The paper proposes Rowhammer Vulnerability Counter (RVC), a novel framework that improves RowHammer mitigation by tracking a row's actual vulnerability to bit flips rather than relying on simple activ…

HammerSim is a new gem5-based framework that provides full-system visibility to model the RowHammer vulnerability, allowing researchers to study complex OS effects and hardware/software mitigations.

HammerSim is a novel gem5-based framework that provides full-system visibility to model the RowHammer vulnerability, allowing researchers to evaluate complex hardware and software mitigations.

The paper introduces PVAC, a novel victim-based row counting mechanism that accurately tracks RowHammer attacks by incrementing counters on the victim row, thereby improving hammering tolerance and pe…

The paper proposes using hardware fingerprints instead of vulnerable cryptographic keys to enhance the security and robustness of GPU location verification for governing advanced AI development.

The paper proposes HammerWatch, a novel remote attestation protocol that enables external verifiers to detect hardware-induced disturbances, specifically Rowhammer-like attacks, by analyzing memory-le…

The paper analyzes the bit-flip vulnerability of shared KV-cache blocks in LLM serving systems, demonstrating that these blocks are susceptible to silent, persistent, and selective data corruption.

Hawkeye is a system that allows perfect, precision-preserving reproduction of GPU-level matrix multiplication operations on a CPU, enabling efficient and trustworthy third-party auditing of machine le…

The paper proposes PrISM, an intersection-based probabilistic mitigation technique that significantly improves the scalability of RowHammer defense at low thresholds by correlating sampled row history…

The paper characterizes 'dead-entry' TLB misses in GPUs, which occur when recently evicted translations are immediately re-walked, and proposes DEPOT, a Bloom filter mechanism that significantly reduc…

The paper introduces PoSME, a cryptographic primitive that enforces strict sequential memory execution by chaining data-dependent writes, providing verifiable delay and authorship attestation.

LIPPEN introduces a novel hardware-software co-design that provides strong, zero-overhead pointer encryption for enhanced memory safety, achieving comprehensive pointer integrity and confidentiality.

GPIR is a GPU-accelerated Private Information Retrieval (PIR) system that significantly boosts throughput by introducing a stage-aware hybrid execution model and optimizing data layouts for modern GPU…

The paper introduces CanaryRAG, a novel dual-path runtime defense mechanism that detects RAG Knowledge Base Leakage attacks by embedding canary tokens into retrieved knowledge chunks.

PS-UIE proposes a privilege-separated architecture to continuously enforce the integrity of file-backed user-space executable objects within Confidential Virtual Machines (CVMs) like AMD SEV-SNP.

The paper introduces uGen, the first LLM-driven framework that uses a retrieval-augmented, multi-agent design to automatically generate functionally correct microarchitectural attack Proof-of-Concepts…

The paper proposes a two-stage post-training pipeline to create a small, local LLM agent (PrivEsc-LLM) capable of performing Linux privilege escalation, achieving high success rates while drastically…

Janus is a compiler-based security framework for ARM64 that mitigates transient execution attacks like Spectre by integrating PA and BTI microarchitectural features, achieving strong security with low…

KINGSGUARD is a novel hardware-enforced TEE design that systematically monitors and controls sensitive data flow within an enclave to prevent leakage, thereby enhancing practical data protection.

This paper demonstrates a software-only attack chain on EPYC Milan that extracts the hardware root seed, thereby undermining the security guarantees of AMD's SEV-SNP by allowing the forging of valid a…