01.04.2026
Rowhammer bit flips a decade later
Abstract
The first Rowhammer exploit was published a little more than a decade ago on a DDR3-based system. Since then, we have had two generations of DRAM technology with proprietary mitigations. In this talk, I present our journey in understanding the security guarantees of these mitigations in DDR4 and DDR5 devices through significant platform building efforts, painstaking reverse engineering, and creative system-level techniques. The results are not encouraging; DRAM is as insecure as a decade ago while the cost of independent security analysis is growing beyond what academia can do. I finish with a brief discussion of possible paths forward.
Bio
Kaveh is an associate professor at ETH Zurich where he leads the COMSEC group. Next to defensive work, he has been involved in the discovery of many high-profile security vulnerabilities in commodity DRAM and CPU chips. He is a proud owner of five Pwnies and many best/distinguished paper awards, including at Oakland, USENIX Security and MICRO.
Photo © Giulia Marthaler / ETH Zurich
The first Rowhammer exploit was published a little more than a decade ago on a DDR3-based system. Since then, we have had two generations of DRAM technology with proprietary mitigations. In this talk, I present our journey in understanding the security guarantees of these mitigations in DDR4 and DDR5 devices through significant platform building efforts, painstaking reverse engineering, and creative system-level techniques. The results are not encouraging; DRAM is as insecure as a decade ago while the cost of independent security analysis is growing beyond what academia can do. I finish with a brief discussion of possible paths forward.
Bio
Kaveh is an associate professor at ETH Zurich where he leads the COMSEC group. Next to defensive work, he has been involved in the discovery of many high-profile security vulnerabilities in commodity DRAM and CPU chips. He is a proud owner of five Pwnies and many best/distinguished paper awards, including at Oakland, USENIX Security and MICRO.
Photo © Giulia Marthaler / ETH Zurich