Related papers: $ρ$Hammer: Reviving RowHammer Attacks on New Architectures via Prefetching

$ρ$Hammer: Reviving RowHammer Attacks on New Architectures via Prefetching

URL: http://arxiv.org/abs/2510.16544v1
Date: Sat, 18 Oct 2025 15:40:53 GMT
Title: $ρ$Hammer: Reviving RowHammer Attacks on New Architectures via Prefetching
Authors: Weijie Chen, Shan Tang, Yulin Tang, Xiapu Luo, Yinqian Zhang, Weizhong Qiang,
Abstract summary: Rowhammer is a critical vulnerability in dynamic random access memory (DRAM)<n>We present $rho$Hammer, a new Rowhammer framework that overcomes three core challenges impeding attacks on new architectures.<n>$rho$Hammer induces up to 200K+ additional bit flips within 2-hour attack pattern fuzzing processes and has a 112x higher flip rate than the load-based hammering baselines.
Score: 37.49955872834092
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Rowhammer is a critical vulnerability in dynamic random access memory (DRAM) that continues to pose a significant threat to various systems. However, we find that conventional load-based attacks are becoming highly ineffective on the most recent architectures such as Intel Alder and Raptor Lake. In this paper, we present $\rho$Hammer, a new Rowhammer framework that systematically overcomes three core challenges impeding attacks on these new architectures. First, we design an efficient and generic DRAM address mapping reverse-engineering method that uses selective pairwise measurements and structured deduction, enabling recovery of complex mappings within seconds on the latest memory controllers. Second, to break through the activation rate bottleneck of load-based hammering, we introduce a novel prefetch-based hammering paradigm that leverages the asynchronous nature of x86 prefetch instructions and is further enhanced by multi-bank parallelism to maximize throughput. Third, recognizing that speculative execution causes more severe disorder issues for prefetching, which cannot be simply mitigated by memory barriers, we develop a counter-speculation hammering technique using control-flow obfuscation and optimized NOP-based pseudo-barriers to maintain prefetch order with minimal overhead. Evaluations across four latest Intel architectures demonstrate $\rho$Hammer's breakthrough effectiveness: it induces up to 200K+ additional bit flips within 2-hour attack pattern fuzzing processes and has a 112x higher flip rate than the load-based hammering baselines on Comet and Rocket Lake. Also, we are the first to revive Rowhammer attacks on the latest Raptor Lake architecture, where baselines completely fail, achieving stable flip rates of 2,291/min and fast end-to-end exploitation.

Related papers

LoGeR: Long-Context Geometric Reconstruction with Hybrid Memory [97.14005794889134]
We present LoGeR, a novel architecture that scales dense 3D reconstruction to extremely long sequences without post-optimization.<n>LoGeR processes video streams in chunks, leveraging strong bidirectional priors for high-fidelity intra-chunk reasoning.<n>This memory architecture enables LoGeR to be trained on sequences of 128 frames, and generalize up to thousands of frames during inference.
arXiv Detail & Related papers (2026-03-03T18:55:37Z)
Triangle Multiplication Is All You Need For Biomolecular Structure Representations [56.26342479807906]
We introduce Pairmixer, a streamlined alternative that eliminates triangle attention while preserving higher-order geometric reasoning capabilities.<n>Pairmixer substantially improves computational efficiency, matching state-of-the-art structure predictors across folding and docking benchmarks.<n>Within BoltzDesign, for example, Pairmixer delivers over 2x faster sampling and scales to sequences 30% longer than the memory limits of Pairformer.
arXiv Detail & Related papers (2025-10-21T17:59:02Z)
OpenGL GPU-Based Rowhammer Attack (Work in Progress) [0.0]
This paper presents an adaptive, many-sided Rowhammer attack utilizing GPU compute shaders.<n>Our approach employs statistical distributions to optimize row targeting and avoid current mitigations.<n> Experimental results on a Raspberry Pi 4 demonstrate that the GPU-based approach attains a high rate of bit flips compared to traditional CPU-based hammering.
arXiv Detail & Related papers (2025-09-24T10:11:05Z)
Knock-Knock: Black-Box, Platform-Agnostic DRAM Address-Mapping Reverse Engineering [0.0]
We develop an efficient, noise-robust, and fully platform-agnostic algorithm to recover the full bank-mask basis in time.<n>Our method provides a 99% recall and accuracy on all tested platforms.
arXiv Detail & Related papers (2025-09-23T20:49:48Z)
Rubber Mallet: A Study of High Frequency Localized Bit Flips and Their Impact on Security [6.177931523699345]
The density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows.<n>This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses.
arXiv Detail & Related papers (2025-05-02T18:07:07Z)
DAPPER: A Performance-Attack-Resilient Tracker for RowHammer Defense [1.1816942730023883]
RowHammer vulnerabilities pose a significant threat to modern DRAM-based systems.<n>Perf-Attacks exploit shared structures to reduce DRAM bandwidth for co-running benign applications.<n>We propose secure hashing mechanisms to thwart adversarial attempts to capture the mapping of shared structures.
arXiv Detail & Related papers (2025-01-31T02:38:53Z)
Advancing Generalized Transfer Attack with Initialization Derived Bilevel Optimization and Dynamic Sequence Truncation [49.480978190805125]
Transfer attacks generate significant interest for black-box applications. Existing works essentially directly optimize the single-level objective w.r.t. surrogate model. We propose a bilevel optimization paradigm, which explicitly reforms the nested relationship between the Upper-Level (UL) pseudo-victim attacker and the Lower-Level (LL) surrogate attacker.
arXiv Detail & Related papers (2024-06-04T07:45:27Z)
HiRE: High Recall Approximate Top-$k$ Estimation for Efficient LLM Inference [68.59839755875252]
HiRE comprises of two novel components: (i) a compression scheme to cheaply predict top-$k$ rows/columns with high recall, followed by full computation restricted to the predicted subset, and (ii) DA-TOP-$k$: an efficient multi-device approximate top-$k$ operator. We demonstrate that on a one billion parameter model, HiRE applied to both the softmax as well as feedforward layers, achieves almost matching pretraining and downstream accuracy, and speeds up inference latency by $1.47times$ on a single TPUv5e device.
arXiv Detail & Related papers (2024-02-14T18:04:36Z)
Improving Dual-Encoder Training through Dynamic Indexes for Negative Mining [61.09807522366773]
We introduce an algorithm that approximates the softmax with provable bounds and that dynamically maintains the tree. In our study on datasets with over twenty million targets, our approach cuts error by half in relation to oracle brute-force negative mining.
arXiv Detail & Related papers (2023-03-27T15:18:32Z)
Bridging Models to Defend: A Population-Based Strategy for Robust Adversarial Defense [70.39517230717126]
Adrial robustness is a critical measure of a neural network's ability to withstand adversarial attacks at inference time.<n>We propose a novel Robust Mode Connectivity (RMC)-oriented adversarial defense framework.<n>We show that our methods significantly improve robustness against $ell_infty$, $ell$, and hybrid attacks.
arXiv Detail & Related papers (2023-03-17T19:49:10Z)
ROME: Robustifying Memory-Efficient NAS via Topology Disentanglement and Gradient Accumulation [106.04777600352743]
Differentiable architecture search (DARTS) is largely hindered by its substantial memory cost since the entire supernet resides in the memory. The single-path DARTS comes in, which only chooses a single-path submodel at each step. While being memory-friendly, it also comes with low computational costs. We propose a new algorithm called RObustifying Memory-Efficient NAS (ROME) to give a cure.
arXiv Detail & Related papers (2020-11-23T06:34:07Z)

This list is automatically generated from the titles and abstracts of the papers in this site.