Defeating software mitigations against rowhammer: A surgical precision hammer

Andrei Tatar*, Cristiano Giuffrida, Herbert Bos, Kaveh Razavi

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

405 Downloads (Pure)


With software becoming harder to compromise due to modern defenses, attackers are increasingly looking at exploiting hardware vulnerabilities such as Rowhammer. In response, the research community has developed several software defenses to protect existing hardware against this threat. In this paper, we show that the assumptions existing software defenses make about memory addressing are inaccurate. Specifically, we show that physical address space is often not contiguously mapped to DRAM address space, allowing attackers to trigger Rowhammer corruptions despite active software defenses. We develop RAMSES, a software library modeling end-to-end memory addressing, relying on public documentation, where available, and reverse-engineered models otherwise. RAMSES improves existing software-only Rowhammer defenses and also improves attacks by orders of magnitude, as we show in our evaluation. We use RAMSES to build Hammertime, an open-source suite of tools for studying Rowhammer properties affecting attacks and defenses, which we release as open-source software.

Original languageEnglish
Title of host publicationResearch in Attacks, Intrusions, and Defenses
Subtitle of host publication21st International Symposium, RAID 2018, Proceedings
EditorsMichael Bailey, Sotiris Ioannidis, Manolis Stamatogiannakis, Thorsten Holz
Number of pages20
ISBN (Electronic)9783030004705
ISBN (Print)9783030004699
Publication statusPublished - 2018
Event21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018 - Heraklion, Greece
Duration: 10 Sept 201812 Sept 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018


  • DRAM geometry
  • Hammertime
  • Rowhammer


Dive into the research topics of 'Defeating software mitigations against rowhammer: A surgical precision hammer'. Together they form a unique fingerprint.

Cite this