{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:13:39Z","timestamp":1756383219646,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":52,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2026913"],"award-info":[{"award-number":["CNS-2026913"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7]]},"DOI":"10.1145\/3634737.3637638","type":"proceedings-article","created":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T11:51:38Z","timestamp":1719575498000},"page":"467-482","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Mayhem: Targeted Corruption of Register and Stack Variables"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-1217-9649","authenticated-orcid":false,"given":"Andrew","family":"Adiletta","sequence":"first","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4512-9145","authenticated-orcid":false,"given":"M. Caner","family":"Tol","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, United States of America"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6755-6239","authenticated-orcid":false,"given":"Yark\u0131n","family":"Dor\u00f6z","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5404-5368","authenticated-orcid":false,"given":"Berk","family":"Sunar","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872362.2872390"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/s001450010016","article-title":"On the importance of eliminating errors in cryptographic computations","volume":"14","author":"Boneh Dan","year":"2015","unstructured":"Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. On the importance of eliminating errors in cryptographic computations. Journal of Cryptology, 14:101--119, 2015.","journal-title":"Journal of Cryptology"},{"key":"e_1_3_2_1_3_1","first-page":"117","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. CAn't touch this: Software-only mitigation against rowhammer attacks targeting kernel memory. In 26th USENIX Security Symposium (USENIX Security 17), pages 117--130, Vancouver, BC, August 2017. USENIX Association."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2017.61"},{"key":"e_1_3_2_1_5_1","first-page":"769","volume-title":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. Fallout: Leaking data on meltdown-resistant cpus. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS '19, page 769--784, New York, NY, USA, 2019. Association for Computing Machinery."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2016.09.014"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00085"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00089"},{"key":"e_1_3_2_1_9_1","volume-title":"October","author":"Corbet Jonathan","year":"2016","unstructured":"Jonathan Corbet. Defending against Rowhammer in the kernel, October 2016. https:\/\/lwn.net\/Articles\/704920\/."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23262"},{"key":"e_1_3_2_1_11_1","first-page":"1001","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"de Ridder Finn","year":"2021","unstructured":"Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. SMASH: Synchronized many-sided rowhammer attacks from JavaScript. In 30th USENIX Security Symposium (USENIX Security 21), pages 1001--1018. USENIX Association, August 2021."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00090"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23271"},{"key":"e_1_3_2_1_14_1","volume-title":"getchar(3p) --- Linux manual page. man7.org","author":"IEEE\/The Open Group","year":"2017","unstructured":"IEEE\/The Open Group. getchar(3p) --- Linux manual page. man7.org, 2017. POSIX Programmer's Manual."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00031"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_15"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_1_18_1","volume-title":"CACM","author":"Halderman J. Alex","year":"2008","unstructured":"J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten. Lest we remember: cold-boot attacks on encryption keys. In CACM, 2008."},{"key":"e_1_3_2_1_19_1","volume-title":"Black Hat Briefings","author":"Herath Nishad","year":"2015","unstructured":"Nishad Herath and Anders Fogh. These are not your grand Daddys cpu performance counters-cpu hardware performance counters for security. Black Hat Briefings, 2015."},{"key":"e_1_3_2_1_20_1","volume-title":"MASCAT: Stopping microarchitectural attacks before execution. IACR Cryptol. ePrint Arch","author":"Irazoqui Gorka","year":"2016","unstructured":"Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. MASCAT: Stopping microarchitectural attacks before execution. IACR Cryptol. ePrint Arch., 2016:1196, 2016."},{"key":"e_1_3_2_1_21_1","first-page":"621","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Islam Saad","year":"2019","unstructured":"Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth, and Berk Sunar. SPOILER: Speculative load hazards boost rowhammer and cache attacks. In 28th USENIX Security Symposium (USENIX Security 19), pages 621--637, Santa Clara, CA, August 2019. USENIX Association."},{"key":"e_1_3_2_1_22_1","first-page":"6.04","volume-title":"sleep(3) --- Linux manual page. man7.org","author":"Kerrisk Michael","year":"2023","unstructured":"Michael Kerrisk. sleep(3) --- Linux manual page. man7.org, 2023. Linux man-pages 6.04."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665726"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_1_25_1","volume-title":"31st USENIX Security Symposium: USENIX Security'22","author":"Kogler Andreas","year":"2022","unstructured":"Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, and Daniel Gruss. Half-double: Hammering from the next row over. In 31st USENIX Security Symposium: USENIX Security'22, 2022."},{"key":"e_1_3_2_1_26_1","volume-title":"Workshop on Offensive Technologies","author":"Kurmus Anil","year":"2017","unstructured":"Anil Kurmus, Nikolas Ioannou, Nikolaos Papandreou, and Thomas Parnell. From random block corruption to privilege escalation: A filesystem attack vector for rowhammer-like attacks. In Workshop on Offensive Technologies, 2017."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","first-page":"695","DOI":"10.1109\/SP40000.2020.00020","volume-title":"2020 IEEE Symposium on Security and Privacy (SP)","author":"Kwong Andrew","year":"2020","unstructured":"Andrew Kwong, Daniel Genkin, Daniel Gruss, and Yuval Yarom. RAMBleed: Reading bits in memory without accessing them. In 2020 IEEE Symposium on Security and Privacy (SP), pages 695--711. IEEE, 2020."},{"key":"e_1_3_2_1_28_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown: Reading kernel memory from user space. In 27th USENIX Security Symposium (USENIX Security 18), 2018."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00102"},{"key":"e_1_3_2_1_30_1","first-page":"1719","volume-title":"2023 IEEE Symposium on Security and Privacy (SP)","author":"Mus Koksal","year":"2023","unstructured":"Koksal Mus, Yark\u0131n Dor\u00f6z, M Caner Tol, Kristi Rahman, and Berk Sunar. Jolt: Recovering TLS signing keys via Rowhammer faults. In 2023 IEEE Symposium on Security and Privacy (SP), pages 1719--1736. IEEE, 2023."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2019.2915318"},{"key":"e_1_3_2_1_32_1","volume-title":"Mysql customers","author":"SQL.","year":"2023","unstructured":"MySQL. Mysql customers, 2023. Accessed on 7 February 2023. https:\/\/www.mysql.com\/customers\/."},{"key":"e_1_3_2_1_33_1","volume-title":"Cve-2022-42961 detail","author":"NIST.","year":"2022","unstructured":"NIST. Cve-2022-42961 detail. Oct 2022."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1007\/978-3-319-30806-7_9","volume-title":"International Symposium on Engineering Secure Software and Systems","author":"Payer Mathias","year":"2016","unstructured":"Mathias Payer. HexPADS: a platform to detect \"stealth\" attacks. In International Symposium on Engineering Secure Software and Systems, pages 138--154. Springer, 2016."},{"key":"e_1_3_2_1_35_1","first-page":"565","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. DRAMA: Exploiting DRAM addressing for Cross-CPU attacks. In 25th USENIX Security Symposium (USENIX Security 16), pages 565--581, Austin, TX, August 2016. USENIX Association."},{"key":"e_1_3_2_1_36_1","first-page":"1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Razavi Kaveh","year":"2016","unstructured":"Kaveh Razavi, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos. Flip feng shui: Hammering a needle in the software stack. In 25th USENIX Security Symposium (USENIX Security 16), pages 1--18, Austin, TX, August 2016. USENIX Association."},{"key":"e_1_3_2_1_37_1","first-page":"71","article-title":"Exploiting the dram rowhammer bug to gain kernel privileges","volume":"15","author":"Seaborn Mark","year":"2015","unstructured":"Mark Seaborn and Thomas Dullien. Exploiting the dram rowhammer bug to gain kernel privileges. Black Hat, 15:71, 2015.","journal-title":"Black Hat"},{"key":"e_1_3_2_1_38_1","volume-title":"Db-engines ranking of relational dbms","author":"Solid IT","year":"2023","unstructured":"IT Solid. Db-engines ranking of relational dbms, 2023. Accessed on 7 February 2023. https:\/\/db-engines.com\/en\/ranking."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1109\/EuroSP.2019.00035","volume-title":"IEEE European Symposium on Security and Privacy, EuroS&P 2019","author":"Takahashi Akira","year":"2019","unstructured":"Akira Takahashi and Mehdi Tibouchi. Degenerate fault attacks on elliptic curve parameters in openssl. In IEEE European Symposium on Security and Privacy, EuroS&P 2019, Stockholm, Sweden, June 17--19, 2019, pages 371--386. IEEE, 2019."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1007\/978-3-030-00470-5_3","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Tatar Andrei","year":"2018","unstructured":"Andrei Tatar, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. Defeating software mitigations against rowhammer: A surgical precision hammer. In Michael Bailey, Thorsten Holz, Manolis Stamatogiannakis, and Sotiris Ioannidis, editors, Research in Attacks, Intrusions, and Defenses, pages 47--66, Cham, 2018. Springer International Publishing."},{"key":"e_1_3_2_1_41_1","first-page":"213","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Tatar Andrei","year":"2018","unstructured":"Andrei Tatar, Radhesh Krishnan Konoth, Elias Athanasopoulos, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. Throwhammer: Rowhammer attacks over the network and defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18), pages 213--226, Boston, MA, July 2018. USENIX Association."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","first-page":"681","DOI":"10.1109\/SP46214.2022.9833802","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Tobah Youssef","year":"2022","unstructured":"Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, and Kang G Shin. Spechammer: Combining spectre and rowhammer for new speculative attacks. In 2022 IEEE Symposium on Security and Privacy (SP), pages 681--698. IEEE, 2022."},{"key":"e_1_3_2_1_43_1","first-page":"616","volume-title":"Berk Sunar. FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Tol M. Caner","year":"2021","unstructured":"M. Caner Tol, Berk Gulmezoglu, Koray Yurtseven, and Berk Sunar. FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings. In 2021 IEEE European Symposium on Security and Privacy (EuroS&P), pages 616--632. IEEE, 2021."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00089"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","first-page":"1675","DOI":"10.1145\/2976749.2978406","volume-title":"Proceedings of the 2016 ACM SIGSAC conference on computer and communications security","author":"Der Veen Victor Van","year":"2016","unstructured":"Victor Van Der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Cl\u00e9mentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. Drammer: Deterministic rowhammer attacks on mobile platforms. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pages 1675--1689, 2016."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"e_1_3_2_1_47_1","first-page":"1","volume-title":"2021 IEEE 39th International Conference on Computer Design (ICCD)","author":"Wang Z.","year":"2021","unstructured":"Z. Wang, W. Liu, and Y. Wang. Discreet-para: Rowhammer defense with low cost and high efficiency. In 2021 IEEE 39th International Conference on Computer Design (ICCD), pages 1--8. IEEE, 2021."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2020.i3.169-195"},{"key":"e_1_3_2_1_49_1","first-page":"19","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Xiao Yuan","year":"2016","unstructured":"Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. One bit flips, one cloud flops: Cross-VM row hammer attacks and privilege escalation. In 25th USENIX Security Symposium (USENIX Security 16), pages 19--35, Austin, TX, August 2016. USENIX Association."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"crossref","first-page":"815","DOI":"10.1109\/MICRO56248.2022.00062","volume-title":"2022 55th IEEE\/ACM International Symposium on Microarchitecture (MICRO)","author":"Ya\u011flik\u00e7i A Giray","year":"2022","unstructured":"A Giray Ya\u011flik\u00e7i, Ataberk Olgun, Minesh Patel, Haocong Luo, Hasan Hassan, Lois Orosa, O\u011fuz Ergin, and Onur Mutlu. Hira: hidden row activation for reducing refresh latency of off-the-shelf dram chips. In 2022 55th IEEE\/ACM International Symposium on Microarchitecture (MICRO), pages 815--834. IEEE, 2022."},{"key":"e_1_3_2_1_51_1","first-page":"1","volume-title":"2016 IEEE 35th symposium on reliable distributed systems (SRDS)","author":"Yim Keun Soo","year":"2016","unstructured":"Keun Soo Yim. The rowhammer attack injection methodology. In 2016 IEEE 35th symposium on reliable distributed systems (SRDS), pages 1--10. IEEE, 2016."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_6"}],"event":{"name":"ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Singapore Singapore","acronym":"ASIA CCS '24"},"container-title":["Proceedings of the 19th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637638","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:44:05Z","timestamp":1750290245000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3634737.3637638"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":52,"alternative-id":["10.1145\/3634737.3637638","10.1145\/3634737"],"URL":"https:\/\/doi.org\/10.1145\/3634737.3637638","relation":{},"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}