Title: Efficiently Securing Systems Against DRAM Data Disturbance Errors

Date: Wednesday, May 13th, 2026

Time: 10:00 AM to 12:00 PM (Eastern Time)

Location (in-person): Room 3100, Klaus Advanced Computing Building

Location (virtual): https://gatech.zoom.us/j/98714606662?pwd=TkBMmRheN09NbBYGQUZXoEzA6Qb6OR.1

Anish Saxena

School of Computer Science

College of Computing

Georgia Institute of Technology

Committee

Dr. Moinuddin Qureshi (Advisor) - School of Computer Science, Georgia Institute of Technology

Dr. Alexandros Daglis - School of Computer Science, Georgia Institute of Technology

Dr. Hyesoon Kim - School of Computer Science, Georgia Institute of Technology

Dr. Prashant Nair - Department of Electrical and Computer Engineering, University of British Columbia

Dr. Aamer Jaleel - Architecture Research Group, Nvidia Research

Abstract

DRAM scaling has delivered relentless capacity growth, but smaller bit cells suffer from inter-cell interference: activity in one cell disturbs data in nearby cells, causing data disturbance errors. The most well-known error modality is Rowhammer, where frequent activations to an aggressor row flip bits in nearby rows. RowPress is a recently characterized error modality, where bit flips occur when a row stays open for an extended period. Despite mitigations by DRAM vendors, virtually all modern DRAM chips remain vulnerable. Moreover, recent chips incur bit flips at lower row activation thresholds than prior generations. Data disturbance errors are not just a reliability concern, but a serious security threat. This thesis develops cross-stack defenses that maintain system security in the presence of these errors at low overhead.

This thesis makes four contributions. First, to protect existing systems, this thesis proposes Citadel, an OS memory allocator that places distrusting security domains in physically disjoint regions of memory, disallowing inter-domain bit flips at a modest memory overhead of 7.2%, 4x to 6x lower than prior work. Second, to prevent all bit flips in future systems, this thesis proposes AQUA, a secure mitigation scheme where the memory controller migrates aggressor rows to an isolated quarantine region. AQUA provides principled protection against advanced attack patterns, with an order of magnitude lower overheads than prior works, even at low activation thresholds of future DRAM chips. Third, to extend protection to RowPress, this thesis proposes ImPress, that augments row activation trackers with a unified charge loss model that converts row-open time into equivalent Rowhammer activations, mitigating RowPress transparently at negligible performance and SRAM overheads. Fourth, to make secure mitigations practical at the ultra-low thresholds which might occur by the end of this decade, this thesis proposes Rubix, a memory mapping that breaks the co-residence of spatially proximate cachelines in the same DRAM row, reducing aggressor-row episodes by 10x to 1000x, making mitigations viable in the long term.

Finally, this thesis proposes to address an emerging frontier: data disturbance errors in GPU memory. Recent studies have shown that GDDR and HBM exhibit Rowhammer thresholds in the same range as CPU DRAM, and researchers have exploited bit flips on commodity GPUs to mount privilege escalation attacks. This threat is compounded by the newest error modality, ColumnDisturb, in which activations to a row incur bit flips hundreds of rows away, and even across DRAM subarrays, rendering prior defenses that assume localized damage insecure. To secure GPU systems, this thesis investigates how CPU-side defenses extend to GPU memory and to new error modalities, and what new architectural support is required by GPU mitigation frameworks for robust protection.