{"links":{},"id":2009021,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:02009021","sets":["6164:6165:6462:1754030301959"]},"path":["1754030301959"],"owner":"11","recid":"2009021","title":["RowHammerを用いたRISC-V Keystone TEEに対する特権昇格手法の検討"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2025-10-20"},"_buckets":{"deposit":"2ee8f075-9029-4331-8c78-f46f88db0fdd"},"_deposit":{"id":"2009021","pid":{"type":"depid","value":"2009021","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"RowHammerを用いたRISC-V Keystone TEEに対する特権昇格手法の検討","author_link":[],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"RowHammerを用いたRISC-V Keystone TEEに対する特権昇格手法の検討","subitem_title_language":"ja"},{"subitem_title":"Privilege Escalation Attack to RISC-V Keystone TEE via RowHammer","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2025-10-20","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"立教新座高等学校"},{"subitem_text_value":"立命館大学"},{"subitem_text_value":"東京大学／理化学研究所"},{"subitem_text_value":"立命館大学"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Rikkyo Niiza High School"},{"subitem_text_value":"Ritsumeikan University"},{"subitem_text_value":"The University of Tokyo / RIKEN"},{"subitem_text_value":"Ritsumeikan University"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/2009021/files/IPSJ-CSS2025250.pdf","label":"IPSJ-CSS2025250.pdf"},"date":[{"dateType":"Available","dateValue":"2027-10-20"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2025250.pdf","filesize":[{"value":"1.0 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"54007722-2b4f-4574-ae58-88afad813b72","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2025 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"西坂,龍太郎"}]},{"creatorNames":[{"creatorName":"川崎秀昌"}]},{"creatorNames":[{"creatorName":"高前田,伸也"}]},{"creatorNames":[{"creatorName":"穐山,空道"}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ryutaro Nishizaka"}]},{"creatorNames":[{"creatorName":"Hidemasa Kawasaki"}]},{"creatorNames":[{"creatorName":"Shinya Takamaeda"}]},{"creatorNames":[{"creatorName":"Soramichi Akiyama"}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Trusted Execution Environment (TEE) は隔離された環境で安全にコードを実行する技術であり，セキュリティが重要となるシステムでの活用が広がっている．これまで，Spectre や Voltage Fault Injection などの攻撃が TEE にもたらす脅威が研究されてきた．一方で，メモリ完全保証のない TEE に対する RowHammer の攻撃可能性は知られていなかった．本研究では，RISC-V の TEE である Keystone において，RowHammer によって TEE の管理領域を改ざんする手法を初めて示した．また，シミュレータ上で，RowHammer によって Keystone の保護を無効化できることを確認した．\r\n","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Trusted Execution Environments (TEEs) provide isolated domains for secure code execution and are increasingly adopted in security-critical systems. Although threats such as Spectre and voltage fault-injection attacks on TEEs have been well studied, the feasibility of RowHammer attacks against TEEs without memory-integrity guarantees has remained unclear.\r\nIn this paper, we present the first RowHammer-based attack that corrupts the management region of Keystone, a RISC-V TEE. Using a simulator, we demonstrate that RowHammer can disable Keystone’s protection mechanisms.\r\n","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1882","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2025論文集"}],"bibliographicPageStart":"1875","bibliographicIssueDates":{"bibliographicIssueDate":"2025-10-20","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"created":"2026-03-25T05:10:05.809837+00:00","updated":"2026-03-26T04:37:34.452778+00:00"}