{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,4]],"date-time":"2025-06-04T04:13:35Z","timestamp":1749010415600,"version":"3.41.0"},"reference-count":47,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"Jiangsu Province\u2019s Dual Innovation (Innovation and Entrepreneurship) Doctor Program","award":["JSSCBS0617"],"award-info":[{"award-number":["JSSCBS0617"]}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["NS2024057"],"award-info":[{"award-number":["NS2024057"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004608","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"publisher","award":["BK20220973"],"award-info":[{"award-number":["BK20220973"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100009538","name":"Collaborative Innovation Center of Novel Software Technology and Industrialization","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100009538","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/access.2025.3573038","type":"journal-article","created":{"date-parts":[[2025,5,23]],"date-time":"2025-05-23T17:05:40Z","timestamp":1748019940000},"page":"93084-93101","source":"Crossref","is-referenced-by-count":0,"title":["Timing and Speculative Execution Attacks: Defeating State-of-the-Art Code-Reuse Defenses"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-3337-7357","authenticated-orcid":false,"given":"Zhang","family":"Tianning","sequence":"first","affiliation":[{"name":"College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cai","family":"Miao","sequence":"additional","affiliation":[{"name":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhang","family":"Diming","sequence":"additional","affiliation":[{"name":"College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Huang","family":"Hao","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Technology, Nanjing University, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.3390\/app9142928"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382216"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.45"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660378"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.22"},{"key":"ref6","first-page":"367","article-title":"Shuffler: Fast and deployable continuous code re-randomization","volume-title":"Proc. USENIX Symp. Operating Syst. Design Implement.","author":"Williams-King"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.2991\/iccsee.2013.250"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660309"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom50675.2020.00045"},{"volume-title":"Cve-2018-8355","year":"2018","key":"ref10"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68697-5_9"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23822-2_20"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15031-9_8"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/11894063_16"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"},{"key":"ref16","first-page":"139","article-title":"What cannot be read, cannot be leveraged? Revisiting assumptions of JIT-ROP defenses","volume-title":"Proc. USENIX Secur. Symp.","author":"Maisuradze"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.61"},{"article-title":"Efficient techniques for comprehensive protection from memory error exploits","volume-title":"Proc. USENIX Secur. Symp.","author":"Bhatkar","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.9"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/378993.379237"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/ICEEE2019.2019.00026"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3492321.3519559"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.23"},{"key":"ref25","first-page":"5","article-title":"StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks","volume-title":"Proc. USENIX Secur. Symp.","author":"Cowan"},{"volume-title":"Exec Shield","year":"2004","author":"van de Ven","key":"ref26"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1181309.1181317"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833711"},{"article-title":"Spring: Spectre returning in the browser with speculative load queuing and deep stacks","volume-title":"Proc. Workshop Offensive Technol. (WOOT)","author":"Wikner","key":"ref30"},{"volume-title":"Starctf","year":"2019","key":"ref31"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.17"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857722"},{"key":"ref35","first-page":"447","article-title":"Transparent ROP exploit mitigation using indirect branch tracing","volume-title":"Proc. USENIX Secur. Symp.","author":"Pappas"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23156"},{"key":"ref37","first-page":"401","article-title":"Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection","volume-title":"Proc. USENIX Secur. Symp.","author":"Davi"},{"key":"ref38","first-page":"147","article-title":"Code-pointer integrity","volume-title":"Proc. USENIX Symp. Operating Syst. Design Implement.","author":"Kuznetsov"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-25538-0_39"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40349-1_15"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_14"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-77272-9_12"},{"volume-title":"Efficient mitigation of side-channel based attacks against speculative execution processing architectures","year":"2021","author":"Branco","key":"ref43"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00083"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358310"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/3296957.3173204"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00015"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/10820123\/11014096.pdf?arnumber=11014096","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T17:52:53Z","timestamp":1748973173000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11014096\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":47,"URL":"https:\/\/doi.org\/10.1109\/access.2025.3573038","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2025]]}}}