{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T18:04:26Z","timestamp":1783965866605,"version":"3.55.0"},"reference-count":47,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,11,1]],"date-time":"2026-11-01T00:00:00Z","timestamp":1793491200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"funder":[{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002642","name":"Korea University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002642","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100014188","name":"Ministry of Science and ICT, South Korea","doi-asserted-by":"publisher","award":["RS-2023-NR077166"],"award-info":[{"award-number":["RS-2023-NR077166"]}],"id":[{"id":"10.13039\/501100014188","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,11]]},"DOI":"10.1016\/j.cose.2026.105024","type":"journal-article","created":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T23:58:29Z","timestamp":1781827109000},"page":"105024","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["A systematic survey of side-channel attack surfaces in Intel TDX"],"prefix":"10.1016","volume":"170","author":[{"given":"Taehun","family":"Kim","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Youngjoo","family":"Shin","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.105024_b1","article-title":"Intel trust domain extensions TDX security review","author":"Aktas","year":"2023","journal-title":"Google Secur. Rev."},{"key":"10.1016\/j.cose.2026.105024_b2","series-title":"arm confidential compute architecture","author":"ARM","year":"2025"},{"key":"10.1016\/j.cose.2026.105024_b3","unstructured":"Bertani, A., Caraccio, D., Zanero, S., Polino, M., et al., 2025. Confidential Computing: A Security Overview and Future Research Directions. In: Proceedings of the Joint National Conference on Cybersecurity. ITASEC & SERICS 2025, pp. N\u2013A."},{"key":"10.1016\/j.cose.2026.105024_b4","unstructured":"Borrello, P., Kogler, A., Schwarzl, M., Lipp, M., Gruss, D., Schwarz, M., 2022. {\u00c6PIC} leak: Architecturally leaking uninitialized data from the microarchitecture. In: 31st USENIX Security Symposium (USENIX Security 22). pp. 3917\u20133934."},{"issue":"9","key":"10.1016\/j.cose.2026.105024_b5","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3652597","article-title":"Intel tdx demystified: A top-down approach","volume":"56","author":"Cheng","year":"2024","journal-title":"ACM Comput. Surv."},{"key":"10.1016\/j.cose.2026.105024_b6","article-title":"Intel SGX explained","author":"Costan","year":"2016","journal-title":"Cryptol. EPrint Arch."},{"key":"10.1016\/j.cose.2026.105024_b7","doi-asserted-by":"crossref","unstructured":"De Meulemeester, J., Oswald, D., Verbauwhede, I., Van Bulck, J., 2026. Battering RAM: Lowcost interposer attacks on confidential computing via dynamic memory aliasing. In: 47th IEEE Symposium on Security and Privacy (S&P).","DOI":"10.1109\/SP63933.2026.00052"},{"key":"10.1016\/j.cose.2026.105024_b8","doi-asserted-by":"crossref","unstructured":"Gast, S., Juffinger, J., Schwarzl, M., Saileshwar, G., Kogler, A., Franza, S., K\u00f6stl, M., Gruss, D., 2023. Squip: Exploiting the scheduler queue contention side channel. In: 2023 IEEE Symposium on Security and Privacy. SP, pp. 2256\u20132272.","DOI":"10.1109\/SP46215.2023.10179368"},{"key":"10.1016\/j.cose.2026.105024_b9","doi-asserted-by":"crossref","unstructured":"Gast, S., Weissteiner, H., Schr\u00f6der, R.L., Gruss, D., 2025. CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP. In: Network and Distributed System Security Symposium 2025: NDSS 2025.","DOI":"10.14722\/ndss.2025.241038"},{"key":"10.1016\/j.cose.2026.105024_b10","unstructured":"Gras, B., Razavi, K., Bos, H., Giuffrida, C., 2018. Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks. In: 27th USENIX Security Symposium (USENIX Security 18). pp. 955\u2013972."},{"key":"10.1016\/j.cose.2026.105024_b11","doi-asserted-by":"crossref","unstructured":"Hunt, G.D., Pai, R., Le, M.V., Jamjoom, H., Bhattiprolu, S., Boivie, R., Dufour, L., Frey, B., Kapur, M., Goldman, K.A., et al., 2021. Confidential computing for OpenPOWER. In: Proceedings of the Sixteenth European Conference on Computer Systems. pp. 294\u2013310.","DOI":"10.1145\/3447786.3456243"},{"key":"10.1016\/j.cose.2026.105024_b12","first-page":"321","article-title":"Bluethunder: A 2-level directional predictor based side-channel attack against sgx","author":"Huo","year":"2020","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"10.1016\/j.cose.2026.105024_b13","series-title":"Intel software guard extensions developer guide: Protection from side-channel attacks","author":"Intel","year":"2017"},{"key":"10.1016\/j.cose.2026.105024_b14","series-title":"intel software guard extensions developer guide","author":"Intel","year":"2025"},{"key":"10.1016\/j.cose.2026.105024_b15","series-title":"Intel 64 and IA-32 architectures software developer\u2019s manual","author":"Intel","year":"2025"},{"key":"10.1016\/j.cose.2026.105024_b16","series-title":"Intel\u00ae trust domain extensions (intel\u00ae TDX) module base architecture specification","author":"Intel","year":"2025"},{"key":"10.1016\/j.cose.2026.105024_b17","series-title":"ESORICS 2025","article-title":"T-time: A fine-grained timing-based controlled-channel attack against intel TDX","author":"Lee","year":"2025"},{"key":"10.1016\/j.cose.2026.105024_b18","doi-asserted-by":"crossref","unstructured":"Li, M., Wilke, L., Wichelmann, J., Eisenbarth, T., Teodorescu, R., Zhang, Y., 2022. A systematic look at ciphertext side channels on AMD SEV-SNP. In: 2022 IEEE Symposium on Security and Privacy. SP, pp. 337\u2013351.","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"10.1016\/j.cose.2026.105024_b19","doi-asserted-by":"crossref","unstructured":"Li, M., Yang, Y., Chen, G., Yan, M., Zhang, Y., 2024. Sok: Understanding design choices and pitfalls of trusted execution environments. In: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. pp. 1600\u20131616.","DOI":"10.1145\/3634737.3644993"},{"key":"10.1016\/j.cose.2026.105024_b20","unstructured":"Li, M., Zhang, Y., Wang, H., Li, K., Cheng, Y., 2021. CIPHERLEAKS: Breaking constant-time cryptography on AMD SEV via the ciphertext side channel. In: 30th USENIX Security Symposium (USENIX Security 21). pp. 717\u2013732."},{"key":"10.1016\/j.cose.2026.105024_b21","series-title":"IEEE SP","first-page":"355","article-title":"PLATYPUS: Software-based power side-channel attacks on x86","author":"Lipp","year":"2021"},{"key":"10.1016\/j.cose.2026.105024_b22","doi-asserted-by":"crossref","unstructured":"Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B., 2015. Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy. pp. 605\u2013622.","DOI":"10.1109\/SP.2015.43"},{"key":"10.1016\/j.cose.2026.105024_b23","article-title":"Exploring side-channels in intel trust domain extensions","author":"Mandal","year":"2025","journal-title":"Cryptol. EPrint Arch."},{"key":"10.1016\/j.cose.2026.105024_b24","series-title":"2025 62nd ACM\/IEEE Design Automation Conference","first-page":"1","article-title":"\u201cOOPS!\u201d: Out-of-band remote power side-channel attacks on intel SGX and TDX","author":"Mishra","year":"2025"},{"issue":"3","key":"10.1016\/j.cose.2026.105024_b25","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3700418","article-title":"Confidential vms explained: An empirical analysis of amd sev-snp and intel tdx","volume":"8","author":"Misono","year":"2024","journal-title":"Proc. ACM Meas. Anal. Comput. Syst."},{"key":"10.1016\/j.cose.2026.105024_b26","unstructured":"Moghimi, D., Van Bulck, J., Heninger, N., Piessens, F., Sunar, B., 2020. CopyCat: Controlled Instruction-Level attacks on enclaves. In: 29th USENIX Security Symposium (USENIX Security 20). pp. 469\u2013486."},{"key":"10.1016\/j.cose.2026.105024_b27","unstructured":"Puddu, I., Schneider, M., Haller, M., \u010capkun, S., 2021. Frontal attack: Leaking Control-Flow in SGX via the CPU frontend. In: 30th USENIX Security Symposium. pp. 663\u2013680."},{"key":"10.1016\/j.cose.2026.105024_b28","unstructured":"Rauscher, F., Wilke, L., Weissteiner, H., Eisenbarth, T., Gruss, D., 2025. P: Novel Techniques for Single-Stepping and Cache Attacks on Intel TDX. In: 34th USENIX Security Symposium (USENIX Security 25). pp. 1207\u20131222."},{"issue":"4","key":"10.1016\/j.cose.2026.105024_b29","doi-asserted-by":"crossref","first-page":"2686","DOI":"10.1109\/TDSC.2023.3314710","article-title":"\u03b3-Knife: Extracting neural network architecture through software-based power side-channel","volume":"21","author":"Ryu","year":"2023","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"10.1016\/j.cose.2026.105024_b30","series-title":"2015 IEEE Trustcom\/BigDataSE\/Ispa","first-page":"57","article-title":"Trusted execution environment: What it is, and what it is not","volume":"vol. 1","author":"Sabt","year":"2015"},{"key":"10.1016\/j.cose.2026.105024_b31","doi-asserted-by":"crossref","unstructured":"Schl\u00fcter, B., Shinde, S., 2025. RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP. In: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. pp. 3840\u20133854.","DOI":"10.1145\/3719027.3765233"},{"key":"10.1016\/j.cose.2026.105024_b32","doi-asserted-by":"crossref","unstructured":"Schl\u00fcter, B., Wech, C., Shinde, S., 2025. Heracles: Chosen plaintext attack on amd sev-snp. In: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security. pp. 3810\u20133824.","DOI":"10.1145\/3719027.3765209"},{"key":"10.1016\/j.cose.2026.105024_b33","doi-asserted-by":"crossref","unstructured":"Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S., 2017. Malware guard extension: Using SGX to conceal cache attacks. In: Detection of Intrusions and Malware, and Vulnerability Assessment: 14th International Conference, DIMVA 2017, Bonn, Germany, July 6-7, 2017, Proceedings 14. pp. 3\u201324.","DOI":"10.1007\/978-3-319-60876-1_1"},{"issue":"2020","key":"10.1016\/j.cose.2026.105024_b34","first-page":"1450","article-title":"Strengthening VM isolation with integrity protection and more","volume":"53","author":"Sev-Snp","year":"2020","journal-title":"White Pap. January"},{"key":"10.1016\/j.cose.2026.105024_b35","doi-asserted-by":"crossref","unstructured":"Van Bulck, J., Piessens, F., Strackx, R., 2017a. SGX-Step: A practical attack framework for precise enclave execution control. In: Proceedings of the 2nd Workshop on System Software for Trusted Execution. pp. 1\u20136.","DOI":"10.1145\/3152701.3152706"},{"key":"10.1016\/j.cose.2026.105024_b36","doi-asserted-by":"crossref","unstructured":"Van Bulck, J., Piessens, F., Strackx, R., 2018. Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 178\u2013195.","DOI":"10.1145\/3243734.3243822"},{"key":"10.1016\/j.cose.2026.105024_b37","unstructured":"Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R., 2017b. Telling your secrets without page faults: Stealthy page Table-Based attacks on enclaved execution. In: 26th USENIX Security Symposium (USENIX Security 17). pp. 1041\u20131056."},{"key":"10.1016\/j.cose.2026.105024_b38","doi-asserted-by":"crossref","unstructured":"Wang, W., Chen, G., Pan, X., Zhang, Y., Wang, X., Bindschaedler, V., Tang, H., Gunter, C.A., 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. pp. 2421\u20132434.","DOI":"10.1145\/3133956.3134038"},{"key":"10.1016\/j.cose.2026.105024_b39","series-title":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","first-page":"46","article-title":"Pwrleak: Exploiting power reporting interface for side-channel attacks on amd sev","author":"Wang","year":"2023"},{"key":"10.1016\/j.cose.2026.105024_b40","doi-asserted-by":"crossref","unstructured":"Wilke, L., Sieck, F., Eisenbarth, T., 2024a. TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX. In: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security. pp. 79\u201393.","DOI":"10.1145\/3658644.3690230"},{"issue":"1","key":"10.1016\/j.cose.2026.105024_b41","doi-asserted-by":"crossref","first-page":"180","DOI":"10.46586\/tches.v2024.i1.180-206","article-title":"SEV-step a single-stepping framework for AMD-sev","volume":"2024","author":"Wilke","year":"2024","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"10.1016\/j.cose.2026.105024_b42","doi-asserted-by":"crossref","unstructured":"Xu, Y., Cui, W., Peinado, M., 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy. pp. 640\u2013656.","DOI":"10.1109\/SP.2015.45"},{"key":"10.1016\/j.cose.2026.105024_b43","series-title":"2019 IEEE Symposium on Security and Privacy","first-page":"888","article-title":"Attack directories, not caches: Side channel attacks in a non-inclusive world","author":"Yan","year":"2019"},{"key":"10.1016\/j.cose.2026.105024_b44","series-title":"2023 IEEE\/ACM International Conference on Computer Aided Design","first-page":"1","article-title":"Deep-learning model extraction through software-based power side-channel","author":"Zhang","year":"2023"},{"key":"10.1016\/j.cose.2026.105024_b45","series-title":"USENIX Security","article-title":"StackWarp: Breaking AMD sev-SNP integrity via deterministic stack-pointer manipulation through the cpu\u2019s stack engine","author":"Zhang","year":"2026"},{"key":"10.1016\/j.cose.2026.105024_b46","series-title":"USENIX Security","first-page":"7321","article-title":"BunnyHop: Exploiting the instruction prefetcher","author":"Zhang","year":"2023"},{"key":"10.1016\/j.cose.2026.105024_b47","unstructured":"Zhu, Y., Biondi, A., 2025. Exploiting Inaccurate Branch History in {Side-Channel} Attacks. In: 34th USENIX Security Symposium (USENIX Security 25). pp. 2519\u20132538."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002002?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826002002?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,7,13]],"date-time":"2026-07-13T17:13:43Z","timestamp":1783962823000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826002002"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,11]]},"references-count":47,"alternative-id":["S0167404826002002"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.105024","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,11]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"A systematic survey of side-channel attack surfaces in Intel TDX","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.105024","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"105024"}}