TRRespass wins the Pwnie Award for Most Innovative Research

TRRespass won the┬áPwnie Award┬áfor “Most Innovative Research” at the annual BlackHat Europe conference this week. ┬áPwnies are the most prestigious┬áindustrial awards in the security community. ┬á Congratulations to the authors:┬áPietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi on this prestigious prize!

We recently interviewed Hasan Hassan about his contribution to TRRespass. ┬áHere’s what he had to say:

You were a co-author on TRRespass, which recently won a Best Paper Award at IEEE S&P. What is the significance of this paper?

Shortly after the discovery of the RowHammer vulnerability of DRAM, DRAM vendors announced RowHammer-free DRAM devices that implement in-DRAM solutions to protect against RowHammer. However, in TRRespass, we find that such solutions, commonly referred to as Target Row Refresh (TRR), do not effectively protect against RowHammer attacks when many rows are hammered at the same time. We show that the RowHammer vulnerability is not only still intact on the current DDR4 devices, but it has also become worse due to technology node scaling.

How was your experience in collaborating with the Systems and Network Security Group at VU Amsterdam on this work?

I am glad that our combined effort with the Systems and Network Security Group at VU Amsterdam won us the Best Paper Award at IEEE S&P. It has been a great experience for me to collaborate with experts in hardware security. I hope there will be more such collaborations that result in impactful research.

Which tools did you use in this work?

I think SoftMC, our FPGA-based DRAM testing infrastructure, was one of the key enablers of this research. We used SoftMC to interface with DDR4 DRAM chips in a much more flexible way than anyone can do using commodity desktop and mobile systems. Specifically, we used SoftMC to communicate with DRAM chips using low-level DDR4 commands as opposed to using load/store instructions provided by typical instruction set architectures. In a way, SoftMC lets us be the memory controller and provides the flexibility of issuing any DDR4 command at any time, which is not possible with commodity systems.

An earlier version of SoftMC that supports DDR3 devices is open-source and can be accessed here. In 2017, we published a paper that describes the design of SoftMC in detail.

I am also involved in maintaining Ramulator, a cycle-accurate DRAM simulator that we describe in this paper, and Scarab, which is a cycle-accurate simulator for state-of-the-art multicore CPUs.


Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi, “TRRespass: Exploiting the Many Sides of Target Row Refresh”Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, May 2020.
Slides (pptx) (pdf)
Lecture Slides (pptx) (pdf)
Talk Video (17 minutes)
Lecture Video (59 minutes)
Source Code
Web Article
Project Overview
Best paper award.
Pwnie Award 2020 for Most Innovative Research. Pwnie Awards 2020

Posted in Awards, Code, Interview, Papers.