Exploiting correcting codes: On the effectiveness of ECC memory against rowhammer attacks

Lucian Cojocar, Kaveh Razavi, Cristiano Giuffrida, Herbert Bos

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review


Given the increasing impact of Rowhammer, and the dearth of adequate other hardware defenses, many in the security community have pinned their hopes on error-correcting code (ECC) memory as one of the few practical defenses against Rowhammer attacks. Specifically, the expectation is that the ECC algorithm will correct or detect any bits they manage to flip in memory in real-world settings. However, the extent to which ECC really protects against Rowhammer is an open research question, due to two key challenges. First, the details of the ECC implementations in commodity systems are not known. Second, existing Rowhammer exploitation techniques cannot yield reliable attacks in presence of ECC memory. In this paper, we address both challenges and provide concrete evidence of the susceptibility of ECC memory to Rowhammer attacks. To address the first challenge, we describe a novel approach that combines a custom-made hardware probe, Rowhammer bit flips, and a cold boot attack to reverse engineer ECC functions on commodity AMD and Intel processors. To address the second challenge, we present ECCploit, a new Rowhammer attack based on composable, data-controlled bit flips and a novel side channel in the ECC memory controller. We show that, while ECC memory does reduce the attack surface for Rowhammer, ECCploit still allows an attacker to mount reliable Rowhammer attacks against vulnerable ECC memory on a variety of systems and configurations. In addition, we show that, despite the non-trivial constraints imposed by ECC, ECCploit can still be powerful in practice and mimic the behavior of prior Rowhammer exploits.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE Symposium on Security and Privacy (SP)
Subtitle of host publication19-23 May 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages17
ISBN (Electronic)9781538666609
Publication statusPublished - 16 Sept 2019
Event40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States
Duration: 19 May 201923 May 2019

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011


Conference40th IEEE Symposium on Security and Privacy, SP 2019
Country/TerritoryUnited States
CitySan Francisco


We would like to thank the anonymous reviewers for their valuable feedback. This work was supported by the European Union’s Horizon 2020 research and innovation programme under grant agreements No. 786669 (ReAct) and No. 825377 (UNICORE) as well as by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI “Dowsing”, NWO 639.021.753 VENI “PantaRhei”, NWO 016.Veni.192.262, and NWO 628.001.005 CYBSEC “OpenSesame”. This paper reflects only the authors’ view. The funding agencies are not responsible for any use that may be made of the information it contains.

FundersFunder number
European Union's Horizon 2020
European Union’s Horizon 2020
NWO 016016
NWO 628.001.005 CYBSEC OpenSesame
NWO 639.021.753 VENI
NWO 639.021.753 VENI PantaRhei
NWO 639.023.309 VICI639.023.309 VICI
NWO 639.023.309 VICI Dowsing
Horizon 2020 Framework Programme825377, 786669
Nederlandse Organisatie voor Wetenschappelijk OnderzoekNWO


    • Ecc
    • Hardware
    • Rowhammer
    • Security


    Dive into the research topics of 'Exploiting correcting codes: On the effectiveness of ECC memory against rowhammer attacks'. Together they form a unique fingerprint.

    Cite this