{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T12:35:14Z","timestamp":1756384514405,"version":"3.43.0"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T00:00:00Z","timestamp":1755993600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 2026913"],"award-info":[{"award-number":["CNS 2026913"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100008982","name":"Qatar National Research Fund","doi-asserted-by":"publisher","award":["NPRP13S-0122-200135"],"award-info":[{"award-number":["NPRP13S-0122-200135"]}],"id":[{"id":"10.13039\/100008982","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,25]]},"DOI":"10.1145\/3708821.3733868","type":"proceedings-article","created":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T06:30:56Z","timestamp":1755066656000},"page":"1219-1234","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["FAULT+PROBE: A Generic Rowhammer-based Bit Recovery Attack"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-3217-0811","authenticated-orcid":false,"given":"Kemal","family":"Derya","sequence":"first","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4512-9145","authenticated-orcid":false,"given":"M. Caner","family":"Tol","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5404-5368","authenticated-orcid":false,"given":"Berk","family":"Sunar","sequence":"additional","affiliation":[{"name":"Worcester Polytechnic Institute, Worcester, MA, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,8,24]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/3634737.3637638"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"crossref","unstructured":"Zelalem\u00a0Birhanu Aweke Salessawi\u00a0Ferede Yitbarek Rui Qiao Reetuparna Das Matthew Hicks Yossi Oren and Todd Austin. 2016. ANVIL: Software-based protection against next-generation rowhammer attacks. ACM SIGPLAN Notices 51 4 (2016) 743\u2013755.","DOI":"10.1145\/2954679.2872390"},{"key":"e_1_3_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0052259"},{"key":"e_1_3_3_2_5_2","volume-title":"Understanding the Linux Kernel: from I\/O ports to process management (3rd ed.)","author":"Bovet Daniel\u00a0P.","year":"2005","unstructured":"Daniel\u00a0P. Bovet and Marco Cesati. 2005. Understanding the Linux Kernel: from I\/O ports to process management (3rd ed.). O\u2019Reilly Media, Sebastopol, CA."},{"key":"e_1_3_3_2_6_2","first-page":"117","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Lucas Davi, David Gens, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2017. CAn\u2019t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 117\u2013130."},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363219"},{"key":"e_1_3_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.23919\/DATE48585.2020.9116219"},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Marco Chiappetta Erkay Savas and Cemal Yilmaz. 2016. Real time detection of cache-based side-channel attacks using hardware performance counters. Applied Soft Computing 49 (2016) 1162\u20131174.","DOI":"10.1016\/j.asoc.2016.09.014"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74735-2_13"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00085"},{"key":"e_1_3_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00089"},{"key":"e_1_3_3_2_13_2","volume-title":"Defending against Rowhammer in the kernel","author":"Corbet Jonathan","year":"2016","unstructured":"Jonathan Corbet. 2016. Defending against Rowhammer in the kernel. https:\/\/lwn.net\/Articles\/704920\/."},{"key":"e_1_3_3_2_14_2","first-page":"1001","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Ridder Finn de","year":"2021","unstructured":"Finn de Ridder, Pietro Frigo, Emanuele Vannacci, Herbert Bos, Cristiano Giuffrida, and Kaveh Razavi. 2021. SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 1001\u20131018. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/ridder"},{"key":"e_1_3_3_2_15_2","doi-asserted-by":"crossref","unstructured":"Christoph Dobraunig Maria Eichlseder Thomas Korak Stefan Mangard Florian Mendel and Robert Primas. 2018. SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography. IACR Cryptol. ePrint Arch. 2018 (2018) 71. https:\/\/api.semanticscholar.org\/CorpusID:52839484","DOI":"10.46586\/tches.v2018.i3.547-572"},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560673"},{"key":"e_1_3_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00090"},{"key":"e_1_3_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2013.18"},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-33481-8_17"},{"key":"e_1_3_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00031"},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_15"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03356-8_1"},{"key":"e_1_3_3_2_24_2","unstructured":"Nishad Herath and Anders Fogh. 2015. These are not your grand Daddys cpu performance counters\u2013CPU hardware performance counters for security. Black Hat Briefings (2015)."},{"key":"e_1_3_3_2_25_2","unstructured":"Gorka Irazoqui Thomas Eisenbarth and Berk Sunar. 2016. MASCAT: Stopping Microarchitectural Attacks Before Execution. IACR Cryptol. ePrint Arch. 2016 (2016) 1196."},{"key":"e_1_3_3_2_26_2","first-page":"621","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Islam Saad","year":"2019","unstructured":"Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth, and Berk Sunar. 2019. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 621\u2013637."},{"key":"e_1_3_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP53844.2022.00046"},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"crossref","unstructured":"Saad Islam Koksal Mus Richa Singh Patrick Schaumont and Berk Sunar. 2022. Signature Correction Attack on Dilithium Signature Scheme. 2022 IEEE 7th European Symposium on Security and Privacy (EuroS&P) (2022) 647\u2013663. https:\/\/api.semanticscholar.org\/CorpusID:247187676","DOI":"10.1109\/EuroSP53844.2022.00046"},{"key":"e_1_3_3_2_29_2","first-page":"1071","volume-title":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","author":"Islam Saad","year":"2020","unstructured":"Saad Islam, Koksal Mus, and Berk Sunar. 2020. QuantumHammer: A Practical Hybrid Attack on the LUOV Signature Scheme. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1071\u20131084."},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833772"},{"key":"e_1_3_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179390"},{"key":"e_1_3_3_2_32_2","first-page":"1597","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Kang Ingab","year":"2024","unstructured":"Ingab Kang, Walter Wang, Jason Kim, Stephan van Schaik, Youssef Tobah, Daniel Genkin, Andrew Kwong, and Yuval Yarom. 2024. SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 1597\u20131614. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/kang"},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"crossref","unstructured":"Yoongu Kim Ross Daly Jeremie Kim Chris Fallin Ji\u00a0Hye Lee Donghyuk Lee Chris Wilkerson Konrad Lai and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. ACM SIGARCH Computer Architecture News 42 3 (2014) 361\u2013372.","DOI":"10.1145\/2678373.2665726"},{"key":"e_1_3_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_3_2_35_2","volume-title":"31st USENIX Security Symposium: USENIX Security\u201922","author":"Kogler Andreas","year":"2022","unstructured":"Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, and Daniel Gruss. 2022. Half-Double: Hammering From the Next Row Over. In 31st USENIX Security Symposium: USENIX Security\u201922."},{"key":"e_1_3_3_2_36_2","doi-asserted-by":"crossref","unstructured":"Elisabeth Krahmer Peter Pessl Georg Land and Tim G\u00fcneysu. 2024. Correction Fault Attacks on Randomized CRYSTALS-Dilithium. Cryptology ePrint Archive Paper 2024\/138. https:\/\/eprint.iacr.org\/2024\/138 https:\/\/eprint.iacr.org\/2024\/138.","DOI":"10.46586\/tches.v2024.i3.174-199"},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00020"},{"key":"e_1_3_3_2_38_2","first-page":"973","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 973\u2013990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSPW51379.2020.00102"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179327"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-99-8730-6_4"},{"key":"e_1_3_3_2_42_2","unstructured":"Ingo Molnar. 2006. Enhancing the Linux Kernel. https:\/\/lkml.org\/lkml\/2006\/7\/25\/62. Accessed: 2024-02-07."},{"key":"e_1_3_3_2_43_2","doi-asserted-by":"crossref","unstructured":"Puja Mondal Suparna Kundu Sarani Bhattacharya Angshuman Karmakar and Ingrid Verbauwhede. 2024. A Practical Key-Recovery Attack on\u00a0LWE-Based Key-Encapsulation Mechanism Schemes Using Rowhammer. (2024) 271\u2013300.","DOI":"10.1007\/978-3-031-54776-8_11"},{"key":"e_1_3_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179450"},{"key":"e_1_3_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417272"},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.5555\/3130379.3130643"},{"key":"e_1_3_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34961-4_24"},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-30806-7_9"},{"key":"e_1_3_3_2_49_2","first-page":"565","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 565\u2013581."},{"key":"e_1_3_3_2_50_2","unstructured":"Mark Seaborn and Thomas Dullien. 2015. Exploiting the DRAM rowhammer bug to gain kernel privileges. Black Hat 15 (2015) 71."},{"key":"e_1_3_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_3"},{"key":"e_1_3_3_2_52_2","first-page":"213","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC 18)","author":"Tatar Andrei","year":"2018","unstructured":"Andrei Tatar, Radhesh\u00a0Krishnan Konoth, Elias Athanasopoulos, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Throwhammer: Rowhammer Attacks over the Network and Defenses. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 213\u2013226."},{"key":"e_1_3_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833802"},{"key":"e_1_3_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44709-3_6"},{"key":"e_1_3_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00089"},{"key":"e_1_3_3_2_56_2","unstructured":"Arjan van\u00a0de Ven. 2005. Patch 4\/6 randomize the stack pointer. LWN.net (27 Jan 2005). https:\/\/lwn.net\/Articles\/120969\/ Accessed: 2024-02-07."},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978406"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"e_1_3_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD53106.2021.00074"},{"key":"e_1_3_3_2_60_2","doi-asserted-by":"publisher","unstructured":"Zane Weissman Thore Tiemann Daniel Moghimi Evan Custodio Thomas Eisenbarth and Berk Sunar. 2020. JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms. IACR Transactions on Cryptographic Hardware and Embedded Systems 2020 3 (Jun. 2020) 169\u2013195. 10.13154\/tches.v2020.i3.169-195","DOI":"10.13154\/tches.v2020.i3.169-195"},{"key":"e_1_3_3_2_61_2","unstructured":"wolfSSL Inc.2022. wolfSSL (5.5.0). https:\/\/www.wolfssl.com\/2022\/08\/"},{"key":"e_1_3_3_2_62_2","first-page":"19","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Xiao Yuan","year":"2016","unstructured":"Yuan Xiao, Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu. 2016. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 19\u201335."},{"key":"e_1_3_3_2_63_2","first-page":"1463","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Yao Fan","year":"2020","unstructured":"Fan Yao, Adnan\u00a0Siraj Rakin, and Deliang Fan. 2020. DeepHammer: Depleting the Intelligence of Deep Neural Networks through Targeted Chain of Bit Flips. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1463\u20131480. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/yao"},{"key":"e_1_3_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO56248.2022.00062"},{"key":"e_1_3_3_2_65_2","doi-asserted-by":"crossref","unstructured":"Sung-Ming Yen and Marc Joye. 2000. Checking before output may not be enough against fault-based cryptanalysis. IEEE Transactions on computers 49 9 (2000) 967\u2013970.","DOI":"10.1109\/12.869328"},{"key":"e_1_3_3_2_66_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_6"}],"event":{"name":"ASIA CCS '25: 20th ACM Asia Conference on Computer and Communications Security","location":"Hanoi Vietnam","acronym":"ASIA CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 20th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3708821.3733868","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3708821.3733868","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,13]],"date-time":"2025-08-13T07:31:40Z","timestamp":1755070300000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3708821.3733868"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,24]]},"references-count":65,"alternative-id":["10.1145\/3708821.3733868","10.1145\/3708821"],"URL":"https:\/\/doi.org\/10.1145\/3708821.3733868","relation":{},"subject":[],"published":{"date-parts":[[2025,8,24]]},"assertion":[{"value":"2025-08-24","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}