black Hat USA (BH-US) , 2015 . N. Herath and A. Fogh. These are Not Your Grand Daddy's CPU Performance Counters - CPU Hardware Performance Counters for Security. In Black Hat USA (BH-US), 2015."},{"key":"e_1_3_2_1_18_1","volume-title":"Moonshot Component Pack Version","author":"Packard Hewlett","year":"2015","unstructured":"Hewlett Packard . Moonshot Component Pack Version 2015 .05.0 Release Notes . http:\/\/h10032.www1.hp.com\/ctg\/Manual\/c04676483, May 2015. Hewlett Packard. Moonshot Component Pack Version 2015.05.0 Release Notes. http:\/\/h10032.www1.hp.com\/ctg\/Manual\/c04676483, May 2015."},{"key":"e_1_3_2_1_19_1","volume-title":"DDR3 SDRAM Speci cation. JESD79-3F","author":"JEDEC Solid State Technology Association","year":"2012","unstructured":"JEDEC Solid State Technology Association . DDR3 SDRAM Speci cation. JESD79-3F , 2012 . JEDEC Solid State Technology Association. DDR3 SDRAM Speci cation. JESD79-3F, 2012."},{"key":"e_1_3_2_1_20_1","volume-title":"Low Power Double Data 4 (LPDDR4). JESD209-4A","author":"JEDEC Solid State Technology Association","year":"2015","unstructured":"JEDEC Solid State Technology Association . Low Power Double Data 4 (LPDDR4). JESD209-4A , 2015 . JEDEC Solid State Technology Association. Low Power Double Data 4 (LPDDR4). JESD209-4A, 2015."},{"key":"e_1_3_2_1_21_1","unstructured":"Je Vander Stoep. Protecting Android with more Linux kernel defenses. http:\/\/android-developers.blogspot.com\/2016\/07\/protecting-android-with-more-linux.html July 2016.  Je Vander Stoep. Protecting Android with more Linux kernel defenses. http:\/\/android-developers.blogspot.com\/2016\/07\/protecting-android-with-more-linux.html July 2016."},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Kemerlis V. P.","year":"2014","unstructured":"V. P. Kemerlis , M. Polychronakis , and A. D. Keromytis . ret2dir: Rethinking Kernel Isolation . In Proceedings of the 23rd USENIX Security Symposium , 2014 . V. P. Kemerlis, M. Polychronakis, and A. D. Keromytis. ret2dir: Rethinking Kernel Isolation. In Proceedings of the 23rd USENIX Security Symposium, 2014."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/2665671.2665726"},{"key":"e_1_3_2_1_24_1","volume-title":"June","author":"Lameter C.","year":"2006","unstructured":"C. Lameter . Light weight event counters V4. https:\/\/lwn.net\/Articles\/188327 , June 2006 . C. Lameter. Light weight event counters V4. https:\/\/lwn.net\/Articles\/188327, June 2006."},{"key":"e_1_3_2_1_25_1","unstructured":"M. Lanteigne. A Tale of Two Hammers: A Brief Rowhammer Analysis of AMD vs. Intel. http:\/\/www.thirdio.com\/rowhammera1.pdf May 2016.  M. Lanteigne. A Tale of Two Hammers: A Brief Rowhammer Analysis of AMD vs. Intel. http:\/\/www.thirdio.com\/rowhammera1.pdf May 2016."},{"key":"e_1_3_2_1_26_1","unstructured":"M. Lanteigne. How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware. http:\/\/www.thirdio.com\/rowhammer.pdf March 2016.  M. Lanteigne. How Rowhammer Could Be Used to Exploit Weaknesses in Computer Hardware. http:\/\/www.thirdio.com\/rowhammer.pdf March 2016."},{"key":"e_1_3_2_1_27_1","volume-title":"March","year":"2015","unstructured":"Lenovo. Row Hammer Privilege Escalation. https:\/\/support.lenovo.com\/us\/en\/productsecurity\/rowhammer , March 2015 . Lenovo. Row Hammer Privilege Escalation. https:\/\/support.lenovo.com\/us\/en\/productsecurity\/rowhammer, March 2015."},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Lipp M.","year":"2016","unstructured":"M. Lipp , D. Gruss , R. Spreitzer , and S. Mangard . ARMageddon: Cache Attacks on Mobile Devices . In Proceedings of the 25th USENIX Security Symposium , 2016 . M. Lipp, D. Gruss, R. Spreitzer, and S. Mangard. ARMageddon: Cache Attacks on Mobile Devices. In Proceedings of the 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950391"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Pessl P.","year":"2016","unstructured":"P. Pessl , D. Gruss , C. Maurice , M. Schwarz , and S. Mangard . DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks . In Proceedings of the 25th USENIX Security Symposium , 2016 . P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In Proceedings of the 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/HST.2016.7495576"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Razavi K.","year":"2016","unstructured":"K. Razavi , B. Gras , E. Bosman , B. Preneel , C. Giufirida , and H. Bos . Flip Feng Shui: Hammering a Needle in the Software Stack . In Proceedings of the 25th USENIX Security Symposium , 2016 . K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giufirida, and H. Bos. Flip Feng Shui: Hammering a Needle in the Software Stack. In Proceedings of the 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_33_1","volume-title":"September","author":"Hat Red","year":"2015","unstructured":"Red Hat . How to use, monitor, and disable transparent hugepages in Red Hat Enterprise Linux 6? https:\/\/access.redhat.com\/solutions\/46111 , September 2015 . Red Hat. How to use, monitor, and disable transparent hugepages in Red Hat Enterprise Linux 6? https:\/\/access.redhat.com\/solutions\/46111, September 2015."},{"key":"e_1_3_2_1_34_1","unstructured":"M. Salyzyn. AOSP Commit 0549ddb9: \"UPSTREAM: pagemap: do not leak physical addresses to non-privileged userspace\". http:\/\/goo.gl\/Qye2MN November 2015.  M. Salyzyn. AOSP Commit 0549ddb9: \"UPSTREAM: pagemap: do not leak physical addresses to non-privileged userspace\". http:\/\/goo.gl\/Qye2MN November 2015."},{"key":"e_1_3_2_1_35_1","volume-title":"Black Hat USA (BH-US)","author":"Seaborn M.","year":"2015","unstructured":"M. Seaborn and T. Dullien . Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges . In Black Hat USA (BH-US) , 2015 . M. Seaborn and T. Dullien. Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges. In Black Hat USA (BH-US), 2015."},{"key":"e_1_3_2_1_36_1","unstructured":"M. Seaborn and T. Dullien. Exploiting the DRAM rowhammer bug to gain kernel privileges. http:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html March 2015.  M. Seaborn and T. Dullien. Exploiting the DRAM rowhammer bug to gain kernel privileges. http:\/\/googleprojectzero.blogspot.com\/2015\/03\/exploiting-dram-rowhammer-bug-to-gain.html March 2015."},{"key":"e_1_3_2_1_37_1","unstructured":"S. Semwal. DMA Buffer Sharing API Guide. https:\/\/www.kernel.org\/doc\/Documentation\/dma-buf-sharing.txt.  S. Semwal. DMA Buffer Sharing API Guide. https:\/\/www.kernel.org\/doc\/Documentation\/dma-buf-sharing.txt."},{"key":"e_1_3_2_1_38_1","volume-title":"October","author":"Semwal S.","year":"2014","unstructured":"S. Semwal . dma-buf Constraints-Enabled Allocation helpers. https:\/\/lwn.net\/Articles\/615892\/ , October 2014 . S. Semwal. dma-buf Constraints-Enabled Allocation helpers. https:\/\/lwn.net\/Articles\/615892\/, October 2014."},{"key":"e_1_3_2_1_39_1","volume-title":"Linux Plumbers Conference","author":"Semwal S.","year":"2015","unstructured":"S. Semwal . Upstreaming ION Features: Issues that remain . Linux Plumbers Conference , August 2015 . S. Semwal. Upstreaming ION Features: Issues that remain. Linux Plumbers Conference, August 2015."},{"key":"e_1_3_2_1_40_1","unstructured":"K. A. Shutemov. Linux commit ab676b7d: \"pagemap: do not leak physical addresses to non-privileged userspace\". http:\/\/goo.gl\/Zvd0qf March 2015.  K. A. Shutemov. Linux commit ab676b7d: \"pagemap: do not leak physical addresses to non-privileged userspace\". http:\/\/goo.gl\/Zvd0qf March 2015."},{"key":"e_1_3_2_1_41_1","unstructured":"K. A. Shutemov. THP-enabled tmpfs\/shmem using compound pages. http:\/\/lwn.net\/Articles\/687352 May 2016.  K. A. Shutemov. THP-enabled tmpfs\/shmem using compound pages. http:\/\/lwn.net\/Articles\/687352 May 2016."},{"key":"e_1_3_2_1_42_1","volume-title":"September","author":"Stultz J.","year":"2013","unstructured":"J. Stultz . Integrating the ION memory allocator. https:\/\/lwn.net\/Articles\/565469\/ , September 2013 . J. Stultz. Integrating the ION memory allocator. https:\/\/lwn.net\/Articles\/565469\/, September 2013."},{"key":"e_1_3_2_1_43_1","volume-title":"October","author":"Stultz J.","year":"2013","unstructured":"J. Stultz . Summary of the Android Graphics microconference. https:\/\/lwn.net\/Articles\/569704\/ , October 2013 . J. Stultz. Summary of the Android Graphics microconference. https:\/\/lwn.net\/Articles\/569704\/, October 2013."},{"key":"e_1_3_2_1_44_1","unstructured":"Unity. Mobile (Android) Hardware Stats. http:\/\/hwstats.unity3d.com\/mobile\/cpu-android.html June 2016.  Unity. Mobile (Android) Hardware Stats. http:\/\/hwstats.unity3d.com\/mobile\/cpu-android.html June 2016."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2006.1598122"},{"key":"e_1_3_2_1_46_1","volume-title":"October","year":"2014","unstructured":"VMware. Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing. https:\/\/kb.vmware.com\/kb\/2080735 , October 2014 . VMware. Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing. https:\/\/kb.vmware.com\/kb\/2080735, October 2014."},{"key":"e_1_3_2_1_47_1","volume-title":"One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In Proceedings of the 25th USENIX Security Symposium","author":"Xiao Y.","year":"2016","unstructured":"Y. Xiao , X. Zhang , Y. Zhang , and M.-R. Teodorescu . One Bit Flips , One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In Proceedings of the 25th USENIX Security Symposium , 2016 . Y. Xiao, X. Zhang, Y. Zhang, and M.-R. Teodorescu. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In Proceedings of the 25th USENIX Security Symposium, 2016."},{"key":"e_1_3_2_1_48_1","volume-title":"Proceedings of the 9th USENIX Workshop on O ensive Technologies (WOOT)","author":"Xu W.","year":"2015","unstructured":"W. Xu and Y. Fu . Own Your Android! Yet Another Universal Root . In Proceedings of the 9th USENIX Workshop on O ensive Technologies (WOOT) , 2015 . W. Xu and Y. Fu. Own Your Android! Yet Another Universal Root. In Proceedings of the 9th USENIX Workshop on O ensive Technologies (WOOT), 2015."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813637"},{"key":"e_1_3_2_1_50_1","volume-title":"February","author":"Zeng T. M.","year":"2012","unstructured":"T. M. Zeng . The Android ION memory allocator. https:\/\/lwn.net\/Articles\/480055 , February 2012 . T. M. Zeng. The Android ION memory allocator. https:\/\/lwn.net\/Articles\/480055, February 2012."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978320"}],"event":{"name":"CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security","location":"Vienna Austria","acronym":"CCS'16","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978406","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2976749.2978406","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:40:15Z","timestamp":1750218015000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2976749.2978406"}},"subtitle":["Deterministic Rowhammer Attacks on Mobile Platforms"],"short-title":[],"issued":{"date-parts":[[2016,10,24]]},"references-count":51,"alternative-id":["10.1145\/2976749.2978406","10.1145\/2976749"],"URL":"https:\/\/doi.org\/10.1145\/2976749.2978406","relation":{},"subject":[],"published":{"date-parts":[[2016,10,24]]},"assertion":[{"value":"2016-10-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}