{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T17:16:31Z","timestamp":1774718191595,"version":"3.50.1"},"reference-count":55,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5,1]]},"DOI":"10.1109\/host55118.2023.10132915","type":"proceedings-article","created":{"date-parts":[[2023,5,25]],"date-time":"2023-05-25T17:29:36Z","timestamp":1685035776000},"page":"24-35","source":"Crossref","is-referenced-by-count":9,"title":["EC-CFI: Control-Flow Integrity via Code Encryption Counteracting Fault Attacks"],"prefix":"10.1109","author":[{"given":"Pascal","family":"Nasahl","sequence":"first","affiliation":[{"name":"Intel Labs"}]},{"given":"Salmin","family":"Sultana","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"Hans","family":"Liljestrand","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"Karanvir","family":"Grewal","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"Michael","family":"LeMay","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"David M.","family":"Durham","sequence":"additional","affiliation":[{"name":"Intel Labs"}]},{"given":"David","family":"Schrammel","sequence":"additional","affiliation":[{"name":"Graz University of Technology"}]},{"given":"Stefan","family":"Mangard","sequence":"additional","affiliation":[{"name":"Graz University of Technology"}]}],"member":"263","reference":[{"key":"ref13","article-title":"Proving the wild jungle jump","author":"gratchoff","year":"2015","journal-title":"Technical Report Technical Report"},{"key":"ref12","first-page":"11","year":"2015","journal-title":"Project Zero Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.05.004"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1506409.1506429"},{"key":"ref53","first-page":"161","article-title":"Protecting the Control Flow of Embedded Processors against Fault Attacks","volume":"9514","author":"werner","year":"2015","journal-title":"CARDIS"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2018.00023"},{"key":"ref55","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1109\/43.55193","article-title":"Continuous signature monitoring: low-cost concurrent detection of processor control errors","volume":"9","author":"kent","year":"1990","journal-title":"IEEE Trans Comput Aided Des Integr Circuits Syst"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/DFTVS.2003.1250158"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/TEST.1988.207880"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/LATW.2015.7102401"},{"key":"ref17","year":"2021","journal-title":"Intel Intel® Hardware Shield --Intel® Total Memory Encryption"},{"key":"ref16","first-page":"530","article-title":"QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks","author":"h\u00f6ller","year":"2015","journal-title":"In DSD"},{"key":"ref19","year":"2022","journal-title":"Intel Architecture Specification Intel® Trust Domain Extensions (Intel® TDX) Module"},{"key":"ref18","volume":"3","year":"2022","journal-title":"Intel Intel® 64 and IA-32 Architectures Software Developer's Manual"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1109\/OLT.2003.1214380"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2018.2860010"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"ref45","first-page":"370","article-title":"SERVAS! Secure Enclaves via RISC-V Authen-ticryption Shield","volume":"12973","author":"steinegger","year":"2021","journal-title":"ESORICS"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2017.16"},{"key":"ref47","first-page":"1057","article-title":"CLKSCREW: Exposing the Perils of Security-Oblivious Energy Man-agement","author":"tang","year":"2017","journal-title":"In USENIX Security Symposium"},{"key":"ref42","first-page":"1586","article-title":"Securing condi-tional branches in the presence of fault attacks","author":"schilling","year":"2018","journal-title":"In DATE"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/HOST49136.2021.9702269"},{"key":"ref44","first-page":"11","year":"2017","journal-title":"Standard Performance Evaluation Corporation Spec CPU®"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/SSIRI.2008.47"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/FDTC.2016.18"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.3850\/9783981537079_1001"},{"key":"ref7","author":"cui","year":"2017","journal-title":"BADFET Defeating Modern Secure Boot Using Second-Order Pulsed Electromagnetic Fault Injection"},{"key":"ref9","author":"easdon","year":"2020","journal-title":"Undocumented cpu behavior analyzing undocu-mented opcodes on intel x86-64"},{"key":"ref4","year":"2016","journal-title":"AMD Memory Encryption"},{"key":"ref3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1609956.1609960","article-title":"Control-flow integrity principles, implementations, and applications","volume":"13","author":"mart\u00edn","year":"2009","journal-title":"ACM Trans Inf Syst Secur"},{"key":"ref6","article-title":"Intel Corporation","year":"2012","journal-title":"Runtime encryption of memory with Intel® total memory encryption-multi-key"},{"key":"ref5","first-page":"41","article-title":"QEMU, a Fast and Portable Dynamic Translator","author":"bellard","year":"2005","journal-title":"USENIX ATC"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-99766-3_5"},{"key":"ref35","article-title":"Embench: Open benchmarks for embedded platforms","author":"patterson","year":"0"},{"key":"ref34","article-title":"How to benchmark code execution times on intel ia-32 and ia-64 instruction set architectures","volume":"123","author":"paoloni","year":"2010","journal-title":"Intel Corporation"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/AsianHOST47458.2019.9006701"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354201"},{"key":"ref31","article-title":"Attacking AUTOSAR using software and hardware attacks","author":"nasahl","year":"2019"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453684"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/24.994926"},{"key":"ref32","first-page":"1193","article-title":"Bypassing Isolated Execution on RISC-V with Fault Injection","author":"nashimoto","year":"2020","journal-title":"IACR Cryptol ePrint Arch"},{"key":"ref2","first-page":"340","article-title":"Control-flow integrity","author":"mart\u00edn","year":"2005","journal-title":"CCS"},{"key":"ref1","first-page":"12","year":"2021","journal-title":"IEEE Int Symposium on Hardware-Oriented Security and Trust"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2021.i4.447-473"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2005.34"},{"key":"ref24","first-page":"177","article-title":"PAC it up: Towards Pointer Integrity using ARM Pointer Authentication","author":"liljestrand","year":"2019","journal-title":"In USENIX Security Symposium"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"ref25","author":"lowe-power","year":"2020","journal-title":"The gem5 Simulator Version 20 0 + CoRR abs\/2007 03152"},{"key":"ref20","volume":"1","year":"2022","journal-title":"Intel Architecture Memory Encryption Technologies"},{"key":"ref22","first-page":"200","article-title":"Soft-ware Countermeasures for Control Flow Integrity of Smart Card C Codes","volume":"8713","author":"lalande","year":"2014","journal-title":"ESORICS"},{"key":"ref21","first-page":"147","article-title":"Code-Pointer Integrity","author":"kuznetsov","year":"2014","journal-title":"OSDI96"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2022.i4.56-87"},{"key":"ref27","first-page":"1466","article-title":"Plundervolt: Software-based Fault Injection Attacks against Intel SGX","author":"oswald","year":"2020","journal-title":"P S"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/HOST49136.2021.9702268"}],"event":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","location":"San Jose, CA, USA","start":{"date-parts":[[2023,5,1]]},"end":{"date-parts":[[2023,5,4]]}},"container-title":["2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10132842\/10132914\/10132915.pdf?arnumber=10132915","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,12]],"date-time":"2023-06-12T17:56:09Z","timestamp":1686592569000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10132915\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,1]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/host55118.2023.10132915","relation":{},"subject":[],"published":{"date-parts":[[2023,5,1]]}}}