{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T21:01:42Z","timestamp":1775682102388,"version":"3.50.1"},"reference-count":51,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"DOI":"10.13039\/100016308","name":"Bpifrance","doi-asserted-by":"publisher","award":["BPI X7PQC"],"award-info":[{"award-number":["BPI X7PQC"]}],"id":[{"id":"10.13039\/100016308","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/access.2026.3679984","type":"journal-article","created":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T19:51:30Z","timestamp":1775159490000},"page":"51504-51519","source":"Crossref","is-referenced-by-count":0,"title":["Toward Secure RISC-V Microarchitecture: Vulnerability Classes and Defenses"],"prefix":"10.1109","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-6276-1961","authenticated-orcid":false,"given":"Mahreen","family":"Khan","sequence":"first","affiliation":[{"name":"Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0046-2582","authenticated-orcid":false,"given":"Maria","family":"Mushtaq","sequence":"additional","affiliation":[{"name":"Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6676-1123","authenticated-orcid":false,"given":"Renaud","family":"Pacalet","sequence":"additional","affiliation":[{"name":"Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1167-4639","authenticated-orcid":false,"given":"Ludovic","family":"Apvrille","sequence":"additional","affiliation":[{"name":"Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3399742"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3357033"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2020.101524"},{"key":"ref4","doi-asserted-by":"crossref","DOI":"10.21236\/ADA605735","article-title":"The RISC-V instruction set manual, volume I: User-level ISA, version 2.0","author":"Waterman","year":"2014"},{"key":"ref5","first-page":"1","article-title":"Side-channel attacks on RISC-V processors: Current progress, challenges, and opportunities","volume-title":"Proc. 5th Int. Conf. Cyber-Technol. Cyber-Syst.","author":"Ahmadi"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/NorCAS64408.2024.10752477"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179399"},{"key":"ref8","first-page":"1","article-title":"Prevention of microarchitectural covert channels on an open-source RISC-V core","volume-title":"Proc. IEEE Int. Symp. High Perform. Comput. Archit. Workshops","author":"Wistoff"},{"key":"ref9","first-page":"955","article-title":"Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks","volume-title":"Proc. 27th USENIX Security Symp.","author":"Gras"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/csr64739.2025.11130017"},{"key":"ref11","first-page":"719","article-title":"FLUSH+ RELOAD: A high resolution, low noise, l3 cache side-channel attack","volume-title":"Proc. 23rd USENIX Security Symp.","author":"Yarom"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/5559552"},{"key":"ref13","first-page":"249","article-title":"A systematic evaluation of transient execution attacks and defenses","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Canella"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2021.3122830"},{"key":"ref15","first-page":"1","article-title":"Spectre returns! speculation attacks using the return stack buffer","volume-title":"Proc. 12th USENIX Workshop Offensive Technol.","author":"Koruyeh"},{"key":"ref16","volume-title":"Beaglev-Fire","year":"2024"},{"key":"ref17","volume-title":"Beaglev-Ahead","year":"2025"},{"key":"ref18","volume-title":"RISC-V Cache Block Management Operations (Zicbom) Specification","year":"2021"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3744833"},{"key":"ref20","first-page":"1","article-title":"Replicating and mitigating spectre attacks on an open source risc-v microarchitecture","volume-title":"Proc. 3rd Workshop Comput. Archit. Res. RISC-V (CARRV)","author":"Gonzalez"},{"key":"ref21","first-page":"1","article-title":"Developing a test suite for transient-execution attacks on RISC-V and CHERI-RISC-V","volume-title":"Proc. Workshop Comput. Archit. Res. RISC-V","author":"Fuchs"},{"key":"ref22","first-page":"1","article-title":"Experiment on replication of side channel attack via cache of RISC-V Berkeley out-of-order machine (boom) implemented on FPGA","volume-title":"Proc. 4th Workshop Comput. Archit. Res. RISC-V","author":"Le"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2022.108546"},{"key":"ref24","first-page":"1","article-title":"BOOMv2: An open-source out-of-order RISC-V core","volume-title":"Proc. 1st Workshop Comput. Archit. Res. RISC-V (CARRV)","author":"Celio"},{"key":"ref25","volume-title":"Verilator: The Fastest Verilog\/SystemVerilog Simulator","author":"Snyder","year":"2023"},{"key":"ref26","volume-title":"NaxRiscv: An Out-of-Order RISC-V Processor","author":"Papon","year":"2022"},{"key":"ref27","first-page":"1","article-title":"Microarchitectural espionage: Fpga-based security analysis of branch prediction in risc-v out-of-order cores","volume-title":"Proc. IEEE Int. Symp. Digital Forensics Security","author":"Khan"},{"key":"ref28","volume-title":"Coremark: An Industry-Standard Benchmark for Embedded Processors","year":"2023"},{"key":"ref29","volume-title":"Tinymembench: Memory Bandwidth Benchmark","author":"Siarcionas","year":"2023"},{"key":"ref30","volume-title":"RV8: RISC-V Simulator for X86\u201364","author":"Clark","year":"2017"},{"key":"ref31","volume-title":"Security for RISC-V (S4V) Framework","year":"2025"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-84100-2_32"},{"key":"ref33","first-page":"1","article-title":"Secure speculative execution via RISC-V open hardware design","volume-title":"Proc. 5th Workshop Comput. Archit. Res. RISC-V","author":"Sabbagh"},{"key":"ref34","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103480","article-title":"Towards a metrics suite for evaluating cache side-channel vulnerability: Case studies on an open-source RISC-V processor","volume":"135","author":"Guo","year":"2023","journal-title":"Comput. Security"},{"key":"ref35","first-page":"1","article-title":"Prototyping custom hardware performance counters in gem5 simulator: A framework for risc-v side-channel attack assessment","volume-title":"Proc. 25th Int. Conf. Embedded Comput. Syst., Architectures, Model. Simul.","author":"Khan"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/PACT.2017.19"},{"key":"ref37","volume-title":"Memory-system resource partitioning and monitoring (MPAM) configuration using secure processor","author":"Holla","year":"2025"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/IC2E.2018.00025"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00050"},{"key":"ref40","first-page":"7125","article-title":"Ultimate SLH: Taking speculative load hardening to the next level","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Zhang"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2019.2897677"},{"key":"ref42","article-title":"Mitigating speculation-based attacks through configurable hardware\/software co-design","author":"Hajiabadi","year":"2023","journal-title":"arXiv:2306.11291"},{"key":"ref43","article-title":"Retpoline: A branch target injection mitigation","author":"Turner","year":"2018"},{"key":"ref44","first-page":"51","article-title":"Software mitigation of RISC-V spectre attacks","volume-title":"Proc. Int. Conf. Inf. Technol. Commun. Secur.","author":"Bualucea"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-032-00627-1_9"},{"key":"ref46","first-page":"41","article-title":"KPTI a mitigation method against meltdown","volume-title":"Advanced Microkernel Operating Systems","author":"M\u00fcller","year":"2018"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3579856.3595784"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-95-3537-8_8"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2023.i1.1-31"},{"key":"ref50","first-page":"1677","article-title":"Donky: Domain keys\u2013efficient in-process isolation for RISC-V and x86","volume-title":"Proc. 29th USENIX Security Symp.","author":"Schrammel"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23193"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6287639\/11323511\/11471672.pdf?arnumber=11471672","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T20:07:46Z","timestamp":1775678866000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11471672\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":51,"URL":"https:\/\/doi.org\/10.1109\/access.2026.3679984","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}