{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T14:40:20Z","timestamp":1775745620460,"version":"3.50.1"},"reference-count":104,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"funder":[{"DOI":"10.13039\/100000028","name":"Semiconductor Research Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100000028","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179399","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2321-2338","source":"Crossref","is-referenced-by-count":29,"title":["A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs"],"prefix":"10.1109","author":[{"given":"Lukas","family":"Gerlach","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security"}]},{"given":"Daniel","family":"Weber","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security"}]},{"given":"Ruiyi","family":"Zhang","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security"}]},{"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2014.6844475"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/1229285.1266999"},{"key":"ref3","article-title":"Predicting secret keys via branch prediction","author":"Ac\u0131i\u00e7mez","year":"2007","journal-title":"CT-RSA"},{"key":"ref4","article-title":"Side-channel attacks on risc-v processors: Current progress, challenges, and opportunities","author":"Ahmadi","year":"2021"},{"key":"ref5","article-title":"macOS Sierra: Set permissions for items on your Mac","year":"2019"},{"key":"ref6","article-title":"The rocket chip generator","author":"Asanovic","year":"2016","journal-title":"EECS Berkley"},{"key":"ref7","volume-title":"Instruction sets should be free: The case for risc-v","author":"Asanovi\u0107","year":"2014"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.29"},{"key":"ref9","article-title":"Cache-Timing Attacks on AES","author":"Bernstein","year":"2005"},{"key":"ref10","article-title":"Template Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls","volume-title":"Cryptology ePrint Archive, Report 2017\/968","author":"Bhattacharya","year":"2017"},{"key":"ref11","article-title":"RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks","volume-title":"USENIX Security Symposium","author":"Briongos"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384747"},{"key":"ref13","article-title":"A Systematic Evaluation of Transient Execution Attacks and Defenses","volume-title":"USENIX Security Symposium","author":"Canella"},{"key":"ref14","article-title":"The Berkeley Out-of-Order Machine (BOOM): An Industry-Competitive, Synthesizable, Parameterized RISC-V Processor","author":"Celio","year":"2015","journal-title":"Tech. Rep."},{"key":"ref15","article-title":"Don\u2019t mesh around: Side-Channel attacks and mitigations on mesh interconnects","volume-title":"USENIX Security Symposium","author":"Dai"},{"key":"ref16","article-title":"ASIC implementations, i.e. \"real\" CPU chips","author":"Wiki","year":"2022"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322238"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.32"},{"key":"ref19","article-title":"Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX","volume-title":"USENIX Security Symposium","author":"Disselkoen"},{"key":"ref20","article-title":"Rapid Prototyping for Microarchitectural Attacks","author":"Easdon","year":"2022","journal-title":"USENIX Security"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/2768566.2768571"},{"key":"ref22","article-title":"Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR","author":"Evtyushkin","year":"2016","journal-title":"MICRO"},{"key":"ref23","article-title":"The microarchitecture of Intel, AMD and VIA CPUs: An optimization guide for assembly programmers and compiler makers","author":"Fog","year":"2016"},{"key":"ref24","article-title":"RISC-V Exchange: Available Boards","author":"Foundation","year":"2022"},{"key":"ref25","article-title":"Developing a Test Suite for Transient-Execution Attacks on RISC-V and CHERI-RISC-V","author":"Fuchs","year":"2021"},{"key":"ref26","article-title":"Certified side channels","volume-title":"USENIX Security Symposium","author":"Garc\u00eda"},{"key":"ref27","article-title":"A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware","author":"Ge","year":"2016","journal-title":"Journal of Cryptographic Engineering"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66332-6_11"},{"key":"ref29","article-title":"Replicating and Mitigating Spectre Attacks on a Open Source RISC-V Microarchitecture","author":"Gonzalez","year":"2019","journal-title":"Third Workshop on Computer Architecture Research with RISC-V (CARRV)"},{"key":"ref30","article-title":"Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks","volume-title":"USENIX Security Symposium","author":"Gras"},{"key":"ref31","article-title":"AutoLock: Why Cache Attacks on ARM Are Harder Than You Think","volume-title":"USENIX Security Symposium","author":"Green"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-62105-0_11"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978356"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_15"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"ref36","article-title":"Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches","volume-title":"USENIX Security Symposium","author":"Gruss"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"ref38","article-title":"M1 Exploration - v0.70","author":"Handley","year":"2021"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-09484-2_7"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3268935.3268940"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-1992-13-404"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"ref43","article-title":"Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX","author":"Huo","year":"2020","journal-title":"CHES"},{"key":"ref44","article-title":"Speculative Execution Side Channel Mitigations","year":"2018"},{"key":"ref45","article-title":"Intel 64 and IA-32 Architectures Software Developer\u2019s Manual, Volume 3 (3A, 3B & 3C): System Programming Guide","year":"2019"},{"key":"ref46","article-title":"Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations","author":"Corporation","year":"2020"},{"key":"ref47","article-title":"Data Operand Independent Timing Instruction Set Architecture (ISA) Guidance","author":"Corporation"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.42"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978321"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2022.24221"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2678373.2665726"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP48549.2020.00027"},{"key":"ref54","article-title":"FGKASLR Patches Revised A 10th Time For Improving Linux Kernel Security","author":"Larabel","year":"2022"},{"key":"ref55","article-title":"Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing","volume-title":"USENIX Security Symposium","author":"Lee"},{"key":"ref56","article-title":"Support KASLR for RISC-V","author":"Li","year":"2020"},{"key":"ref57","article-title":"AMD Prefetch Attacks through Power and Time","author":"Lipp","year":"2022","journal-title":"USENIX Security"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_11"},{"key":"ref59","article-title":"ARMageddon: Cache Attacks on Mobile Devices","volume-title":"USENIX Security Symposium","author":"Lipp"},{"key":"ref60","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384746"},{"key":"ref61","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00063"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"ref63","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"ref64","article-title":"A survey of microarchitectural side-channel vulnerabilities, attacks, and defenses in cryptography","author":"Lou","year":"2021","journal-title":"ACM CSUR"},{"key":"ref65","doi-asserted-by":"publisher","DOI":"10.1109\/ISQED51717.2021.9424252"},{"key":"ref66","article-title":"CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction","volume-title":"USENIX Security Symposium","author":"Moghimi"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00026"},{"key":"ref68","article-title":"performance.now resolution","year":"2019"},{"key":"ref69","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"ref70","article-title":"Cache Missing for Fun and Profit","author":"Percival","year":"2005","journal-title":"BSDCan"},{"key":"ref71","article-title":"DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks","volume-title":"USENIX Security Symposium","author":"Pessl"},{"key":"ref72","article-title":"Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend","volume-title":"USENIX Security Symposium","author":"Puddu"},{"key":"ref73","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484816"},{"key":"ref74","article-title":"MIRAGE: Mitigating conflict-based cache attacks with a practical fully-associative design","volume-title":"USENIX Security Symposium","author":"Saileshwar"},{"key":"ref75","doi-asserted-by":"crossref","DOI":"10.1145\/2000064.2000073","article-title":"Vantage: Scalable and efficient fine-grain cache partitioning","volume-title":"Proceedings of the annual international symposium on Computer architecture","author":"Sanchez"},{"key":"ref76","article-title":"Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs","author":"Schwarz","year":"2019"},{"key":"ref77","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_1"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23027"},{"key":"ref79","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-17146-8_9"},{"key":"ref81","article-title":"Speculative Dereferencing of Registers: Reviving Foreshadow","author":"Schwarzl","year":"2021","journal-title":"FC"},{"key":"ref82","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030124"},{"key":"ref83","article-title":"HF105 Datasheet","author":"Five","year":"2022"},{"key":"ref84","article-title":"U74 core complex manual","author":"Five","year":"2022"},{"key":"ref85","article-title":"RISC-V 64bit chip (C910) run Android 10","author":"Sipeed","year":"2022"},{"key":"ref86","doi-asserted-by":"publisher","DOI":"10.1007\/s41635-018-0046-1"},{"key":"ref87","article-title":"C906","year":"2022"},{"key":"ref88","article-title":"Xuantie c906 r1s0 user manual","author":"Semiconductor","year":"2022"},{"key":"ref89","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24086"},{"key":"ref90","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"key":"ref91","article-title":"Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution","volume-title":"USENIX Security Symposium","author":"Van Bulck"},{"key":"ref92","article-title":"Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think","volume-title":"USENIX Security Symposium","author":"Van Schaik"},{"key":"ref93","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00042"},{"key":"ref94","article-title":"Mitigations landing for new class of timing attack","author":"Wagner","year":"2018"},{"key":"ref95","doi-asserted-by":"crossref","DOI":"10.1109\/MM.2023.3274619","article-title":"Hertzbleed: Turning power side-channel attacks into remote timing attacks on x86","volume-title":"USENIX Security Symposium","author":"Wang"},{"issue":"2","key":"ref96","doi-asserted-by":"crossref","DOI":"10.1145\/1273440.1250723","article-title":"New cache designs for thwarting software cache-based side channel attacks","volume":"35","author":"Wang","year":"2007","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"ref97","article-title":"The RISC-V Instruction Set Manual, Vol. I: Unprivileged ISA, Version 20191213","author":"Waterman","year":"2019"},{"key":"ref98","article-title":"The RISC-V Instruction Set Manual Volume II: Privileged Architecture, Document Version 20211203","author":"Waterman","year":"2021"},{"key":"ref99","doi-asserted-by":"publisher","DOI":"10.5555\/3361338.3361385"},{"key":"ref100","article-title":"Roma Laptop Pre-order","year":"2022"},{"key":"ref101","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134016"},{"key":"ref102","article-title":"Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack","volume-title":"USENIX Security Symposium","author":"Yarom"},{"key":"ref103","article-title":"(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels","author":"Zhang","year":"2023","journal-title":"USENIX Security"},{"key":"ref104","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00023"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","location":"San Francisco, CA, USA","start":{"date-parts":[[2023,5,21]]},"end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179399.pdf?arnumber=10179399","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:18:34Z","timestamp":1721452714000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179399\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":104,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179399","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}