{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:33:31Z","timestamp":1760747611074,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":42,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_4","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:13Z","timestamp":1760728033000},"page":"64-83","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["NICraft: Malicious NIC Firmware-Based Cache Side-Channel Attack"],"prefix":"10.1007","author":[{"given":"Amit","family":"Choudhari","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shorya","family":"Kumar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"key":"4_CR1","unstructured":"Abel, A.: Cache replacement policy empirical study"},{"key":"4_CR2","doi-asserted-by":"crossref","unstructured":"Abel, A., Reineke, J.: nanoBench: a low-overhead tool for running microbenchmarks on x86 systems. In: ISPASS (2020)","DOI":"10.1109\/ISPASS48437.2020.00014"},{"key":"4_CR3","unstructured":"AMD Inc.: AMD IOMMU Architectural Specification, Rev 2.00 (2011)"},{"key":"4_CR4","unstructured":"Blanco, A., Eissler, M.: One Firmware to Monitor \u2019Em All. In: Hack.Lu 2012. Core Security Technologies (2012)"},{"key":"4_CR5","unstructured":"Briongos, S., Malag\u00f3n, P., Moya, J.M., Eisenbarth, T.: RELOAD+REFRESH: abusing cache replacement policies to perform stealthy cache attacks. In: USENIX Security (2020)"},{"key":"4_CR6","unstructured":"Chen, C.Y., et al.: Schedule-based side-channel attack in fixed-priority real-time systems (2015)"},{"key":"4_CR7","unstructured":"Chen, K.: Reversing and exploiting an Apple firmware update. Black Hat 69 (2009)"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Choudhari, A., Guilley, S., Karray, K.: SpecDefender: transient execution attack defender using performance counters. In: ASHES (2022)","DOI":"10.1145\/3560834.3563830"},{"key":"4_CR9","doi-asserted-by":"crossref","unstructured":"Duflot, L., Perez, Y., Morin, B.: What If You Can\u2019t Trust Your Network Card? In: RAID (2011)","DOI":"10.1007\/978-3-642-23644-0_20"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Duflot, L., Perez, Y.A., Valadon, G., Levillain, O.: Can you still trust your network card. CanSecWest\/core10 (2010)","DOI":"10.1007\/978-3-642-23644-0_20"},{"key":"4_CR11","unstructured":"Eran, H., Zeno, L., Tork, M., Malka, G., Silberstein, M.: NICA: an infrastructure for inline acceleration of network applications. In: USENIX ATC (2019)"},{"key":"4_CR12","unstructured":"Intel Corporation: Intel Resource Director Technology (Intel RDT) for 2nd Generation Intel Xeon Scalable Processors: Reference Manual"},{"key":"4_CR13","unstructured":"Intel Corporation: Intel Virtualization Technology for Directed I\/O, Architecture Specification - Rev. 2.3 (2014)"},{"key":"4_CR14","unstructured":"Jiang, Q., Wang, C.: Sync+Sync: a covert channel built on fsync with storage. In: USENIX Security (2024)"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Killourhy, K.S., Maxion, R.A.: Free vs. transcribed text for keystroke-dynamics evaluations. In: Proceedings of the LASER Workshop on Learning from Authoritative Security Experiment Results (2012)","DOI":"10.1145\/2379616.2379617"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: (S &P\u201919) (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Kosasih, W., Feng, Y., Chuengsatiansup, C., Yarom, Y., Zhu, Z.: SoK: can we really detect cache side-channel attacks by monitoring performance counters? In: ACM Asia CCS (2024)","DOI":"10.1145\/3634737.3637649"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Kurth, M., Gras, B., Andriesse, D., Giuffrida, C., Bos, H., Razavi, K.: NetCAT: practical cache attacks from the network. In: IEEE (SP) (2020)","DOI":"10.1109\/SP40000.2020.00082"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Le, Y., et al.: UNO: uniflying host and smart NIC offload for flexible packet processing. In: Symposium on Cloud Computing (2017)","DOI":"10.1145\/3127479.3132252"},{"key":"4_CR20","doi-asserted-by":"crossref","unstructured":"Li, Y., McCune, J.M., Perrig, A.: VIPER: verifying the integrity of PERipherals\u2019 firmware. In: CCS (2011)","DOI":"10.1145\/2046707.2046711"},{"key":"4_CR21","doi-asserted-by":"crossref","unstructured":"Lipp, M., Gruss, D., Schwarz, M., Bidner, D., Maurice, C., Mangard, S.: Practical keystroke timing attacks in sandboxed javascript. In: ESORICS (2017)","DOI":"10.1007\/978-3-319-66399-9_11"},{"key":"4_CR22","doi-asserted-by":"crossref","unstructured":"Lipp, M., et al.: Nethammer: inducing rowhammer faults through network requests. In: IEEE Euro S &P Workshops (2020)","DOI":"10.1109\/EuroSPW51379.2020.00102"},{"key":"4_CR23","doi-asserted-by":"crossref","unstructured":"Liu, F., et al.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: IEEE HPCA (2016)","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"4_CR24","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy (2015)","DOI":"10.1109\/SP.2015.43"},{"key":"4_CR25","unstructured":"Liu, M., Peter, S., Krishnamurthy, A., Phothilimthana, P.M.: E3:energy-efficient microservices on SmartNIC-accelerated servers. In: USENIX ATC (2019)"},{"key":"4_CR26","doi-asserted-by":"crossref","unstructured":"Markettos, A.T., et al.: Thunderclap: exploring vulnerabilities in operating system IOMMU protection via DMA from untrustworthy peripherals. In: NDSS (2019)","DOI":"10.14722\/ndss.2019.23194"},{"key":"4_CR27","unstructured":"Markuze, A., et al.: Characterizing, exploiting, and detecting DMA code injection vulnerabilities in the presence of an IOMMU. In: EuroSys (2021)"},{"key":"4_CR28","doi-asserted-by":"crossref","unstructured":"Maurice, C., Le\u00a0Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering intel last-level cache complex addressing using performance counters. In: RAID (2015)","DOI":"10.1007\/978-3-319-26362-5_3"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox: practical cache attacks in javascript and their implications. In: ACM CCS (2015)","DOI":"10.1145\/2810103.2813708"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Topics in Cryptology - CT-RSA (2006)","DOI":"10.1007\/11605805_1"},{"key":"4_CR31","doi-asserted-by":"crossref","unstructured":"Schl\u00fcter, T., et al.: Fetchbench: systematic identification and characterization of proprietary prefetchers. In: ACM CCS (2023)","DOI":"10.1145\/3576915.3623124"},{"key":"4_CR32","doi-asserted-by":"crossref","unstructured":"Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., Gruss, D.: NetSpectre: read arbitrary memory over network. In: ESORICS (2019)","DOI":"10.1007\/978-3-030-29959-0_14"},{"key":"4_CR33","unstructured":"Stack Overflow: Enhanced rep movsb for memcpy (2017). https:\/\/stackoverflow.com\/questions\/43343231\/enhanced-rep-movsb-for-memcpy"},{"key":"4_CR34","doi-asserted-by":"crossref","unstructured":"Stewin, P., Bystrov, I.: Understanding DMA malware. In: DIMVA (2013)","DOI":"10.1007\/978-3-642-37300-8_2"},{"key":"4_CR35","doi-asserted-by":"crossref","unstructured":"Taram, M., Venkat, A., Tullsen, D.M.: Packet chasing: spying on network packets over a cache side-channel. In: ACM\/IEEE ISCA (2020)","DOI":"10.1109\/ISCA45697.2020.00065"},{"key":"4_CR36","unstructured":"Techarp: Cpu fast string bios option (2018). https:\/\/www.techarp.com\/bios-guide\/cpu-fast-string\/"},{"key":"4_CR37","unstructured":"Triulzi, A.: Project Maux Mk.II: I Own the NIC, Now I Want a Shell. In: The 8th Annual PacSec Conference (2008)"},{"key":"4_CR38","unstructured":"Triulzi, A.: The jedi packet takes over the Deathstar: taking NIC backdoor to the next level. In: CanSecWest Conference (2010)"},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Vila, P., Ganty, P., Guarnieri, M., K\u00f6pf, B.: CacheQuery: learning replacement policies from hardware caches. In: ACM SIGPLAN (2020)","DOI":"10.1145\/3385412.3386008"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Vila, P., K\u00f6pf, B., Morales, J.F.: Theory and practice of finding eviction sets. In: IEEE (SP) (2019)","DOI":"10.1109\/SP.2019.00042"},{"key":"4_CR41","unstructured":"Wang, X., Shen, W., Bu, Y., Zhou, J., Zhou, Y.: DMAAUTH: a lightweight pointer integrity-based secure architecture to defeat DMA attacks. In: USENIX Security (2024)"},{"key":"4_CR42","doi-asserted-by":"crossref","unstructured":"Zhang, T., Zhang, Y., Lee, R.B.: Cloudradar: a real-time side-channel attack detection system in clouds (2016)","DOI":"10.1007\/978-3-319-45719-2_6"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:23Z","timestamp":1760728043000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":42,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}