pith. sign in

arxiv: 2604.20576 · v1 · submitted 2026-04-22 · 💻 cs.CR · cs.AR

PVAC: A RowHammer Mitigation Architecture Exploiting Per-victim-row Counting

Jumin Kim , Seungmin Baek , Hwayong Nam , Minbok Wi , Nam Sung Kim , Jung Ho Ahn This is my paper

Pith reviewed 2026-05-09 23:57 UTC · model grok-4.3

classification 💻 cs.CR cs.AR
keywords RowHammerDRAMmitigationvictim countingPRACmemory securityperformance optimization
0
0 comments X

The pith

PVAC shifts RowHammer counting to victim rows to raise tolerance and eliminate false alerts from benign activity.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that current per-row activation counting in DRAM indiscriminately tracks all activations, causing counters to saturate from normal refreshes and trigger unnecessary mitigations that hurt performance. By instead counting activations from the perspective of the victim rows being disturbed, PVAC ensures counters reset naturally and stay bounded under standard refresh operations. A dedicated hardware structure allows these victim-based updates to happen without interfering with regular memory access timing. This change preserves the required safety against worst-case attacks but allows the system to tolerate more actual hammering before mitigation. Consequently, the architecture delivers higher performance and reduced energy use across various workloads compared to prior approaches.

Core claim

We present Per-Victim-row hAmmered Counting (PVAC), a victim-based counting mechanism that aligns the counter semantics with the physical disturbance mechanism of RowHammer. PVAC increments the counters of victim rows, resets the activated row, and naturally bounds counter values under normal refresh. To enable efficient victim-based updates, PVAC employs a dedicated counter subarray (CSA) that performs all counter resets and increments concurrently with normal accesses, without timing overhead. We further devise an energy-efficient CSA layout that minimizes refresh-induced counter accesses. Through victim-based counting, PVAC supports higher hammering tolerance than PRAC while maintaining 0

What carries the argument

The victim-row counting mechanism supported by a dedicated counter subarray that updates counters concurrently with normal DRAM accesses.

Load-bearing premise

That the dedicated counter subarray can perform counter updates and resets in parallel with normal memory accesses without causing any delays or additional overhead.

What would settle it

Implementing the counter subarray in a DRAM simulator or prototype and checking if any timing violations or extra latency appear during high-activity periods with frequent refreshes.

Figures

Figures reproduced from arXiv: 2604.20576 by Hwayong Nam, Jumin Kim, Jung Ho Ahn, Minbok Wi, Nam Sung Kim, Seungmin Baek.

Figure 1
Figure 1. Figure 1: Counter value per row and available bandwidth across the tREFW [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: A DRAM organization equipped with PRAC. Table I MAJOR TIMING PARAMETERS FOR DDR5-4800 WITHOUT/WITH PRAC Timing Description Default PRAC tRAS Min. time from ACT to PRE 32 ns 16 ns tRP Min. time from PRE to ACT 16 ns 36 ns tRC Min. time between consecutive ACTs 48 ns 52 ns tRTP Min. time from RD to PRE 7.5 ns 5 ns tWR Min. time from the end of write burst to PRE 30 ns 10 ns tRCD Min. time from ACT to RD / WR… view at source ↗
Figure 3
Figure 3. Figure 3: Alert Back-Off (ABO) protocol overview. provides a tABOACT timing margin before initiating miti￾gation. During this period, up to ABOACT activations can be issued. After tABOACT, the MC issues NMit RFM commands, allowing DRAM to refresh potential victim rows internally. Each RFM occupies 350 ns, during which ACT commands are blocked, resulting in a total stall time of tABORecovery = NMit × 350 ns. Within t… view at source ↗
Figure 4
Figure 4. Figure 4: An overview of PVAC architecture, including a counter subarray [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Counter update sequence when a DSA row A is activated, with [PITH_FULL_IMAGE:figures/full_fig_p006_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Energy efficient CSA structure in PVAC, interleaving counters [PITH_FULL_IMAGE:figures/full_fig_p007_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: A sequence of feinting attack under a victim-based tracking [PITH_FULL_IMAGE:figures/full_fig_p008_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: NBO across various maximum hammered count (HC) for PRAC, PVAC, and Chronus. setup phase, one additional activation is needed to trigger the Alert, after which the attacker can issue ABOACT more activations before RFM begins. The farthest victim row can then receive up to BR − 1 additional disturbances during RFM before being refreshed. Therefore, the online-phase HC is 1 + ABOACT + (BR − 1) = ABOACT + BR. … view at source ↗
Figure 9
Figure 9. Figure 9: Normalized weighted speedup across different workloads and HC [PITH_FULL_IMAGE:figures/full_fig_p010_9.png] view at source ↗
Figure 11
Figure 11. Figure 11: Normalized weighted speedup across workloads under adversarial [PITH_FULL_IMAGE:figures/full_fig_p011_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Normalized weighted speedup across workloads under adversarial [PITH_FULL_IMAGE:figures/full_fig_p012_12.png] view at source ↗
Figure 13
Figure 13. Figure 13: Counter update latency under different row numbers and [PITH_FULL_IMAGE:figures/full_fig_p012_13.png] view at source ↗
read the original abstract

As DRAM scaling exacerbates RowHammer, DDR5 introduces per-row activation counting (PRAC) to track aggressor activity. However, PRAC indiscriminately increments counters on every activation -- including benign refreshes -- while relying solely on explicit RFM operations for resets. Consequently, counters saturate even in an idle bank, triggering cascading mitigations and degrading performance. This vulnerability arises from a fundamental mismatch: PRAC tracks the aggressor but aims to protect the victim. We present Per-Victim-row hAmmered Counting (PVAC), a victim-based counting mechanism that aligns the counter semantics with the physical disturbance mechanism of RowHammer. PVAC increments the counters of victim rows, resets the activated row, and naturally bounds counter values under normal refresh. To enable efficient victim-based updates, PVAC employs a dedicated counter subarray (CSA) that performs all counter resets and increments concurrently with normal accesses, without timing overhead. We further devise an energy-efficient CSA layout that minimizes refresh-induced counter accesses. Through victim-based counting, PVAC supports higher hammering tolerance than PRAC while maintaining the same worst-case safety guarantee. Across benign workloads and adversarial attack patterns, PVAC avoids spurious Alerts, eliminates PRAC timing penalties, and achieves higher performance and lower energy consumption than prior PRAC-based defenses.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper proposes Per-Victim-row hAmmered Counting (PVAC) as an alternative to DDR5's per-row activation counting (PRAC) for RowHammer mitigation. PVAC increments counters on victim rows and resets the activated row, using a dedicated counter subarray (CSA) that performs these operations concurrently with normal accesses and refreshes without timing overhead. An energy-efficient CSA layout is claimed to minimize refresh-induced accesses. The approach is asserted to support higher hammering tolerance than PRAC while preserving worst-case safety, avoid spurious alerts, eliminate PRAC timing penalties, and deliver higher performance with lower energy across benign and adversarial workloads.

Significance. If the CSA concurrency assumption is validated and the performance/energy claims hold under realistic DRAM timing and resource constraints, PVAC would represent a targeted improvement over PRAC by aligning counter semantics with the victim-disturbance physics of RowHammer. This could reduce unnecessary mitigations in idle or refresh-heavy scenarios and improve system throughput without compromising the safety bound. The architectural redesign is a clear strength, but the absence of cycle-level verification or quantitative results in the current manuscript limits the immediate assessed impact.

major comments (2)
  1. [Abstract] Abstract: The headline claims of 'higher performance and lower energy consumption than prior PRAC-based defenses' and 'eliminates PRAC timing penalties' rest entirely on the unverified assertion that the dedicated counter subarray (CSA) executes every victim-row increment and activated-row reset concurrently with normal activations and refreshes with zero added latency or command-bus contention. No cycle-accurate scheduling, bank-resource model, command-timing diagram, or tRC analysis is supplied to demonstrate that CSA operations are fully independent of the main row buffer and command decoder.
  2. [Abstract] Abstract: The statements that PVAC 'supports higher hammering tolerance than PRAC' and 'avoids spurious Alerts' across workloads are presented without any quantitative data, error bars, workload descriptions, or simulation results. The central safety and performance advantages therefore cannot be evaluated from the provided material.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive review of our manuscript on PVAC. We address each major comment point by point below, providing clarifications on the CSA design and evaluation approach while outlining planned revisions to strengthen the presentation of our claims.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The headline claims of 'higher performance and lower energy consumption than prior PRAC-based defenses' and 'eliminates PRAC timing penalties' rest entirely on the unverified assertion that the dedicated counter subarray (CSA) executes every victim-row increment and activated-row reset concurrently with normal activations and refreshes with zero added latency or command-bus contention. No cycle-accurate scheduling, bank-resource model, command-timing diagram, or tRC analysis is supplied to demonstrate that CSA operations are fully independent of the main row buffer and command decoder.

    Authors: We appreciate the referee's emphasis on the need for explicit validation of the CSA's concurrency. The manuscript describes the CSA as a dedicated subarray operating in parallel with normal DRAM accesses and refreshes, using separate resources to avoid contention with the main row buffer and command decoder. However, we acknowledge that the current version does not include cycle-accurate scheduling details, timing diagrams, or tRC analysis. In the revised manuscript, we will add these elements, including a bank-resource model and command-timing diagrams, to rigorously demonstrate zero added latency and independence from normal operations. revision: yes

  2. Referee: [Abstract] Abstract: The statements that PVAC 'supports higher hammering tolerance than PRAC' and 'avoids spurious Alerts' across workloads are presented without any quantitative data, error bars, workload descriptions, or simulation results. The central safety and performance advantages therefore cannot be evaluated from the provided material.

    Authors: We agree that the abstract summarizes these advantages without embedding the supporting data. The full manuscript presents simulation-based evaluations across benign workloads and adversarial attack patterns, demonstrating higher hammering tolerance, avoidance of spurious alerts, and improved performance and energy relative to PRAC, while preserving the worst-case safety bound. To address the concern, we will revise the abstract to highlight key quantitative results and expand the evaluation section with explicit workload descriptions, simulation parameters, and error bars in the revised version. revision: yes

Circularity Check

0 steps flagged

No circularity in derivation; architectural claims rest on mechanism design and hardware assumptions

full rationale

The paper presents PVAC as a new victim-based counting architecture with a dedicated CSA for concurrent updates. No equations, fitted parameters, or predictions appear in the provided text. Central claims (higher tolerance, no spurious alerts, eliminated timing penalties) follow directly from the described semantics of incrementing victim counters and resetting activated rows, plus the explicit assumption of zero-overhead CSA concurrency. This is a design proposal whose validity hinges on unverified hardware feasibility rather than any reduction of outputs to inputs by construction or self-citation chains. No load-bearing step matches the enumerated circularity patterns.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The design assumes standard DRAM timing and refresh behavior suffice to bound counters naturally, plus the feasibility of a zero-overhead CSA; these are domain assumptions rather than derived results.

axioms (2)
  • domain assumption Normal DRAM refresh operations bound counter values under typical access patterns.
    Invoked to claim natural bounding without explicit resets.
  • ad hoc to paper CSA hardware can update counters concurrently with row activations without extending command timing.
    Central to eliminating PRAC timing penalties.
invented entities (1)
  • Counter Subarray (CSA) no independent evidence
    purpose: Dedicated hardware block for parallel victim-counter updates and resets.
    New component required to realize victim-based counting without overhead.

pith-pipeline@v0.9.0 · 5544 in / 1322 out tokens · 22311 ms · 2026-05-09T23:57:08.862687+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

101 extracted references · 101 canonical work pages

  1. [1]

    Marionette: A RowHammer Attack via Row Coupling,

    S. Baek, M. Wi, S. Park, H. Nam, M. J. Kim, N. S. Kim, and J. Ahn, “Marionette: A RowHammer Attack via Row Coupling,” inASPLOS, 2025

    work page 2025

  2. [2]

    Panopticon: A Complete In-DRAM Rowhammer Mitigation,

    T. Bennett, S. Saroiu, A. Wolman, and L. Cojocar, “Panopticon: A Complete In-DRAM Rowhammer Mitigation,” inWorkshop on DRAM Security (DRAMSec), 2021

    work page 2021

  3. [3]

    Columndisturb: Understanding column-based read disturbance in real dram chips and implications for future systems,

    F. N. Bostancı, O. Canpolat, A. Olgun, I. E. Y ¨uksel, K. Kanellopoulos, M. Sadrosadati, A. G. Ya ˘glıkc ¸ı, and O. Mutlu, “Understanding and Mitigating Covert Channel and Side Channel Vulnerabilities Introduced by RowHammer Defenses,” inMICRO, 2025. [Online]. Available: https://doi.org/10.1145/3725843.3756029

    work page doi:10.1145/3725843.3756029 2025

  4. [4]

    CoMeT: Count-Min- Sketch-based Row Tracking to Mitigate RowHammer at Low Cost,

    F. N. Bostanci, I. E. Y ¨uksel, A. Olgun, K. Kanellopoulos, Y . C. Tu˘grul, A. G. Ya ˘glic ¸i, M. Sadrosadati, and O. Mutlu, “CoMeT: Count-Min- Sketch-based Row Tracking to Mitigate RowHammer at Low Cost,” in HPCA, 2024

    work page 2024

  5. [5]

    CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory,

    F. Brasser, L. Davi, D. Gens, C. Liebchen, and A.-R. Sadeghi, “CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory,” inUSENIX Security Symposium, 2017

    work page 2017

  6. [6]

    BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads,

    O. Canpolat, A. G. Ya ˘glıkc ¸ı, A. Olgun, I. E. Yuksel, Y . C. Tu ˘grul, K. Kanellopoulos, O. Ergin, and O. Mutlu, “BreakHammer: Enhancing RowHammer Mitigations by Carefully Throttling Suspect Threads,” in MICRO, 2024. 13

    work page 2024

  7. [7]

    Chronus: Understanding and Securing the Cutting-Edge Industry Solutions to DRAM Read Disturbance,

    O. Canpolat, A. G. Ya ˘glıkc ¸ı, G. F. Oliveira, A. Olgun, N. Bostancı, I. E. Yuksel, H. Luo, O. Ergin, and O. Mutlu, “Chronus: Understanding and Securing the Cutting-Edge Industry Solutions to DRAM Read Disturbance,” inHPCA, 2025

    work page 2025

  8. [8]

    ρHammer: Reviving RowHammer Attacks on New Architectures via Prefetching,

    W. Chen, S. Tang, Y . Tang, X. Luo, Y . Zhang, and W. Qiang, “ρHammer: Reviving RowHammer Attacks on New Architectures via Prefetching,” inMICRO, 2025

    work page 2025

  9. [9]

    mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors,

    L. Cojocar, K. Loughlin, S. Saroiu, B. Kasikci, and A. Wolman, “mFIT: A Bump-in-the-Wire Tool for Plug-and-Play Analysis of Rowhammer Susceptibility Factors,”Technical Report-Microsoft Research, 2021

    work page 2021

  10. [10]

    Benchmarking Cloud Serving Systems with YCSB,

    B. F. Cooper, A. Silberstein, E. Tam, R. Ramakrishnan, and R. Sears, “Benchmarking Cloud Serving Systems with YCSB,” inProceedings of the 1st ACM Symposium on Cloud Computing, 2010

    work page 2010

  11. [11]

    SPEC CPU2006,

    S. P. E. Corp., “SPEC CPU2006,” https://www.spec.org/cpu2006/

    work page

  12. [12]

    SPEC CPU2017,

    ——, “SPEC CPU2017,” https://www.spec.org/cpu2017

    work page

  13. [13]

    TPC Benchmarks,

    T. P. P. Council, “TPC Benchmarks,” https://tpc.org/

    work page

  14. [14]

    SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript,

    F. de Ridder, P. Frigo, E. Vannacci, H. Bos, C. Giuffrida, and K. Razavi, “SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript,” inUSENIX Security Symposium, 2021

    work page 2021

  15. [15]

    DIVIDE: Efficient RowHam- mer Defense via In-DRAM Cache-Based Hot Data Isolation,

    H. Du, Y . Yang, S. Chen, and Y . Kang, “DIVIDE: Efficient RowHam- mer Defense via In-DRAM Cache-Based Hot Data Isolation,”IEEE Transactions on Computers, 2025

    work page 2025

  16. [16]

    SafeGuard: Reducing the Security Risk from Row-Hammer via Low-Cost Integrity Protection,

    A. Fakhrzadehgan, Y . N. Patt, P. J. Nair, and M. Qureshi, “SafeGuard: Reducing the Security Risk from Row-Hammer via Low-Cost Integrity Protection,” inHPCA, 2022

    work page 2022

  17. [17]

    TRRespass: Exploiting the Many Sides of Target Row Refresh,

    P. Frigo, E. Vannacc, H. Hassan, V . van der Veen, O. Mutlu, C. Giuf- frida, H. Bos, and K. Razavi, “TRRespass: Exploiting the Many Sides of Target Row Refresh,” inIEEE Symposium on Security and Privacy (S&P), 2020

    work page 2020

  18. [18]

    MediaBench II video: Expediting the next generation of video systems research,

    J. E. Fritts, F. W. Steiling, J. A. Tucek, and W. Wolf, “MediaBench II video: Expediting the next generation of video systems research,” Microprocessors and Microsystems, 2009

    work page 2009

  19. [19]

    Another Flip in the Wall of Rowhammer Defenses,

    D. Gruss, M. Lipp, M. Schwarz, D. Genkin, J. Juffinger, S. O’Connell, W. Schoechl, and Y . Yarom, “Another Flip in the Wall of Rowhammer Defenses,” inIEEE Symposium on Security and Privacy (S&P), 2018

    work page 2018

  20. [20]

    Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript,

    D. Gruss, C. Maurice, and S. Mangard, “Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript,” inInternational Con- ference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2016

    work page 2016

  21. [21]

    CHaRM: Checkpointed and Hashed Counters for Flexible and Efficient Rowhammer Mitigation,

    A. Hajiabadi, M. Marazzi, and K. Razavi, “CHaRM: Checkpointed and Hashed Counters for Flexible and Efficient Rowhammer Mitigation,” inProceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025

    work page 2025

  22. [22]

    CROW: a low-cost substrate for improving DRAM performance, energy efficiency, and reliability,

    H. Hassan, M. Patel, J. S. Kim, A. G. Ya ˘glıkc ¸ı, N. Vijaykumar, N. M. Ghiasi, S. Ghose, and O. Mutlu, “CROW: a low-cost substrate for improving DRAM performance, energy efficiency, and reliability,” in ISCA, 2019

    work page 2019

  23. [23]

    Uncovering In-DRAM RowHammer Protection Mech- anisms: A New Methodology, Custom RowHammer Patterns, and Implications,

    H. Hassan, Y . C. Tugrul, J. S. Kim, V . van der Veen, K. Razavi, and O. Mutlu, “Uncovering In-DRAM RowHammer Protection Mech- anisms: A New Methodology, Custom RowHammer Patterns, and Implications,” inMICRO, 2021

    work page 2021

  24. [24]

    Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks under Hardware Fault Attacks,

    S. Hong, P. Frigo, Y . Kaya, C. Giuffrida, and T. Dumitras ,, “Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks under Hardware Fault Attacks,” inUSENIX Security Sympo- sium, 2019

    work page 2019

  25. [25]

    Dsac: Low-cost rowhammer mitigation using in-dram stochastic and approximate counting algorithm,

    S. Hong, D. Kim, J. Lee, R. Oh, C. Yoo, S. Hwang, and J. Lee, “DSAC: Low-Cost Rowhammer Mitigation Using In-DRAM Stochastic and Approximate Counting Algorithm,” 2023. [Online]. Available: https://arxiv.org/abs/2302.03591

    work page arXiv 2023

  26. [26]

    Probabilistic tracker management policies for low-cost and scalable rowhammer mitigation,

    A. Jaleel, S. W. Keckler, and G. Saileshwar, “Probabilistic Tracker Management Policies for Low-Cost and Scalable Rowhammer Mitigation,” 2024. [Online]. Available: https://arxiv.org/abs/2404.16256

    work page arXiv 2024

  27. [27]

    PrIDE: Achieving Secure Rowhammer Mitigation with Low-Cost In-DRAM Trackers,

    A. Jaleel, G. Saileshwar, S. W. Keckler, and M. Qureshi, “PrIDE: Achieving Secure Rowhammer Mitigation with Low-Cost In-DRAM Trackers,” inISCA, 2024

    work page 2024

  28. [28]

    SGX-Bomb: Locking Down the Processor via Rowhammer Attack,

    Y . Jang, J. Lee, S. Lee, and T. Kim, “SGX-Bomb: Locking Down the Processor via Rowhammer Attack,” inProceedings of the 2nd Workshop on System Software for Trusted Execution, 2017

    work page 2017

  29. [29]

    Blacksmith: Scalable Rowhammering in the Frequency Domain,

    P. Jattke, V . van der Veen, P. Frigo, S. Gunter, and K. Razavi, “Blacksmith: Scalable Rowhammering in the Frequency Domain,” in IEEE Symposium on Security and Privacy (S&P), 2022

    work page 2022

  30. [30]

    DDR5 SDRAM Standard,

    JEDEC, “DDR5 SDRAM Standard,” 2024

    work page 2024

  31. [31]

    Securing DRAM at Scale: ARFM-Driven Row Hammer Defense with Unveiling the Threat of Short tRC Patterns,

    N. Joo, D. Kim, H. Cho, J. Noh, D. Jung, and J. Kim, “Securing DRAM at Scale: ARFM-Driven Row Hammer Defense with Unveiling the Threat of Short tRC Patterns,” 2025. [Online]. Available: https://arxiv.org/abs/2501.14328

    work page arXiv 2025

  32. [32]

    {ECC. fail}: Mounting Rowhammer Attacks on{DDR4} Servers with{ECC}Memory,

    N. Kamadan, W. Wang, S. van Schaik, C. Garman, D. Genkin, and Y . Yarom, “{ECC. fail}: Mounting Rowhammer Attacks on{DDR4} Servers with{ECC}Memory,” inUSENIX Security Symposium, 2025

    work page 2025

  33. [33]

    SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism,

    I. Kang, W. Wang, J. Kim, S. van Schaik, Y . Tobah, D. Genkin, A. Kwong, and Y . Yarom, “SledgeHammer: Amplifying Rowhammer via Bank-level Parallelism,” inUSENIX Security Symposium, 2024

    work page 2024

  34. [34]

    Minimalist Open-page: A DRAM Page-mode Scheduling Policy for the Many-core Era,

    D. Kaseridis, J. Stuecheli, and L. K. John, “Minimalist Open-page: A DRAM Page-mode Scheduling Policy for the Many-core Era,” in MICRO, 2011

    work page 2011

  35. [35]

    23.2 A 1.1V 1ynm 6.4Gb/s/pin 16Gb DDR5 SDRAM with a Phase-Rotator-Based DLL, High-Speed SerDes and RX/TX Equalization Scheme,

    D. Kim, M. Park, S. Jang, J.-Y . Song, H. Chi, G. Choi, S. Choi, J. Kim, C. Kim, K. Kim, K. Koo, S. Song, Y . Kim, D. U. Lee, J. Lee, D. Kim, K. Kwon, M. Han, B. Choi, H. Kim, S. Ku, Y . Kim, J. Kim, S. Kim, Y . Seo, S. Oh, D. Im, H. Kim, J. Choi, J. Chung, C. Lee, Y . Lee, J.-H. Cho, J. Chun, and J. Oh, “23.2 A 1.1V 1ynm 6.4Gb/s/pin 16Gb DDR5 SDRAM with ...

    work page 2019

  36. [36]

    Per-Row Activation Counting on Real Hardware: Demystify- ing Performance Overheads,

    J. Kim, S. Baek, M. Wi, H. Nam, M. J. Kim, S. Lee, K. Sohn, and J. Ahn, “Per-Row Activation Counting on Real Hardware: Demystify- ing Performance Overheads,”IEEE CAL, 2025

    work page 2025

  37. [37]

    SoK: Systematizing a Decade of Architectural RowHammer Defenses Through the Lens of Streaming Algorithms,

    M. J. Kim, S. Baek, J. Kim, H. Nam, N. S. Kim, and J. Ahn, “SoK: Systematizing a Decade of Architectural RowHammer Defenses Through the Lens of Streaming Algorithms,” inIEEE Symposium on Security and Privacy (S&P), 2026

    work page 2026

  38. [38]

    Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh,

    M. J. Kim, J. Park, Y . Park, W. Doh, N. Kim, T. J. Ham, J. W. Lee, and J. Ahn, “Mithril: Cooperative Row Hammer Protection on Commodity DRAM Leveraging Managed Refresh,” inHPCA, 2022

    work page 2022

  39. [39]

    How to Kill the Second Bird with One ECC: The Pursuit of Row Hammer Resilient DRAM,

    M. J. Kim, M. Wi, J. Park, S. Ko, J. Choi, H. Nam, N. S. Kim, J. Ahn, and E. Lee, “How to Kill the Second Bird with One ECC: The Pursuit of Row Hammer Resilient DRAM,” inMICRO, 2023

    work page 2023

  40. [40]

    W. Kim, C. Jung, S. Yoo, D. Hong, J. Hwang, J. Yoon, O. Jung, J. Choi, S. Hyun, M. Kang, S. Lee, D. Kim, S. Ku, D. Choi, N. Joo, S. Yoon, J. Noh, B. Go, C. Kim, S. Hwang, M. Hwang, S.-M. Yi, H. Kim, S. Heo, Y . Jang, K. Jang, S. Chu, Y . Oh, K. Kim, J. Kim, S. Kim, J. Hwang, S. Park, J. Lee, I. Jeong, J. Cho, and J. Kim, “A 1.1 V 16Gb DDR5 DRAM with Proba...

    work page 2023

  41. [41]

    Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors,

    Y . Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu, “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors,” inISCA, 2014

    work page 2014

  42. [42]

    A case for exploiting subarray-level parallelism (SALP) in DRAM,

    Y . Kim, V . Seshadri, D. Lee, J. Liu, and O. Mutlu, “A case for exploiting subarray-level parallelism (SALP) in DRAM,” inISCA, 2012

    work page 2012

  43. [43]

    Half-Double: Hammering From the Next Row Over,

    A. Kogler, J. Juffinger, S. Qazi, Y . Kim, M. Lipp, N. Boichat, E. Shiu, M. Nissler, and D. Gruss, “Half-Double: Hammering From the Next Row Over,” inUSENIX Security Symposium, 2022

    work page 2022

  44. [44]

    ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks,

    R. K. Konoth, M. Oliverio, A. Tatar, D. Andriesse, H. Bos, C. Giuffrida, and K. Razavi, “ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks,” in13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18), 2018

    work page 2018

  45. [45]

    RAMBleed: Reading Bits in Memory Without Accessing Them,

    A. Kwong, D. Genkin, D. Gruss, and Y . Yarom, “RAMBleed: Reading Bits in Memory Without Accessing Them,” inIEEE Symposium on Security and Privacy (S&P), 2020

    work page 2020

  46. [46]

    Tiered-latency DRAM: A low latency and low cost DRAM architec- ture,

    D. Lee, Y . Kim, V . Seshadri, J. Liu, L. Subramanian, and O. Mutlu, “Tiered-latency DRAM: A low latency and low cost DRAM architec- ture,” inHPCA, 2013

    work page 2013

  47. [47]

    TWiCe: Preventing Row-hammering by Exploiting Time Window Counters,

    E. Lee, I. Kang, S. Lee, G. E. Suh, and J. Ahn, “TWiCe: Preventing Row-hammering by Exploiting Time Window Counters,” inISCA, 2019

    work page 2019

  48. [48]

    Tuning UEFI Settings for Performance and Energy Efficiency on 4th Gen Intel Xeon Scalable Processor-Based ThinkSystem Servers,

    Lenovo, “Tuning UEFI Settings for Performance and Energy Efficiency on 4th Gen Intel Xeon Scalable Processor-Based ThinkSystem Servers,” 2023. [Online]. Avail- able: https://lenovopress.lenovo.com/lp1836-tuning-uefi-settings-4th- gen-intel-xeon-scalable-processor#introduction

    work page 2023

  49. [49]

    Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault Injection,

    S. Li, X. Wang, M. Xue, H. Zhu, Z. Zhang, Y . Gao, W. Wu, and X. S. Shen, “Yes, One-Bit-Flip Matters! Universal DNN Model Inference Depletion with Runtime Code Fault Injection,” inUSENIX Security Symposium, 2024. 14

    work page 2024

  50. [50]

    {GPUHammer}: Rowhammer Attacks on{GPU}Memories are Practical,

    C. S. Lin, J. Qu, and G. Saileshwar, “{GPUHammer}: Rowhammer Attacks on{GPU}Memories are Practical,” inUSENIX Security Symposium, 2025

    work page 2025

  51. [51]

    CnC-PRAC: Coalesce, not Cache, Per Row Activation Counts for an Efficient in-DRAM Rowhammer Mitigation,

    C. S. Lin, J. Woo, P. J. Nair, and G. Saileshwar, “CnC-PRAC: Coalesce, not Cache, Per Row Activation Counts for an Efficient in-DRAM Rowhammer Mitigation,” 2025. [Online]. Available: https://arxiv.org/abs/2506.11970

    work page arXiv 2025

  52. [52]

    Siloz: Leveraging DRAM Isolation Domains to Prevent Inter-VM Rowhammer,

    K. Loughlin, J. Rosenblum, S. Saroiu, A. Wolman, D. Skarlatos, and B. Kasikci, “Siloz: Leveraging DRAM Isolation Domains to Prevent Inter-VM Rowhammer,” inSymposium on Operating Sytems Principles (SOSP), 2023

    work page 2023

  53. [53]

    Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations,

    K. Loughlin, S. Saroiu, A. Wolman, and B. Kasikci, “Stop! Hammer Time: Rethinking Our Approach to Rowhammer Mitigations,” in Proceedings of the Workshop on Hot Topics in Operating Systems, 2021

    work page 2021

  54. [54]

    RowPress: Amplifying Read Disturbance in Modern DRAM Chips,

    H. Luo, A. Olgun, A. G. Ya ˘glıkc ¸ı, Y . C. Tu˘grul, S. Rhyner, M. B. Cavlak, J. Lindegger, M. Sadrosadati, and O. Mutlu, “RowPress: Amplifying Read Disturbance in Modern DRAM Chips,” inISCA, 2023

    work page 2023

  55. [55]

    CLR-DRAM: A Low-Cost DRAM Architecture Enabling Dynamic Capacity-Latency Trade-Off,

    H. Luo, T. Shahroodi, H. Hassan, M. Patel, A. G. Ya ˘glıkc ¸ı, L. Orosa, J. Park, and O. Mutlu, “CLR-DRAM: A Low-Cost DRAM Architecture Enabling Dynamic Capacity-Latency Trade-Off,” inISCA, 2020

    work page 2020

  56. [56]

    Ramulator 2.0: A Modern, Modular, and Extensible DRAM Simulator,

    H. Luo, Y . C. Tu ˘grul, F. N. Bostancı, A. Olgun, A. G. Ya ˘glıkc ¸ı, and O. Mutlu, “Ramulator 2.0: A Modern, Modular, and Extensible DRAM Simulator,”IEEE CAL, 2024

    work page 2024

  57. [57]

    ProTRR: Principled yet Optimal In-DRAM Target Row Refresh,

    M. Marazzi, P. Jattke, F. Solt, and K. Razavi, “ProTRR: Principled yet Optimal In-DRAM Target Row Refresh,” inIEEE Symposium on Security and Privacy (S&P), 2022

    work page 2022

  58. [58]

    Finding repeated elements,

    J. Misra and D. Gries, “Finding repeated elements,”Science of Com- puter Programming, 1982

    work page 1982

  59. [59]

    DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands,

    H. Nam, S. Baek, M. Wi, M. J. Kim, J. Park, C. Song, N. S. Kim, and J. Ahn, “DRAMScope: Uncovering DRAM Microarchitecture and Characteristics by Issuing Memory Commands,” inISCA, 2024

    work page 2024

  60. [60]

    PRACtical: Subarray-Level Counter Update and Bank-Level Recovery Isolation for Efficient PRAC Rowhammer Mitigation,

    R. Nazaraliyev, S. Ganjisaffar, N. Nazaraliyev, and N. Abu-Ghazaleh, “PRACtical: Subarray-Level Counter Update and Bank-Level Recovery Isolation for Efficient PRAC Rowhammer Mitigation,” 2025. [Online]. Available: https://arxiv.org/abs/2507.18581

    work page arXiv 2025

  61. [61]

    Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips,

    A. Olgun, M. Osseiran, A. G. Ya ˘glıkc ¸ı, Y . C. Tu˘grul, H. Luo, S. Rhyner, B. Salami, J. G. Luna, and O. Mutlu, “Read Disturbance in High Bandwidth Memory: A Detailed Experimental Study on HBM2 DRAM Chips,” in2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2024, pp. 75–89

    work page 2024

  62. [62]

    ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation,

    A. Olgun, Y . C. Tugrul, N. Bostanci, I. E. Yuksel, H. Luo, S. Rhyner, A. G. Ya ˘glıkc ¸ı, G. F. Oliveira, and O. Mutlu, “ABACuS: All-Bank Activation Counters for Scalable and Low Overhead RowHammer Mitigation,” inUSENIX Security Symposium, 2024

    work page 2024

  63. [63]

    Graphene: Strong yet Lightweight Row Hammer Protection,

    Y . Park, W. Kwon, E. Lee, T. J. Ham, J. Ahn, and J. W. Lee, “Graphene: Strong yet Lightweight Row Hammer Protection,” inMICRO, 2020

    work page 2020

  64. [64]

    AutoRFM: Scaling Low-Cost in-DRAM Trackers to Ultra-Low Rowhammer Thresholds,

    M. Qureshi, “AutoRFM: Scaling Low-Cost in-DRAM Trackers to Ultra-Low Rowhammer Thresholds,” inHPCA, 2025

    work page 2025

  65. [65]

    MOAT: Securely Mitigating Rowhammer with Per-Row Activation Counters,

    M. Qureshi and S. Qazi, “MOAT: Securely Mitigating Rowhammer with Per-Row Activation Counters,” inASPLOS, 2025

    work page 2025

  66. [66]

    MINT: Securely Mitigating Rowhammer with a Minimalist in-DRAM Tracker,

    M. Qureshi, S. Qazi, and A. Jaleel, “MINT: Securely Mitigating Rowhammer with a Minimalist in-DRAM Tracker,” inMICRO, 2024

    work page 2024

  67. [67]

    Hydra: Enabling Low-Overhead Mitigation of Row-Hammer at Ultra-Low Thresholds via Hybrid Tracking,

    M. Qureshi, A. Rohan, G. Saileshwar, and P. J. Nair, “Hydra: Enabling Low-Overhead Mitigation of Row-Hammer at Ultra-Low Thresholds via Hybrid Tracking,” inISCA, 2022

    work page 2022

  68. [68]

    SALT: Track-and-Mitigate Subarrays, Not Rows, for Blast-Radius-Free Rowhammer Defense,

    M. K. Qureshi, “SALT: Track-and-Mitigate Subarrays, Not Rows, for Blast-Radius-Free Rowhammer Defense,” inHPCA, 2026

    work page 2026

  69. [69]

    DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories,

    A. S. Rakin, M. H. I. Chowdhuryy, F. Yao, and D. Fan, “DeepSteal: Advanced Model Extractions Leveraging Efficient Weight Stealing in Memories,” inIEEE Symposium on Security and Privacy (S&P), 2022

    work page 2022

  70. [70]

    DRAM Power Model,

    Rambus, “DRAM Power Model,” Rambus, 2016. [Online]. Available: http://www.rambus.com/energy/

    work page 2016

  71. [71]

    Flip Feng Shui: Hammering a Needle in the Software Stack,

    K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida, and H. Bos, “Flip Feng Shui: Hammering a Needle in the Software Stack,” in USENIX Security Symposium, 2016

    work page 2016

  72. [72]

    Memory Access Scheduling,

    S. Rixner, W. J. Dally, U. J. Kapasi, P. Mattson, and J. D. Owens, “Memory Access Scheduling,” inISCA, 2000

    work page 2000

  73. [73]

    SOUP-N-SALAD: Allocation-Oblivious Access Latency Reduction with Asymmetric DRAM Microarchitectures,

    Y . Ro, H. Cho, E. Lee, D. Jung, Y . H. Son, J. Ahn, and J. W. Lee, “SOUP-N-SALAD: Allocation-Oblivious Access Latency Reduction with Asymmetric DRAM Microarchitectures,” inHPCA, 2017

    work page 2017

  74. [74]

    Randomized Row-Swap: Mitigating Row Hammer by Breaking Spatial Correlation between Aggressor and Victim Rows,

    G. Saileshwar, B. Wang, M. Qureshi, and P. J. Nair, “Randomized Row-Swap: Mitigating Row Hammer by Breaking Spatial Correlation between Aggressor and Victim Rows,” inASPLOS, 2022

    work page 2022

  75. [75]

    Rubix: Reducing the Over- head of Secure Rowhammer Mitigations via Randomized Line-to-Row Mapping,

    A. Saxena, S. Mathur, and M. Qureshi, “Rubix: Reducing the Over- head of Secure Rowhammer Mitigations via Randomized Line-to-Row Mapping,” inASPLOS, 2024

    work page 2024

  76. [76]

    START: Scalable Tracking for any Rowhammer Threshold,

    A. Saxena and M. Qureshi, “START: Scalable Tracking for any Rowhammer Threshold,” inHPCA, 2024

    work page 2024

  77. [77]

    Exploiting the DRAM rowhammer bug to gain kernel privileges,

    M. Seaborn and T. Dullien, “Exploiting the DRAM rowhammer bug to gain kernel privileges,”Black Hat, 2015

    work page 2015

  78. [78]

    Mitigating Wordline Crosstalk Using Adaptive Trees of Counters,

    S. M. Seyedzadeh, A. K. Jones, and R. Melhem, “Mitigating Wordline Crosstalk Using Adaptive Trees of Counters,” inISCA, 2018

    work page 2018

  79. [79]

    Making DRAM Stronger Against Row Hammering,

    M. Son, H. Park, J. Ahn, and S. Yoo, “Making DRAM Stronger Against Row Hammering,” inDesign Automation Conference (DAC), 2017

    work page 2017

  80. [80]

    Reducing Memory Access Latency with Asymmetric DRAM Bank Organizations,

    Y . H. Son, O. Seongil, Y . Ro, J. W. Lee, and J. Ahn, “Reducing Memory Access Latency with Asymmetric DRAM Bank Organizations,” in ISCA, 2013

    work page 2013

Showing first 80 references.