{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,17]],"date-time":"2026-04-17T04:17:15Z","timestamp":1776399435864,"version":"3.51.2"},"reference-count":68,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2015,6,9]],"date-time":"2015-06-09T00:00:00Z","timestamp":1433808000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"German Research Council (DFG) as part of the Transregional Collaborative Research Center AVACS"},{"name":"Spanish Project TIN2012-39391-C04-01 StrongSoft"},{"name":"Madrid Regional Project S2013\/ICE-2731 N-GREENS"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2015,6,9]]},"abstract":"<jats:p>We present CacheAudit, a versatile framework for the automatic, static analysis of cache side channels. CacheAudit takes as input a program binary and a cache configuration and derives formal, quantitative security guarantees for a comprehensive set of side-channel adversaries, namely, those based on observing cache states, traces of hits and misses, and execution times. Our technical contributions include novel abstractions to efficiently compute precise overapproximations of the possible side-channel observations for each of these adversaries. These approximations then yield upper bounds on the amount of information that is revealed.<\/jats:p>\n          <jats:p>In case studies, we apply CacheAudit to binary executables of algorithms for sorting and encryption, including the AES implementation from the PolarSSL library, and the reference implementations of the finalists of the eSTREAM stream cipher competition. The results we obtain exhibit the influence of cache size, line size, associativity, replacement policy, and coding style on the security of the executables and include the first formal proofs of security for implementations with countermeasures such as preloading and data-independent memory access patterns.<\/jats:p>","DOI":"10.1145\/2756550","type":"journal-article","created":{"date-parts":[[2015,6,12]],"date-time":"2015-06-12T18:26:28Z","timestamp":1434133588000},"page":"1-32","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":108,"title":["CacheAudit"],"prefix":"10.1145","volume":"18","author":[{"given":"Goran","family":"Doychev","sequence":"first","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"given":"Boris","family":"K\u00f6pf","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"given":"Laurent","family":"Mauborgne","sequence":"additional","affiliation":[{"name":"AbsInt GmbH, Saarbr\u00fccken, Germany"}]},{"given":"Jan","family":"Reineke","sequence":"additional","affiliation":[{"name":"Saarland University, Saarbr\u00fccken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2015,6,9]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2013.6531080"},{"key":"e_1_2_1_2_1","unstructured":"AbsInt Angewandte Informatik GmbH. 2015. AbsInt aiT Worst-Case Execution Time Analyzers. Retrieved from http:\/\/www.absint.com\/ait\/.  AbsInt Angewandte Informatik GmbH. 2015. AbsInt aiT Worst-Case Execution Time Analyzers. Retrieved from http:\/\/www.absint.com\/ait\/."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/11935308_9"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/11967668_18"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/325694.325702"},{"key":"e_1_2_1_6_1","volume-title":"On confidentiality and algorithms","author":"Agat Johan"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.18"},{"key":"e_1_2_1_8_1","volume-title":"Porter","author":"Baig Mirza Basim","year":"2014"},{"key":"e_1_2_1_9_1","volume-title":"Carlos Luna, and David Pichardie.","author":"Barthe Gilles","year":"2014"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54792-8_8"},{"key":"e_1_2_1_11_1","unstructured":"Come Berbain Olivier Billet Anne Canteaut Nicolas Courtois Henri Gilbert Louis Goubin Aline Gouget Louis Granboulan Cdric Lauradoux Marine Minier Thomas Pornin and Herv Sibert. 2005. Sosemanuk A Fast Software-oriented Stream Cipher. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/sosemanuk\/sosemanuk&lowbar;p3.pdf.  Come Berbain Olivier Billet Anne Canteaut Nicolas Courtois Henri Gilbert Louis Goubin Aline Gouget Louis Granboulan Cdric Lauradoux Marine Minier Thomas Pornin and Herv Sibert. 2005. Sosemanuk A Fast Software-oriented Stream Cipher. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/sosemanuk\/sosemanuk&lowbar;p3.pdf."},{"key":"e_1_2_1_12_1","unstructured":"Daniel Bernstein. 2005. Cache-Timing Attacks on AES. Retrieved from http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf.  Daniel Bernstein. 2005. Cache-Timing Attacks on AES. Retrieved from http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf."},{"key":"e_1_2_1_13_1","unstructured":"Daniel Bernstein. 2015a. Leaks. Retrieved from http:\/\/cr.yp.to\/streamciphers\/leaks.html.  Daniel Bernstein. 2015a. Leaks. Retrieved from http:\/\/cr.yp.to\/streamciphers\/leaks.html."},{"key":"e_1_2_1_14_1","unstructured":"Daniel Bernstein. 2015b. Snuffle 2005: The Salsa20 Encryption Function. Retrieved from http:\/\/cr.yp.to\/snuffle.html.  Daniel Bernstein. 2015b. Snuffle 2005: The Salsa20 Encryption Function. Retrieved from http:\/\/cr.yp.to\/snuffle.html."},{"key":"e_1_2_1_15_1","unstructured":"Martin Boesgaard Mette Vesterager Thomas Christensen and Erik Zenner. 2005. The Stream Cipher Rabbit. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/rabbit\/rabbit&lowbar;p3.pdf.  Martin Boesgaard Mette Vesterager Thomas Christensen and Erik Zenner. 2005. The Stream Cipher Rabbit. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/rabbit\/rabbit&lowbar;p3.pdf."},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","volume-title":"Efficient chaotic iteration strategies with widenings","author":"Bourdoncle Fran\u00c7ois","DOI":"10.1007\/BFb0039704"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2009.07.085"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1159803.1159825"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/1370628.1370629"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660294"},{"key":"e_1_2_1_21_1","unstructured":"Code Beach. 2008. Sorting Algorithms. Retrieved from http:\/\/www.codebeach.com\/2008\/09\/sorting-algorithms-in-c.html.  Code Beach. 2008. Sorting Algorithms. Retrieved from http:\/\/www.codebeach.com\/2008\/09\/sorting-algorithms-in-c.html."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.19"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/512950.512973"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/567752.567778"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2395116.2395120"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1137\/060651380"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2086696.2086714"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium. USENIX.","author":"Doychev Goran","year":"2013"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/FOCS.2008.56"},{"key":"e_1_2_1_30_1","volume-title":"The eSTREAM Portfolio","author":"ECRYPT.","year":"2012"},{"key":"e_1_2_1_32_1","volume-title":"Relational Domains for the Quantification of Cache Side Channels. Master\u2019s thesis","author":"Feld Dominik"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0167-6423(99)00010-6"},{"key":"e_1_2_1_34_1","unstructured":"Bryan Ford. 2012. Plugging side-channel leaks with timing information flow control. In HotCloud. USENIX.   Bryan Ford. 2012. Plugging side-channel leaks with timing information flow control. In HotCloud. USENIX."},{"key":"e_1_2_1_36_1","unstructured":"Shay Gueron. 2010. Intel Advanced Encryption Standard (AES) Instructions Set. Retrieved from http:\/\/software.intel.com\/file\/24917.  Shay Gueron. 2010. Intel Advanced Encryption Standard (AES) Instructions Set. Retrieved from http:\/\/software.intel.com\/file\/24917."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2003.814618"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2005.02.031"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920300"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.19"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04138-9_1"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 19th USENIX Security Symposium. USENIX.","author":"Kim Taesoo","year":"2012"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-93900-9_19"},{"key":"e_1_2_1_45_1","volume-title":"RSA, DSS, and other systems","author":"Kocher Paul"},{"key":"e_1_2_1_46_1","doi-asserted-by":"crossref","volume-title":"Differential power analysis","author":"Kocher Paul","DOI":"10.1007\/3-540-48405-1_25"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315282"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31424-7_40"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.8"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2010.11"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10868-6_26"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31987-0_2"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2166956.2166957"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_14"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/1554339.1554349"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34416-9_3"},{"key":"e_1_2_1_58_1","unstructured":"Colin Percival. 2005. Cache missing for fun and profit. In BSDCan.  Colin Percival. 2005. Cache missing for fun and profit. In BSDCan."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655019"},{"key":"e_1_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653687"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00596-1_21"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2000064.2000087"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250662.1250723"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2008.4771781"},{"key":"e_1_2_1_65_1","unstructured":"Hongjun Wu. 2004. The Stream Cipher HC-128. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/hc\/hc128&lowbar;p3.pdf.  Hongjun Wu. 2004. The Stream Cipher HC-128. Retrieved from http:\/\/www.ecrypt.eu.org\/stream\/p3ciphers\/hc\/hc128&lowbar;p3.pdf."},{"key":"e_1_2_1_66_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium. 719--732","author":"Yarom Yuval","year":"2014"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866324"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04159-4_13"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/2254064.2254078"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2756550","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2756550","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:12:26Z","timestamp":1750227146000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2756550"}},"subtitle":["A Tool for the Static Analysis of Cache Side Channels"],"short-title":[],"issued":{"date-parts":[[2015,6,9]]},"references-count":68,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,6,9]]}},"alternative-id":["10.1145\/2756550"],"URL":"https:\/\/doi.org\/10.1145\/2756550","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"value":"1094-9224","type":"print"},{"value":"1557-7406","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,6,9]]},"assertion":[{"value":"2014-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-04-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-06-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}