{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T10:10:12Z","timestamp":1752142212363,"version":"3.41.2"},"publisher-location":"Cham","reference-count":68,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031976223","type":"print"},{"value":"9783031976230","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_11","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:39:18Z","timestamp":1752140358000},"page":"175-194","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Taming the\u00a0Linux Memory Allocator for\u00a0Rapid Prototyping"],"prefix":"10.1007","author":[{"given":"Ruiyi","family":"Zhang","sequence":"first","affiliation":[]},{"given":"Tristan","family":"Hornetz","sequence":"additional","affiliation":[]},{"given":"Lukas","family":"Gerlach","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"11_CR1","unstructured":"AMD64 Architecture Programmer\u2019s Manual (2024)"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"Aweke, Z.B., Yitbarek, S.F., Qiao, R., Das, R., Hicks, M., Oren, Y., Austin, T.: ANVIL: software-based protection against next-generation Rowhammer attacks. ACM SIGPLAN Notices (2016)","DOI":"10.1145\/2872362.2872390"},{"key":"11_CR3","unstructured":"Bennett, T., Saroiu, S., Wolman, A., Cojocar, L.: Panopticon: a complete in-dram rowhammer mitigation. In: Workshop on DRAM Security (DRAMSec) (2021)"},{"key":"11_CR4","unstructured":"Brasser, F., Davi, L., Gens, D., Liebchen, C., Sadeghi, A.R.: CAn\u2019t touch this: software-only mitigation against Rowhammer attacks targeting kernel memory. In: USENIX Security Symposium (2017)"},{"key":"11_CR5","unstructured":"Bray, B.K., Lunch, W.L., Flynn, M.J.: Page allocation to reduce access time of physical caches (1990). http:\/\/i.stanford.edu\/pub\/cstr\/reports\/csl\/tr\/90\/454\/CSL-TR-90-454.pdf"},{"key":"11_CR6","unstructured":"Brumley, D., Boneh, D.: Remote timing attacks are practical. In: USENIX Security Symposium (2003)"},{"key":"11_CR7","doi-asserted-by":"crossref","unstructured":"Bugnion, E., Anderson, J.M., Mowry, T.C., Rosenblum, M., Lam, M.S.: Compiler-directed page coloring for multiprocessors. ACM SIGPLAN Notices (1996)","DOI":"10.1145\/237090.237195"},{"key":"11_CR8","unstructured":"Corbet, J.: Some kernel memory-allocation improvements (2015). https:\/\/lwn.net\/Articles\/658081\/"},{"key":"11_CR9","unstructured":"Corbet, J.: Remote per-CPU page list draining (2022). https:\/\/lwn.net\/Articles\/884448\/"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Dio, A.D., Koning, K., Bos, H., Giuffrida, C.: Copy-on-flip: hardening ECC memory against rowhammer attacks. In: NDSS (2023)","DOI":"10.14722\/ndss.2023.24337"},{"key":"11_CR11","unstructured":"Easdon, C., Schwarz, M., Schwarzl, M., Gruss, D.: Rapid prototyping for microarchitectural attacks. In: USENIX Security (2022)"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S &P (2020)","DOI":"10.1109\/SP40000.2020.00090"},{"key":"11_CR13","unstructured":"Frysinger, M.: vdso(7) \u2014 linux manual page (2024)"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. (2016)","DOI":"10.1007\/s13389-016-0141-6"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Gerlach, L., Schwarz, S., Faro\u00df, N., Schwarz, M.: Efficient and generic microarchitectural hash-function recovery. In: S &P (2024)","DOI":"10.1109\/SP54263.2024.00028"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Gerlach, L., Thomas, F., Pietsch, R., Schwarz, M.: A large-scale rowhammer reproduction study using the blacksmith fuzzer. In: ESORICS (2023)","DOI":"10.1007\/978-3-031-51479-1_4"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: DIMVA (2016)","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"11_CR18","unstructured":"Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: USENIX Security Symposium (2015)"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Hofmann, J., Fournet, C., K\u00f6pf, B., Volos, S.: Gaussian elimination of side-channels: linear algebra for memory coloring. In: ACM CCS (2024)","DOI":"10.1145\/3658644.3690263"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: S &P (2013)","DOI":"10.1109\/SP.2013.23"},{"key":"11_CR21","unstructured":"IAIK: DRAMA Reverse-Engineering Tool and Side-Channel Tools (2016). https:\/\/github.com\/IAIK\/drama"},{"key":"11_CR22","unstructured":"Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud. Cryptology ePrint Archive, Report 2015\/898 (2015)"},{"key":"11_CR23","unstructured":"Intel Corporation: Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations (2020). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/secure-coding\/mitigate-timing-side-channel-crypto-implementation.html"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Irazoqui, G., Eisenbarth, T., Sunar, B.: Systematic reverse engineering of cache slice selection in intel processors. In: Euromicro Conference on Digital System Design (2015)","DOI":"10.1109\/DSD.2015.56"},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"Jin, J., McMurtry, E., Rubinstein, B.I.P., Ohrimenko, O.: Are we there yet? Timing and floating-point attacks on differential privacy systems. In: S &P (2022)","DOI":"10.1109\/SP46214.2022.9833672"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"Juffinger, J., Lamster, L., Kogler, A., Eichlseder, M., Lipp, M., Gruss, D.: CSI: rowhammer-cryptographic security and integrity against rowhammer. In: IEEE S &P (2022)","DOI":"10.1109\/SP46215.2023.10179390"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Juffinger, J., Lamster, L., Kogler, A., Eichlseder, M., Lipp, M., Gruss, D.: CSI: rowhammer-cryptographic security and integrity against rowhammer. In: IEEE S &P (2023)","DOI":"10.1109\/SP46215.2023.10179390"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Kessler, R.E., Hill, M.D.: Page placement algorithms for large real-indexed caches. TOCS (1992)","DOI":"10.1145\/138873.138876"},{"key":"11_CR29","unstructured":"Kim, T., Peinado, M., Mainar-Ruiz, G.: StealthMem: system-level protection against cache-based side channel attacks in the cloud. In: USENIX Security Symposium (2012)"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ISCA (2014)","DOI":"10.1109\/ISCA.2014.6853210"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffe-Hellman, RSA, DSS, and other systems. In: CRYPTO (1996)","DOI":"10.1007\/3-540-68697-5_9"},{"key":"11_CR32","unstructured":"Konoth, R.K., et al.: ZebRAM: comprehensive and compatible software protection against rowhammer attacks. In: OSDI (2018)"},{"key":"11_CR33","unstructured":"Lang, Z., Jattke, P., Marazzi, M., Razavi, K.: Blaster: characterizing the blast radius of rowhammer. In: Workshop on DRAM Security (DRAMSec) (2023)"},{"key":"11_CR34","unstructured":"Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: USENIX Security Symposium (2016)"},{"key":"11_CR35","doi-asserted-by":"crossref","unstructured":"Liu, F., et al.: Catalyst: defeating last-level cache side channel attacks in cloud computing. In: HPCA (2016)","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"11_CR36","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: S &P (2015)","DOI":"10.1109\/SP.2015.43"},{"key":"11_CR37","doi-asserted-by":"crossref","unstructured":"Loughlin, K., Rosenblum, J., Saroiu, S., Wolman, A., Skarlatos, D., Kasikci, B.: Siloz: leveraging dram isolation domains to prevent inter-vm rowhammer. In: SOSP (2023)","DOI":"10.1145\/3600006.3613143"},{"key":"11_CR38","doi-asserted-by":"crossref","unstructured":"Marazzi, M., Solt, F., Jattke, P., Takashi, K., Razavi, K.: Rega: scalable rowhammer mitigation with refresh-generating activations. In: S &P (2023)","DOI":"10.1109\/SP46215.2023.10179327"},{"key":"11_CR39","doi-asserted-by":"crossref","unstructured":"Maurice, C., Le\u00a0Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering intel complex addressing using performance counters. In: RAID (2015)","DOI":"10.1007\/978-3-319-26362-5_3"},{"key":"11_CR40","unstructured":"McCalpin, J.D.: Mapping addresses to l3\/cha slices in intel processors. Technical report (2021)"},{"key":"11_CR41","unstructured":"OpenSSL: OpenSSL: The Open Source toolkit for SSL\/TLS (2019). http:\/\/www.openssl.org"},{"key":"11_CR42","unstructured":"Pavlov, I.: 7-zip (2023). https:\/\/7-zip.org\/. v23.01"},{"key":"11_CR43","unstructured":"Wieczorkiewicz, P., Branco, R., Lee, B.: On the Effectiveness of Intel\u2019s CAT as a Side-Channel Mitigation Technology (2024). https:\/\/langsechq.gitlab.io\/spw24\/papers\/LangSec2024-Branco-CAT-paper.pdf"},{"key":"11_CR44","unstructured":"Percival, C.: Cache missing for fun and profit. In: BSDCan (2005)"},{"key":"11_CR45","unstructured":"Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: USENIX Security Symposium (2016)"},{"key":"11_CR46","unstructured":"Pornin, T.: BearSSL: A smaller SSL\/TLS library (2022). https:\/\/www.bearssl.org"},{"key":"11_CR47","doi-asserted-by":"crossref","unstructured":"Purnal, A., Turan, F., Verbauwhede, I.: Prime+Scope: overcoming the observer effect for high-precision cache contention attacks. In: CCS (2021)","DOI":"10.1145\/3460120.3484816"},{"key":"11_CR48","doi-asserted-by":"crossref","unstructured":"Qiao, R., Seaborn, M.: A new approach for rowhammer attacks. In: International Symposium on Hardware Oriented Security and Trust (2016)","DOI":"10.1109\/HST.2016.7495576"},{"key":"11_CR49","doi-asserted-by":"crossref","unstructured":"Qureshi, M.K.: CEASER: mitigating conflict-based cache attacks via encrypted-address and remapping. In: IEEE MICRO (2018)","DOI":"10.1109\/MICRO.2018.00068"},{"key":"11_CR50","unstructured":"Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., Bos, H.: Flip feng shui: hammering a needle in the software stack. In: USENIX Security Symposium (2016)"},{"key":"11_CR51","unstructured":"Saileshwar, G., Qureshi, M.: MIRAGE: mitigating conflict-based cache attacks with a practical fully-associative design. In: USENIX Security Symposium (2021)"},{"key":"11_CR52","doi-asserted-by":"crossref","unstructured":"Schwarz, M., et al.: KeyDrown: eliminating software-based keystroke timing side-channel attacks. In: NDSS (2018)","DOI":"10.14722\/ndss.2018.23027"},{"key":"11_CR53","doi-asserted-by":"crossref","unstructured":"Seaborn, M.: L3 cache mapping on Sandy Bridge CPUs (2015). http:\/\/lackingrhoticity.blogspot.com\/2015\/04\/l3-cache-mapping-on-sandy-bridge-cpus.html. Accessed 26 June 2015","DOI":"10.1055\/s-0041-107331"},{"key":"11_CR54","doi-asserted-by":"crossref","unstructured":"Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: DSN-W (2011)","DOI":"10.1109\/DSNW.2011.5958812"},{"key":"11_CR55","doi-asserted-by":"crossref","unstructured":"Shusterman, A., et al.: Robust website fingerprinting through the cache occupancy channel. In: USENIX Security Symposium (2019)","DOI":"10.1109\/TDSC.2020.2988369"},{"key":"11_CR56","unstructured":"Sun, K., Branco, R., Hu, K.: A New Memory Type Against Speculative Side Channel Attacks (2019)"},{"key":"11_CR57","doi-asserted-by":"crossref","unstructured":"Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: EuroSys (2011)","DOI":"10.1145\/1972551.1972552"},{"key":"11_CR58","doi-asserted-by":"crossref","unstructured":"Taylor, G., Davies, P., Farmwald, M.: The TLB slice\u2014a low-cost high-speed address translation mechanism. In: ISCA (1990)","DOI":"10.1145\/325164.325161"},{"key":"11_CR59","unstructured":"The Mbed TLS Contributors: Security (2024). https:\/\/mbed-tls.readthedocs.io\/en\/latest\/project\/long-term-plans\/#security"},{"key":"11_CR60","doi-asserted-by":"crossref","unstructured":"Vila, P., K\u00f6pf, B., Morales, J.: Theory and practice of finding eviction sets. In: S &P (2019)","DOI":"10.1109\/SP.2019.00042"},{"key":"11_CR61","doi-asserted-by":"crossref","unstructured":"Volos, S., Fournet, C., Hofmann, J., K\u00f6pf, B., Oleksenko, O.: Principled microarchitectural isolation on cloud CPUs. In: ACM CCS (2024)","DOI":"10.1145\/3658644.3690183"},{"key":"11_CR62","doi-asserted-by":"crossref","unstructured":"Weber, D., Thomas, F., Gerlach, L., Zhang, R., Schwarz, M.: Indirect meltdown: building novel side-channel attacks from transient execution attacks. In: ESORICS (2023)","DOI":"10.1007\/978-3-031-51479-1_2"},{"key":"11_CR63","unstructured":"Werner, M., Unterluggauer, T., Giner, L., Schwarz, M., Gruss, D., Mangard, S.: ScatterCache: thwarting cache attacks via cache set randomization. In: USENIX Security Symposium (2019)"},{"key":"11_CR64","unstructured":"wolfSSL: wolfSSL: Embedded TLS Library (2023). https:\/\/www.wolfssl.com\/"},{"key":"11_CR65","doi-asserted-by":"crossref","unstructured":"Yan, M., Sprabery, R., Gopireddy, B., Fletcher, C., Campbell, R., Torrellas, J.: Attack directories, not caches: side channel attacks in a non-inclusive world. In: S &P (2019)","DOI":"10.1109\/SP.2019.00004"},{"key":"11_CR66","unstructured":"Yarom, Y., Ge, Q., Liu, F., Lee, R.B., Heiser, G.: Mapping the Intel Last-Level Cache. Cryptology ePrint Archive, Report 2015\/905 (2015)"},{"key":"11_CR67","doi-asserted-by":"crossref","unstructured":"Ye, Y., West, R., Cheng, Z., Li, Y.: Coloris: a dynamic cache partitioning system using page coloring. In: PACT (2014)","DOI":"10.1145\/2628071.2628104"},{"key":"11_CR68","unstructured":"Zhang, R., Kim, T., Weber, D., Schwarz, M.: (M)WAIT for it: bridging the gap between microarchitectural and architectural side channels. In: USENIX Security (2023)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:39:34Z","timestamp":1752140374000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":68,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}