{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:33:30Z","timestamp":1760747610981,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_17","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:06:50Z","timestamp":1760728010000},"page":"323-341","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["T-Time: A Fine-Grained Timing-Based Controlled-Channel Attack Against Intel TDX"],"prefix":"10.1007","author":[{"given":"Woomin","family":"Lee","sequence":"first","affiliation":[]},{"given":"Taehun","family":"Kim","sequence":"additional","affiliation":[]},{"given":"Seunghee","family":"Shin","sequence":"additional","affiliation":[]},{"given":"Junbeom","family":"Hur","sequence":"additional","affiliation":[]},{"given":"Youngjoo","family":"Shin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"key":"17_CR1","unstructured":"Aktas, E., Cohen, C., Eads, J., Forshaw, J., Wilhelm, F.: Intel trust domain extensions (TDX) security review. Google security review (2023)"},{"key":"17_CR2","doi-asserted-by":"crossref","unstructured":"Bankoski, J., Wilkins, P., Xu, Y.: Technical overview of VP8, an open source video codec for the web. In: 2011 IEEE International Conference on Multimedia and Expo, pp.\u00a01\u20136. IEEE (2011)","DOI":"10.1109\/ICME.2011.6012227"},{"key":"17_CR3","unstructured":"Constable, S., et al.: AEX-notify: thwarting precise single-stepping attacks through interrupt awareness for intel SGX enclaves. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 4051\u20134068 (2023)"},{"key":"17_CR4","unstructured":"Costan, V., Devadas, S.: Intel SGX explained. Cryptology ePrint Archive (2016)"},{"key":"17_CR5","doi-asserted-by":"crossref","unstructured":"Gast, S., et al.: SQUIP: exploiting the scheduler queue contention side channel. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 2256\u20132272 (2023)","DOI":"10.1109\/SP46215.2023.10179368"},{"key":"17_CR6","doi-asserted-by":"crossref","unstructured":"Gast, S., Weissteiner, H., Schr\u00f6der, R.L., Gruss, D.: CounterSEVeillance: Performance-counter attacks on AMD SEV-SNP. In: Network and Distributed System Security Symposium 2025: NDSS 2025 (2025)","DOI":"10.14722\/ndss.2025.241038"},{"key":"17_CR7","unstructured":"Google: An image format for the web (2025). https:\/\/developers.google.com\/speed\/webp"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Huo, T., et al.: Bluethunder: A 2-level directional predictor based side-channel attack against SGX. IACR Trans. Cryptogr. Hardw. Embed. Syst. 321\u2013347 (2020)","DOI":"10.46586\/tches.v2020.i1.321-347"},{"key":"17_CR9","unstructured":"Intel: Intel\u00ae 64 and IA-32 architectures software developer manuals (2023). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-sdm.html"},{"key":"17_CR10","unstructured":"Intel: Intel\u00aearchitecture memory encryption technologies (2024). Revision 336907-005US"},{"key":"17_CR11","unstructured":"Intel: Intel trust domain extensions (intel TDX) modulebase architecture specification (2025). https:\/\/www.intel.com\/content\/www\/us\/en\/products\/docs\/accelerator-engines\/trust-domain-extensions.html. Revision 348549-005US"},{"key":"17_CR12","unstructured":"Intel: Intel\u00ae trust domain extensions(intel\u00aetdx) (2025). https:\/\/www.intel.com\/content\/www\/us\/en\/products\/docs\/accelerator-engines\/trust-domain-extensions.html"},{"key":"17_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"17_CR14","doi-asserted-by":"crossref","unstructured":"Langley, A., Hamburg, M., Turner, S.: RFC 7748: elliptic curves for security (2016)","DOI":"10.17487\/RFC7748"},{"key":"17_CR15","doi-asserted-by":"crossref","unstructured":"Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., Zhang, Y.: A systematic look at ciphertext side channels ON AMD SEV-SNP. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 337\u2013351 (2022)","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"17_CR16","doi-asserted-by":"crossref","unstructured":"Li, M., Zhang, Y., Lin, Z.: Crossline: breaking \u201csecurity-by-crash\u201d based memory isolation in AMD SEV. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 2937\u20132950 (2021)","DOI":"10.1145\/3460120.3485253"},{"key":"17_CR17","unstructured":"Li, M., Zhang, Y., Lin, Z., Solihin, Y.: Exploiting unprotected I\/O operations in AMD\u2019s secure encrypted virtualization. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1257\u20131272 (2019)"},{"key":"17_CR18","unstructured":"Linaro: Mbedtls (2025). https:\/\/www.trustedfirmware.org\/projects\/mbed-tls\/"},{"key":"17_CR19","doi-asserted-by":"crossref","unstructured":"Lipp, M., et al.: Platypus: software-based power side-channel attacks on x86. In: IEEE SP, pp. 355\u2013371 (2021)","DOI":"10.1109\/SP40001.2021.00063"},{"key":"17_CR20","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, pp. 605\u2013622 (2015)","DOI":"10.1109\/SP.2015.43"},{"key":"17_CR21","unstructured":"Moghimi, D., Van\u00a0Bulck, J., Heninger, N., Piessens, F., Sunar, B.: CopyCat: controlled instruction-level attacks on enclaves. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 469\u2013486 (2020)"},{"key":"17_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1007\/11734727_14","volume-title":"Information Security and Cryptology - ICISC 2005","author":"D Molnar","year":"2006","unstructured":"Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 156\u2013168. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11734727_14"},{"key":"17_CR23","doi-asserted-by":"crossref","unstructured":"Morbitzer, M., Huber, M., Horsch, J., Wessel, S.: Severed: subverting AMD\u2019s virtual machine encryption. In: Proceedings of the 11th European Workshop on Systems Security, pp.\u00a01\u20136 (2018)","DOI":"10.1145\/3193111.3193112"},{"key":"17_CR24","unstructured":"PradyumnaShome: Closing the intel TDX page fault side channel, or, the case for tdexit-notify (2024). https:\/\/collective.flashbots.net\/t\/closing-the-intel-tdx-page-fault-side-channel-or-the-case-for-tdexit-notify\/3775"},{"key":"17_CR25","unstructured":"Puddu, I., Schneider, M., Haller, M., \u010capkun, S.: Frontal attack: leaking control-flow in SGX via the CPU frontend. In: 30th USENIX Security Symposium (USENIX Security 2021), pp. 663\u2013680 (2021)"},{"key":"17_CR26","unstructured":"Schl\u00fcter, B., Sridhara, S., Kuhne, M., Bertschi, A., Shinde, S.: Heckler: breaking confidential VMs with malicious interrupts. In: 33rd USENIX Security Symposium (USENIX Security 24), pp. 3459\u20133476 (2024)"},{"key":"17_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-60876-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Schwarz","year":"2017","unstructured":"Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3\u201324. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-60876-1_1"},{"key":"17_CR28","unstructured":"Sev-Snp, A.: Strengthening vm isolation with integrity protection and more. White Pap. January 53(2020), 1450\u20131465 (2020)"},{"issue":"1","key":"17_CR29","doi-asserted-by":"publisher","first-page":"457","DOI":"10.46586\/tches.v2024.i1.457-500","volume":"2024","author":"F Sieck","year":"2024","unstructured":"Sieck, F., Zhang, Z., Berndt, S., Chuengsatiansup, C., Eisenbarth, T., Yarom, Y.: TeeJam: sub-cache-line leakages strike back. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024(1), 457\u2013500 (2024)","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"17_CR30","doi-asserted-by":"crossref","unstructured":"Van\u00a0Bulck, J., Piessens, F., Strackx, R.: SGX-step: a practical attack framework for precise enclave execution control. In: SysTEX, pp.\u00a01\u20136 (2017)","DOI":"10.1145\/3152701.3152706"},{"key":"17_CR31","doi-asserted-by":"crossref","unstructured":"Van\u00a0Bulck, J., Piessens, F., Strackx, R.: Nemesis: studying microarchitectural timing leaks in rudimentary CPU interrupt logic. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 178\u2013195 (2018)","DOI":"10.1145\/3243734.3243822"},{"key":"17_CR32","unstructured":"Van\u00a0Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R.: Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1041\u20131056 (2017)"},{"key":"17_CR33","unstructured":"Vanoverloop, D., Sanchez, A., Toffalini, F., Piessens, F., Payer, M., Van\u00a0Bulck, J.: TLBlur: compiler-assisted automated hardening against controlled channels on off-the-shelf intel SGX platforms. In: USENIX Security (2025)"},{"key":"17_CR34","doi-asserted-by":"crossref","unstructured":"Wang, W., et al.: Leaky cauldron on the dark land: understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2421\u20132434 (2017)","DOI":"10.1145\/3133956.3134038"},{"key":"17_CR35","doi-asserted-by":"crossref","unstructured":"Wilke, L., Sieck, F., Eisenbarth, T.: TDXdown: single-stepping and instruction counting attacks against intel TDX. In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, pp. 79\u201393 (2024)","DOI":"10.1145\/3658644.3690230"},{"key":"17_CR36","doi-asserted-by":"crossref","unstructured":"Wilke, L., Wichelmann, J., Rabich, A., Eisenbarth, T.: SEV-step a single-stepping framework for AMD-SEV. IACR Trans. Cryptogr. Hardw. Embed. Syst. 180\u2013206 (2024)","DOI":"10.46586\/tches.v2024.i1.180-206"},{"key":"17_CR37","doi-asserted-by":"crossref","unstructured":"Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy, pp. 640\u2013656 (2015)","DOI":"10.1109\/SP.2015.45"},{"key":"17_CR38","unstructured":"Zhang, R., et al.: CacheWarp: software-based fault injection using selective state reset. In: 33rd USENIX Security Symposium (USENIX Security 2024), pp. 1135\u20131151 (2024)"},{"key":"17_CR39","unstructured":"Zhang, Z., Tao, M., O\u2019Connell, S., Chuengsatiansup, C., Genkin, D., Yarom, Y.: BunnyHop: exploiting the instruction prefetcher. In: USENIX Security, pp. 7321\u20137337 (2023)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:01Z","timestamp":1760728021000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}