{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T17:39:13Z","timestamp":1759513153795},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319725970"},{"type":"electronic","value":"9783319725987"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-72598-7_13","type":"book-chapter","created":{"date-parts":[[2017,12,1]],"date-time":"2017-12-01T12:06:49Z","timestamp":1512130009000},"page":"209-230","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Human-on-the-Loop Automation for Detecting Software Side-Channel Vulnerabilities"],"prefix":"10.1007","author":[{"given":"Ganesh Ram","family":"Santhanam","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Benjamin","family":"Holland","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Suresh","family":"Kothari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nikhil","family":"Ranade","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,12,2]]},"reference":[{"key":"13_CR1","unstructured":"Klocwork source code analysis (2001). http:\/\/www.klocwork.com"},{"key":"13_CR2","unstructured":"Coverity static analysis (2002). http:\/\/www.coverity.com"},{"key":"13_CR3","unstructured":"Space\/time analysis for cybersecurity (2015). http:\/\/www.darpa.mil\/program\/space-time-analysis-for-cybersecurity . Accessed Mar 2016"},{"key":"13_CR4","unstructured":"Software side channel vulnerabilities repository (2017). https:\/\/github.com\/kcsl\/SSCV\/ . Accessed 18 Aug 2017"},{"key":"13_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-662-44709-3_5","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"N Benger","year":"2014","unstructured":"Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: \u201cOoh aah... just a little bit\u201d: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75\u201392. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-44709-3_5"},{"key":"13_CR6","unstructured":"Black, J., Urtubia, H.: Side-channel attacks on symmetric encryption schemes: the case for authenticated encryption. In: Proceedings of the 11th USENIX Security Symposium, pp. 327\u2013338 (2002)"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Bosman, E., Razavi, K., Bos, H., Giuffrida, C.: Dedup Est Machina: memory deduplication as an advanced exploitation vector. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 987\u20131004 (2016)","DOI":"10.1109\/SP.2016.63"},{"issue":"5","key":"13_CR8","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","volume":"48","author":"D Brumley","year":"2005","unstructured":"Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701\u2013716 (2005)","journal-title":"Comput. Netw."},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Chen, S., Zhang, K., Wang, R., Wang, X.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 191\u2013206 (2010)","DOI":"10.1109\/SP.2010.20"},{"key":"13_CR10","unstructured":"Cummings, M.: Supervising automation: humans on the loop (2008). http:\/\/web.mit.edu\/aeroastro\/news\/magazine\/aeroastro5\/cummings.html . Accessed 10 May 2017"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Deering, T., Kothari, S., Sauceda, J., Mathews, J.: Atlas: a new way to explore software, build analysis tools. In: Proceedings of International Conference on Software Engineering, pp. 588\u2013591. ACM (2014)","DOI":"10.1145\/2591062.2591065"},{"issue":"3","key":"13_CR12","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1145\/2366231.2337172","volume":"40","author":"J Demme","year":"2012","unstructured":"Demme, J., Martin, R., Waksman, A., Sethumadhavan, S.: Side-channel vulnerability factor: a metric for measuring information leakage. SIGARCH Comput. Archit. News 40(3), 106\u2013117 (2012)","journal-title":"SIGARCH Comput. Archit. News"},{"issue":"1","key":"13_CR13","doi-asserted-by":"crossref","first-page":"4:1","DOI":"10.1145\/2756550","volume":"18","author":"G Doychev","year":"2015","unstructured":"Doychev, G., K\u00f6pf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1), 4:1\u20134:32 (2015)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"13_CR14","doi-asserted-by":"crossref","unstructured":"Ge, Q., Yarom, Y., Cock, D., et al.: J. Cryptogr. Eng. (2016). https:\/\/doi.org\/10.1007\/s13389-016-0141-6","DOI":"10.1007\/s13389-016-0141-6"},{"key":"13_CR15","doi-asserted-by":"crossref","unstructured":"Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: practical cache attacks on the MMU (2017)","DOI":"10.14722\/ndss.2017.23271"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, pp. 490\u2013505. IEEE Computer Society (2011)","DOI":"10.1109\/SP.2011.22"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Holland, B., Santhanam, G.R., Awadhutkar, P., Kothari, S.: Statically-informed dynamic analysis tools to detect algorithmic complexity vulnerabilities. In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 79\u201384 (2016)","DOI":"10.1109\/SCAM.2016.23"},{"key":"13_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO 1996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"K\u00f6pf, B., Basin, D.: An information-theoretic model for adaptive side-channel attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 286\u2013296. ACM (2007)","DOI":"10.1145\/1315245.1315282"},{"issue":"6","key":"13_CR20","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1109\/MSP.2009.165","volume":"7","author":"N Lawson","year":"2009","unstructured":"Lawson, N.: Side-channel attacks on cryptographic software. IEEE Secur. Priv. 7(6), 65\u201368 (2009)","journal-title":"IEEE Secur. Priv."},{"issue":"12","key":"13_CR21","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1016\/S1353-4858(06)70465-2","volume":"2006","author":"A Matthews","year":"2006","unstructured":"Matthews, A.: Side-channel attacks on smartcards. Netw. Secur. 2006(12), 18\u201320 (2006)","journal-title":"Netw. Secur."},{"key":"13_CR22","unstructured":"Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Investigations of power analysis attacks on smartcards. In: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p. 17. USENIX Association (1999)"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox: practical cache attacks in JavaScript and their implications. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1406\u20131418. ACM (2015)","DOI":"10.1145\/2810103.2813708"},{"key":"13_CR24","doi-asserted-by":"crossref","unstructured":"Polakis, I., Argyros, G., Petsios, T., Sivakorn, S., Keromytis, A.D.: Where\u2019s wally?: precise user discovery attacks in location proximity services. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 817\u2013828. ACM (2015)","DOI":"10.1145\/2810103.2813605"},{"key":"13_CR25","unstructured":"Saura, D., Futoransky, A., Waissbein, A.: Timing attacks for recovering private entries from database engines. Black Hat USA (2007). https:\/\/www.blackhat.com\/presentations\/bh-usa-07\/Waissbein_Futoransky_and_Saura\/Presentation\/bh-usa-07-waissbein_futoransky_and_saura.pdf"},{"key":"13_CR26","unstructured":"Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: Proceedings of the 10th Conference on USENIX Security Symposium, vol. 10 (2001)"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Tamrawi, A., Kothari, S.: Projected control graph for accurate and efficient analysis of safety and security vulnerabilities. In: Asia-Pacific Software Engineering Conference (APSEC), pp. 113\u2013120, December 2016","DOI":"10.1109\/APSEC.2016.026"},{"key":"13_CR28","unstructured":"Vila, P., K\u00f6pf, B.: Loophole: timing attacks on shared event loops in chrome. arXiv preprint arXiv:1702.06764 (2017)"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"170","DOI":"10.1007\/978-3-540-74061-2_11","volume-title":"Static Analysis","author":"T Wei","year":"2007","unstructured":"Wei, T., Mao, J., Zou, W., Chen, Y.: A new algorithm for identifying loops in decompilation. In: Nielson, H.R., Fil\u00e9, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 170\u2013183. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74061-2_11"},{"key":"13_CR30","unstructured":"Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 719\u2013732. USENIX Association, Berkeley, CA, USA (2014)"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Zhang, K., Li, Z., Wang, R., Wang, X., Chen, S.: Sidebuster: automated detection and quantification of side-channel leaks in web application development. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 595\u2013606. ACM (2010)","DOI":"10.1145\/1866307.1866374"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Zhang, T., Liu, F., Chen, S., Lee, R.B.: Side channel vulnerability metrics: the promise and the pitfalls. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, pp. 2:1\u20132:8. ACM (2013)","DOI":"10.1145\/2487726.2487728"}],"container-title":["Lecture Notes in Computer Science","Information Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-72598-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,7]],"date-time":"2019-10-07T03:37:34Z","timestamp":1570419454000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-72598-7_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319725970","9783319725987"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-72598-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}