{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T22:21:17Z","timestamp":1742941277587,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":35,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819780150"},{"type":"electronic","value":"9789819780167"}],"license":[{"start":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T00:00:00Z","timestamp":1727568000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,9,29]],"date-time":"2024-09-29T00:00:00Z","timestamp":1727568000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-97-8016-7_2","type":"book-chapter","created":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T07:02:05Z","timestamp":1727506925000},"page":"25-46","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Semi-automated and\u00a0Easily Interpretable Side-Channel Analysis for\u00a0Modern JavaScript"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6690-529X","authenticated-orcid":false,"given":"Iliana","family":"Fayolle","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5748-5462","authenticated-orcid":false,"given":"Jan","family":"Wichelmann","sequence":"additional","affiliation":[]},{"given":"Anja","family":"K\u00f6hl","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2903-7600","authenticated-orcid":false,"given":"Walter","family":"Rudametkin","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1116-6973","authenticated-orcid":false,"given":"Thomas","family":"Eisenbarth","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8896-9494","authenticated-orcid":false,"given":"Cl\u00e9mentine","family":"Maurice","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,9,29]]},"reference":[{"key":"2_CR1","unstructured":"ImperialViolet - checking that functions are constant time with valgrind. https:\/\/www.imperialviolet.org\/2010\/04\/01\/ctgrind.html"},{"key":"2_CR2","unstructured":"node-forge. https:\/\/www.npmjs.com\/package\/node-forge"},{"key":"2_CR3","unstructured":"OpenTelemetry. https:\/\/opentelemetry.io\/. Accessed 21 Feb 2024"},{"key":"2_CR4","unstructured":"Python developers survey 2022 results. https:\/\/lp.jetbrains.com\/python-developers-survey-2022\/"},{"key":"2_CR5","unstructured":"Stack overflow developer survey 2022. https:\/\/survey.stackoverflow.co\/2022\/"},{"key":"2_CR6","unstructured":"State of JavaScript 2022: Usage. https:\/\/2022.stateofjs.com\/fr-FR\/usage\/"},{"key":"2_CR7","unstructured":"Untrusted code mitigations. https:\/\/v8.dev\/docs\/untrusted-code-mitigations. Accessed 24 Apr 2024"},{"key":"2_CR8","unstructured":"AES-JS. https:\/\/github.com\/ricmoo\/aes-js. Accessed 21 Feb 2024"},{"key":"2_CR9","unstructured":"Almeida, J.B., Barbosa, M., Barthe, G., Dupressoir, F., Emmi, M.: Verifying constant-time implementations. In: USENIX Security Symposium (2016)"},{"key":"2_CR10","unstructured":"Babel: Babel is a JavaScript compiler. https:\/\/babeljs.io\/. Accessed 21 Feb 2024"},{"key":"2_CR11","unstructured":"bcoe\/c8 - native v8 code-coverage. https:\/\/github.com\/bcoe\/c8. Original-date 26 Oct 2017"},{"key":"2_CR12","doi-asserted-by":"crossref","unstructured":"Daniel, L., Bardin, S., Rezk, T.: Binsec\/Rel: symbolic binary analyzer for security with applications to constant-time and secret-erasure. ACM Trans. Priv. Secur. 26(2), 11:1\u201311:42 (2023)","DOI":"10.1145\/3563037"},{"key":"2_CR13","doi-asserted-by":"crossref","unstructured":"Daniel, L.A., Bardin, S., Rezk, T.: Binsec\/Rel: Efficient relational symbolic execution for constant-time at binary-level. In: S &P (2020)","DOI":"10.1109\/SP40000.2020.00074"},{"key":"2_CR14","unstructured":"Doychev, G., Feld, D., K\u00f6pf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. In: USENIX Security Symposium (2013)"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Doychev, G., K\u00f6pf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18 (2015)","DOI":"10.1145\/2756550"},{"key":"2_CR16","unstructured":"Fourn\u00e9, M., et al.: \u201cThese results must be false\u201d: a usability evaluation of constant-time analysis tools. In: USENIX Security Symposium (2024)"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Geimer, A., Vergnolle, M., Recoules, F., Daniel, L.A., Bardin, S., Maurice, C.: A systematic evaluation of automated tools for side-channel vulnerabilities detection in cryptographic libraries. In: CCS (2023)","DOI":"10.1145\/3576915.3623112"},{"key":"2_CR18","unstructured":"GitLab: test coverage visualization. https:\/\/docs.gitlab.com\/ee\/ci\/testing\/test_coverage_visualization.html. Accessed 21 Feb 2024"},{"key":"2_CR19","unstructured":"Gras, B., Razavi, K., Bos, H., Giuffrida, C.: Translation leak-aside buffer: defeating cache side-channel protections with TLB attacks. In: USENIX Security Symposium (2018)"},{"key":"2_CR20","doi-asserted-by":"crossref","unstructured":"Gridin, I., Garc\u00eda, C.P., Tuveri, N., Brumley, B.B.: Triggerflow: regression testing by advanced execution path inspection. In: DIMVA (2019)","DOI":"10.1007\/978-3-030-22038-9_16"},{"key":"2_CR21","doi-asserted-by":"crossref","unstructured":"He, S., Emmi, M., Ciocarlie, G.F.: ct-fuzz: fuzzing for timing leaks. In: ICST (2020)","DOI":"10.1109\/ICST46399.2020.00063"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Jancar, J., et al.: \u201cThey\u2019re not that hard to mitigate\u201d: what cryptographic library developers think about timing attacks. In: S &P (2022)","DOI":"10.1109\/SP46214.2022.9833713"},{"key":"2_CR23","unstructured":"Christophe, L.: Aran. https:\/\/github.com\/lachrist\/aran. Accessed 21 Feb 2024"},{"key":"2_CR24","unstructured":"Tal, L.: NPM security: preventing supply chain attacks. https:\/\/snyk.io\/blog\/npm-security-preventing-supply-chain-attacks\/. Accessed 21 Feb 2024"},{"key":"2_CR25","unstructured":"Microwalk Project: Source code and templates. https:\/\/github.com\/microwalk-project"},{"key":"2_CR26","unstructured":"Miller, P.: https:\/\/github.com\/paulmillr\/noble-curves. Accessed 21 Feb 2024"},{"key":"2_CR27","unstructured":"Miller, P.: https:\/\/github.com\/paulmillr\/noble-ciphers. Accessed 21 Feb 2024"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Moghimi, A., Wichelmann, J., Eisenbarth, T., Sunar, B.: MemJam: a false dependency attack against constant-time crypto implementations 47(4), 538\u2013570 (2019)","DOI":"10.1007\/s10766-018-0611-9"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Nilizadeh, S., Noller, Y., Pasareanu, C.S.: DifFuzz: differential fuzzing for side-channel analysis. In: ICSE (2019)","DOI":"10.1109\/ICSE.2019.00034"},{"key":"2_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/11605805_1","volume-title":"Topics in Cryptology \u2013 CT-RSA 2006","author":"DA Osvik","year":"2006","unstructured":"Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1\u201320. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11605805_1"},{"key":"2_CR31","unstructured":"Samsung: Jalangi2. https:\/\/github.com\/Samsung\/jalangi2. Accessed 21 Feb 2024"},{"key":"2_CR32","unstructured":"Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: DATA - differential address trace analysis: finding address-based side-channels in binaries. In: USENIX Security Symposium (2018)"},{"key":"2_CR33","doi-asserted-by":"crossref","unstructured":"Wichelmann, J., Moghimi, A., Eisenbarth, T., Sunar, B.: MicroWalk: a framework for finding side channels in binaries. In: ACSAC (2018)","DOI":"10.1145\/3274694.3274741"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Wichelmann, J., Sieck, F., P\u00e4tschke, A., Eisenbarth, T.: MicroWalk-CI: practical side-channel analysis for Javascript applications. In: CCS (2022)","DOI":"10.1145\/3548606.3560654"},{"key":"2_CR35","unstructured":"Yuan, Y., Liu, Z., Wang, S.: CacheQL: quantifying and localizing cache side-channel vulnerabilities in production software. In: USENIX Security Symposium (2023)"}],"container-title":["Lecture Notes in Computer Science","Cryptology and Network Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-8016-7_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,28]],"date-time":"2024-09-28T07:02:50Z","timestamp":1727506970000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-8016-7_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,29]]},"ISBN":["9789819780150","9789819780167"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-8016-7_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,9,29]]},"assertion":[{"value":"29 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CANS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Cryptology and Network Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Cambridge","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cans2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/2024.cansconference.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}