{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T01:40:08Z","timestamp":1773193208770,"version":"3.50.1"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976193","type":"print"},{"value":"9783031976209","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97620-9_9","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:38:56Z","timestamp":1752140336000},"page":"149-168","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Reverse-Engineering the\u00a0Address Translation Caches"],"prefix":"10.1007","author":[{"given":"Philipp","family":"Ertmer","sequence":"first","affiliation":[]},{"given":"Robert","family":"Dumitru","sequence":"additional","affiliation":[]},{"given":"Yuval","family":"Yarom","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"9_CR1","doi-asserted-by":"crossref","unstructured":"Abel, A., Reineke, J.: Measurement-based modeling of the cache replacement policy. In: RTAS, pp. 65\u201374 (2013)","DOI":"10.1109\/RTAS.2013.6531080"},{"key":"9_CR2","unstructured":"Alcorn, P.: AMD and Intel CPU Market Share Report: Recovery on the Horizon (2023). https:\/\/www.tomshardware.com\/news\/amd-and-intel-cpu-market-share-report-recovery-looms-on-the-horizon"},{"key":"9_CR3","doi-asserted-by":"crossref","unstructured":"Aldaya, A.C., Brumley, B.B., ul Hassan, S., Garc\u00eda, C.P., Tuveri, N.: Port contention for fun and profit. In: IEEE SP, pp. 870\u2013887 (2019)","DOI":"10.1109\/SP.2019.00066"},{"key":"9_CR4","unstructured":"AMD: AMD64 Architecture Programmer\u2019s Manual Volume 2: System Programming (2024)"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Barr, T.W., Cox, A.L., Rixner, S.: Translation caching: skip, don\u2019t walk (the page table). In: ISCA, pp. 48\u201359 (2010)","DOI":"10.1145\/1815961.1815970"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Bhargava, R., Serebrin, B., Spadini, F., Manne, S.: accelerating two-dimensional page walks for virtualized systems. In: ASPLOS, pp. 26\u201335 (2008)","DOI":"10.1145\/1346281.1346286"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup Est Machina: memory deduplication as an advanced exploitation vector. In: IEEE SP, pp. 987\u20131004 (2016)","DOI":"10.1109\/SP.2016.63"},{"key":"9_CR8","unstructured":"Braun, B.A., Jana, S., Boneh, D.: Robust and efficient elimination of cache and timing side channels, arXiv:1506.00189 (2015)"},{"key":"9_CR9","unstructured":"Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 4th edn. MIT Press (2022)"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: MICRO, pp. 1\u201313 (2016)","DOI":"10.1109\/MICRO.2016.7783743"},{"issue":"1","key":"9_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s13389-016-0141-6","volume":"8","author":"Q Ge","year":"2018","unstructured":"Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8(1), 1\u201327 (2018)","journal-title":"J. Cryptogr. Eng."},{"key":"9_CR12","unstructured":"Gras, B., Razavi, K., Bos, H., Giuffrida, C.: Translation leakaside buffer: defeating cache side-channel protections with TLB attacks. In: USENIX Security, pp. 955\u2013972 (2018)"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU. In: NDSS (2017)","DOI":"10.14722\/ndss.2017.23271"},{"key":"9_CR14","unstructured":"Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., Costa, M.: Strong and efficient cache side-channel protection using hardware transactional memory. In: USENIX Security, pp. 217\u2013233 (2017)"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: CCS, pp. 368\u2013379 (2016)","DOI":"10.1145\/2976749.2978356"},{"key":"9_CR16","doi-asserted-by":"crossref","unstructured":"Guanciale, R., Nemati, H., Baumann, C., Dam, M.: Cache storage channels: alias-driven attacks and verified countermeasures. In: IEEE SP, pp. 38\u201355 (2016)","DOI":"10.1109\/SP.2016.11"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: IEEE SP, pp. 191\u2013205 (2013)","DOI":"10.1109\/SP.2013.23"},{"key":"9_CR18","unstructured":"Intel Inc.: Intel 64 and IA-32 Architectures Software Developer Manuals"},{"key":"9_CR19","doi-asserted-by":"crossref","unstructured":"Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: IEEE SP, pp. 1\u201319 (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"9_CR20","unstructured":"Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: USENIX Security, pp. 973\u2013990 (2018)"},{"key":"9_CR21","doi-asserted-by":"crossref","unstructured":"Liu, F., et al.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: HPCA, pp. 406\u2013418 (2016)","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"9_CR22","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE SP, pp. 605\u2013622 (2015)","DOI":"10.1109\/SP.2015.43"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"McCurdy, C., Cox, A.L., Vetter, J.S.: Investigating the TLB behavior of high-end scientific applications on commodity microprocessors. In: ISPASS, pp. 95\u2013104 (2008)","DOI":"10.1109\/ISPASS.2008.4510742"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: CT-RSA, pp. 1\u201320 (2006)","DOI":"10.1007\/11605805_1"},{"key":"9_CR25","unstructured":"Paccagnella, R., Luo, L., Fletcher, C.W.: Lord of the ring(s): side channel attacks on the CPU on-chip ring interconnect are practical. In: USENIX Security, pp. 645\u2013662 (2021)"},{"key":"9_CR26","unstructured":"PassMark Software: PassMark CPU Benchmarks - AMD vs Intel Market Share (2024). https:\/\/www.cpubenchmark.net\/market_share.html"},{"key":"9_CR27","unstructured":"Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security, pp. 565\u2013581 (2016)"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Qureshi, M.K.: New attacks and defense for encrypted-address cache. In: ISCA, pp. 360\u2013371 (2019)","DOI":"10.1145\/3307650.3322246"},{"key":"9_CR29","unstructured":"Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip Feng Shui: hammering a needle in the software stack. In: USENIX Security, pp. 1\u201318 (2016)"},{"key":"9_CR30","unstructured":"Shilov, A.: Arm-Based CPUs Could Double Notebook PC Market Share by 2027 (2023). https:\/\/www.tomshardware.com\/news\/arm-based-cpus-set-to-double-notebook-pc-market-share-by-2027"},{"key":"9_CR31","unstructured":"Sprabery, R., Evchenko, K., Raj, A., Bobba, R.B., Mohan, S., Campbell, R.H.: A novel scheduling framework leveraging hardware cache partitioning for cache-side-channel elimination in clouds, arXiv:1708.09538 (2017)"},{"key":"9_CR32","unstructured":"Tatar, A., Trujillo, D., Giuffrida, C., Bos, H.: TLB;DR: enhancing TLB-based attacks with TLB desynchronized reverse engineering. In: USENIX Security, pp. 989\u20131007 (2022)"},{"key":"9_CR33","doi-asserted-by":"crossref","unstructured":"van der Veen, V., et al.: Drammer: deterministic Rowhammer attacks on mobile platforms. In: CCS, pp. 1675\u20131689 (2016)","DOI":"10.1145\/2976749.2978406"},{"key":"9_CR34","unstructured":"van Schaik, S., Giuffrida, C., Bos, H., Razavi, K.: Malicious management unit: why stopping cache attacks in software is harder than you think. In: USENIX Security, pp. 937\u2013954 (2018)"},{"key":"9_CR35","doi-asserted-by":"crossref","unstructured":"van Schaik, S., Razavi, K., Gras, B., Bos, H., Giuffrida, C.: RevAnC: a framework for reverse engineering hardware page table caches. In: EuroSec, pp. 1\u20136 (2017)","DOI":"10.1145\/3065913.3065918"},{"key":"9_CR36","doi-asserted-by":"crossref","unstructured":"Vila, P., Ganty, P., Guarnieri, M., K\u00f6pf, B.: CacheQuery: learning replacement policies from hardware caches. In: PLDI, pp. 519\u2013532 (2020)","DOI":"10.1145\/3385412.3386008"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Wang, Y., Paccagnella, R., He, E.T., Shacham, H., Fletcher, C.W., Kohlbrenner, D.: Hertzbleed: turning power side-channel attacks into remote timing attacks on x86. In: USENIX Security, pp. 679\u2013697 (2022)","DOI":"10.1109\/MM.2023.3274619"},{"key":"9_CR38","unstructured":"Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channelattack. In: USENIX Security, pp. 719\u2013732 (2014)"},{"key":"9_CR39","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Cheng, Y., Liu, D., Nepal, S., Wang, Z., Yarom, Y.: PThammer: cross-user-kernel-boundary Rowhammer through implicit accesses. In: MICRO, pp. 28\u201341 (2020)","DOI":"10.1109\/MICRO50266.2020.00016"},{"key":"9_CR40","unstructured":"Zhang, Z., Tao, M., O\u2019Connell, S., Chuengsatiansup, C., Genkin, D., Yarom, Y.: BunnyHop: exploiting the instruction prefetcher. In: USENIX Security, pp. 7321\u20137337 (2023)"},{"key":"9_CR41","unstructured":"Zhao, Z.N., Morrison, A., Fletcher, C.W., Torrellas, J.: Binoculars: contention-based side-channel attacks exploiting the page walker. In: USENIX Security, pp. 699\u2013716 (2022)"},{"key":"9_CR42","doi-asserted-by":"crossref","unstructured":"Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: CCS, pp. 871\u2013882 (2016)","DOI":"10.1145\/2976749.2978324"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97620-9_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T04:10:39Z","timestamp":1757218239000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97620-9_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976193","9783031976209"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97620-9_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}