{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:11:15Z","timestamp":1776399075073,"version":"3.51.2"},"publisher-location":"Cham","reference-count":61,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030299583","type":"print"},{"value":"9783030299590","type":"electronic"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-29959-0_14","type":"book-chapter","created":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T23:04:10Z","timestamp":1568502250000},"page":"279-299","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":101,"title":["NetSpectre: Read Arbitrary Memory over Network"],"prefix":"10.1007","author":[{"given":"Michael","family":"Schwarz","sequence":"first","affiliation":[]},{"given":"Martin","family":"Schwarzl","sequence":"additional","affiliation":[]},{"given":"Moritz","family":"Lipp","sequence":"additional","affiliation":[]},{"given":"Jon","family":"Masters","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Gruss","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,9,15]]},"reference":[{"key":"14_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/11967668_18","volume-title":"Topics in Cryptology \u2013 CT-RSA 2007","author":"O Ac\u0131i\u00e7mez","year":"2006","unstructured":"Ac\u0131i\u00e7mez, O., Schindler, W., Ko\u00e7, \u00c7.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271\u2013286. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11967668_18"},{"key":"14_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1007\/978-3-642-38553-7_7","volume-title":"Progress in Cryptology \u2013 AFRICACRYPT 2013","author":"H Aly","year":"2013","unstructured":"Aly, H., ElGayyar, M.: Attacking AES using Bernstein\u2019s attack on modern processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127\u2013139. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38553-7_7"},{"key":"14_CR3","unstructured":"AMD Inc: Realview\u00ae Compilation Tools (2002)"},{"key":"14_CR4","unstructured":"AMD Inc: AMD64 Architecture Programmer\u2019s Manual (2017)"},{"key":"14_CR5","unstructured":"ARM Limited: CPU CORTEX-R8 (2009). https:\/\/www.arm.com\/products\/silicon-ip-cpu\/cortex-r\/cortex-r8"},{"key":"14_CR6","unstructured":"ARM Limited: ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition. ARM Limited (2012)"},{"key":"14_CR7","unstructured":"ARM Limited: ARM Architecture Reference Manual ARMv8. ARM Limited (2013)"},{"key":"14_CR8","unstructured":"ARM Limited: Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism (2018)"},{"key":"14_CR9","unstructured":"Bernstein, D.J.: Cache-Timing Attacks on AES (2005). http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf"},{"key":"14_CR10","doi-asserted-by":"crossref","unstructured":"Bhattacharyya, A., et al.: SMoTherSpectre: exploiting speculative execution through port contention. arXiv:1903.01843 (2019)","DOI":"10.1145\/3319535.3363194"},{"key":"14_CR11","unstructured":"Bulygin, Y.: CPU side-channels vs. virtualization malware: The good, the bad, or the ugly. ToorCon (2008)"},{"key":"14_CR12","unstructured":"Canella, C., et al.: A systematic evaluation of transient execution attacks and defenses. In: USENIX Security Symposium (2019)"},{"key":"14_CR13","unstructured":"Charneski, A.: Modeling network latency (2015). https:\/\/blog.simiacryptus.com\/2015\/10\/modeling-network-latency.html"},{"key":"14_CR14","unstructured":"Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution. arXiv:1802.09085 (2018)"},{"key":"14_CR15","unstructured":"Corbet, J.: On vsyscalls and the vDSO (2011). https:\/\/lwn.net\/Articles\/446528\/"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: MICRO (2016)","DOI":"10.1109\/MICRO.2016.7783743"},{"key":"14_CR17","unstructured":"Fog, A.: Test results for broadwell and skylake (2015). http:\/\/www.agner.org\/optimize\/blog\/read.php?i=415#415"},{"key":"14_CR18","unstructured":"Fog, A.: The microarchitecture of Intel, AMD and VIA CPUs: An optimization guide for assembly programmers and compiler makers (2016)"},{"key":"14_CR19","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s13389-016-0141-6","volume":"8","author":"Q Ge","year":"2016","unstructured":"Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8, 1\u201327 (2016)","journal-title":"J. Cryptogr. Eng."},{"key":"14_CR20","unstructured":"Google: Egress throughput caps (2018). https:\/\/cloud.google.com\/compute\/docs\/networks-and-firewalls#egress_throughput_caps"},{"issue":"2","key":"14_CR21","first-page":"1","volume":"1","author":"R Goonatilake","year":"2012","unstructured":"Goonatilake, R., Bachnak, R.A.: Modeling latency in a network distribution. Netw. Commun. Technol. 1(2), 1 (2012)","journal-title":"Netw. Commun. Technol."},{"key":"14_CR22","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23271"},{"key":"14_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-319-62105-0_11","volume-title":"Engineering Secure Software and Systems","author":"D Gruss","year":"2017","unstructured":"Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., Mangard, S.: KASLR is dead: long live KASLR. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds.) ESSoS 2017. LNCS, vol. 10379, pp. 161\u2013176. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-62105-0_11"},{"key":"14_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1007\/978-3-319-40667-1_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Gruss","year":"2016","unstructured":"Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279\u2013299. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40667-1_14"},{"key":"14_CR25","unstructured":"Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: USENIX Security Symposium (2015)"},{"key":"14_CR26","doi-asserted-by":"crossref","unstructured":"Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymity does network latency leak? TISSEC (2010)","DOI":"10.1145\/1698750.1698753"},{"key":"14_CR27","unstructured":"Horn, J.: Speculative execution, variant 4: speculative store bypass (2018)"},{"key":"14_CR28","unstructured":"Intel: Intel$$\\textregistered $$ 64 and IA-32 Architectures Software Developer\u2019s Manual Volume 2 (2A, 2B & 2C): Instruction Set Reference, A-Z 253665 (2014)"},{"key":"14_CR29","unstructured":"Intel: Intel$$\\textregistered $$ 64 and IA-32 Architectures Software Developer\u2019s Manual, Volume 1: Basic Architecture 253665 (2016)"},{"key":"14_CR30","unstructured":"Intel: Intel$$\\textregistered $$ 64 and IA-32 Architectures Software Developer\u2019s Manual, Volume 3 (3A, 3B & 3C): System Programming Guide (325384) (2016)"},{"key":"14_CR31","unstructured":"Intel Newsroom: Advancing security at the silicon level, March 2018. https:\/\/newsroom.intel.com\/editorials\/advancing-security-silicon-level\/"},{"key":"14_CR32","unstructured":"Intel Newsroom: Microcode revision guidance, April 2018. https:\/\/newsroom.intel.com\/wp-content\/uploads\/sites\/11\/2018\/04\/microcode-update-guidance.pdf"},{"key":"14_CR33","doi-asserted-by":"crossref","unstructured":"Jayasinghe, D., Fernando, J., Herath, R., Ragel, R.: Remote cache timing attack on advanced encryption standard and countermeasures. In: ICIAFs (2010)","DOI":"10.1109\/ICIAFS.2010.5715656"},{"key":"14_CR34","unstructured":"Kiriansky, V., Waldspurger, C.: Speculative Buffer Overflows: Attacks and Defenses. arXiv:1807.03757 (2018)"},{"key":"14_CR35","doi-asserted-by":"crossref","unstructured":"Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: S&P (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"14_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"14_CR37","unstructured":"Koruyeh, E.M., Khasawneh, K., Song, C., Abu-Ghazaleh, N.: Spectre returns! speculation attacks using the return stack buffer. In: WOOT (2018)"},{"key":"14_CR38","unstructured":"Lipp, M., et al.: Meltdown: reading Kernel memory from user space. In: USENIX Security Symposium (2018)"},{"key":"14_CR39","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: S&P (2015)","DOI":"10.1109\/SP.2015.43"},{"key":"14_CR40","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-319-66399-9_12","volume-title":"Computer Security \u2013 ESORICS 2017","author":"W Liu","year":"2017","unstructured":"Liu, W., Gao, D., Reiter, M.K.: On-demand time blurring to support side-channel defense. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 210\u2013228. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_12"},{"key":"14_CR41","doi-asserted-by":"crossref","unstructured":"Maisuradze, G., Rossow, C.: ret2spec: speculative execution using return stack buffers. In: CCS (2018)","DOI":"10.1145\/3243734.3243761"},{"key":"14_CR42","unstructured":"Marco-Gisbert, H., Ripoll-Ripoll, I.: Exploiting Linux and PaX ASLR\u2019s weaknesses on 32-and 64-bit systems. BlackHat Asia (2016)"},{"key":"14_CR43","unstructured":"Masters, J.: Thoughts on NetSpectre (2018). https:\/\/www.redhat.com\/en\/blog\/thoughts-netspectre"},{"key":"14_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"46","DOI":"10.1007\/978-3-319-20550-2_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C Maurice","year":"2015","unstructured":"Maurice, C., Neumann, C., Heen, O., Francillon, A.: C5: cross-cores cache covert channel. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 46\u201364. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-20550-2_3"},{"key":"14_CR45","doi-asserted-by":"crossref","unstructured":"Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23294"},{"key":"14_CR46","unstructured":"McCalpin, J.D.: Test results for Intel\u2019s Sandy Bridge processor (2015). http:\/\/agner.org\/optimize\/blog\/read.php?i=378#378"},{"key":"14_CR47","unstructured":"Minkin, M., et al.: Fallout: Reading Kernel Writes From User Space. arXiv:1905.12701 (2019)"},{"issue":"2","key":"14_CR48","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1109\/40.755466","volume":"19","author":"S Oberman","year":"1999","unstructured":"Oberman, S., Favor, G., Weber, F.: AMD 3DNow! technology: architecture and implementations. IEEE Micro 19(2), 37\u201348 (1999)","journal-title":"IEEE Micro"},{"key":"14_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11605805_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"DA Osvik","year":"2006","unstructured":"Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1\u201320. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11605805_1"},{"key":"14_CR50","unstructured":"PaX Team: Address space layout randomization (ASLR) (2003)"},{"issue":"4","key":"14_CR51","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/40.526924","volume":"16","author":"A Peleg","year":"1996","unstructured":"Peleg, A., Weiser, U.: MMX technology extension to the Intel architecture. IEEE Micro 16(4), 42\u201350 (1996)","journal-title":"IEEE Micro"},{"key":"14_CR52","unstructured":"Percival, C.: Cache missing for fun and profit. In: BSDCan (2005)"},{"key":"14_CR53","unstructured":"Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)"},{"key":"14_CR54","doi-asserted-by":"crossref","unstructured":"Pukelsheim, F.: The three sigma rule. The American Statistician (1994)","DOI":"10.2307\/2684253"},{"key":"14_CR55","doi-asserted-by":"crossref","unstructured":"van Schaik, S., et al.: RIDL: rogue in-flight data load. In: S&P (2019)","DOI":"10.1109\/SP.2019.00087"},{"key":"14_CR56","unstructured":"Schwarz, M., Canella, C., Giner, L., Gruss, D.: Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs. arXiv:1905.05725 (2019)"},{"key":"14_CR57","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-60876-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Schwarz","year":"2017","unstructured":"Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3\u201324. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-60876-1_1"},{"key":"14_CR58","doi-asserted-by":"crossref","unstructured":"Schwarz, M., et al.: ZombieLoad: cross-privilege-boundary data sampling. arXiv:1905.05726 (2019)","DOI":"10.1145\/3319535.3354252"},{"key":"14_CR59","unstructured":"Trippel, C., Lustig, D., Martonosi, M.: MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. arXiv:1802.03802 (2018)"},{"key":"14_CR60","unstructured":"Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security Symposium (2014)"},{"key":"14_CR61","unstructured":"Zhao, X.j., Wang, T., Zheng, Y.: Cache Timing Attacks on Camellia Block Cipher (2009)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2019"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-29959-0_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,15]],"date-time":"2024-09-15T00:04:55Z","timestamp":1726358695000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-29959-0_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030299583","9783030299590"],"references-count":61,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-29959-0_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"15 September 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Luxembourg","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 September 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/conf.laas.fr\/esorics\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"344","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"19% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3,2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}