{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T16:43:47Z","timestamp":1776530627228,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":72,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,3,9]],"date-time":"2020-03-09T00:00:00Z","timestamp":1583712000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100002418","name":"Intel Corporation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100002418","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1850365"],"award-info":[{"award-number":["1850365"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,3,9]]},"DOI":"10.1145\/3373376.3378526","type":"proceedings-article","created":{"date-parts":[[2020,3,13]],"date-time":"2020-03-13T22:37:01Z","timestamp":1584139021000},"page":"667-682","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":23,"title":["Exploring Branch Predictors for Constructing Transient Execution Trojans"],"prefix":"10.1145","author":[{"given":"Tao","family":"Zhang","sequence":"first","affiliation":[{"name":"The College of William & Mary, Williamsburg, VA, USA"}]},{"given":"Kenneth","family":"Koltermann","sequence":"additional","affiliation":[{"name":"The College of William & Mary, Williamsburg, VA, USA"}]},{"given":"Dmitry","family":"Evtyushkin","sequence":"additional","affiliation":[{"name":"The College of William & Mary, Williamsburg, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,3,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2017. Intel\u00ae 64 and IA32 Architectures Performance Monitoring Events. https:\/\/software.intel.com\/sites\/default\/files\/managed\/8b\/6e\/ 335279_performance_monitoring_events_guide.pdf.  2017. Intel\u00ae 64 and IA32 Architectures Performance Monitoring Events. https:\/\/software.intel.com\/sites\/default\/files\/managed\/8b\/6e\/ 335279_performance_monitoring_events_guide.pdf."},{"key":"e_1_3_2_1_2_1","unstructured":"2018. AMD. Software techniques for managing speculation on AMD processors.  2018. AMD. Software techniques for managing speculation on AMD processors."},{"key":"e_1_3_2_1_3_1","unstructured":"2018. Detecting Spectre vulnerability exploits with static analysis.  2018. Detecting Spectre vulnerability exploits with static analysis."},{"key":"e_1_3_2_1_4_1","unstructured":"2018. Intel Analysis of Speculative Execution Side Channels. https:\/\/newsroom.intel.com\/wp-content\/uploads\/sites\/11\/2018\/ 01\/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf.  2018. Intel Analysis of Speculative Execution Side Channels. https:\/\/newsroom.intel.com\/wp-content\/uploads\/sites\/11\/2018\/ 01\/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf."},{"key":"e_1_3_2_1_5_1","unstructured":"2018. LWN.net: Finding Spectre vulnerabilities with smatch. https: \/\/lwn.net\/Articles\/752408\/.  2018. LWN.net: Finding Spectre vulnerabilities with smatch. https: \/\/lwn.net\/Articles\/752408\/."},{"key":"e_1_3_2_1_6_1","unstructured":"2019. Intel\u00ae 64 and IA-32 Architectures Optimization reference Manual. https:\/\/software.intel.com\/sites\/default\/files\/managed\/9e\/bc\/ 64-ia-32-architectures-optimization-manual.pdf.  2019. Intel\u00ae 64 and IA-32 Architectures Optimization reference Manual. https:\/\/software.intel.com\/sites\/default\/files\/managed\/9e\/bc\/ 64-ia-32-architectures-optimization-manual.pdf."},{"key":"e_1_3_2_1_7_1","unstructured":"2019. Wikichip:Skylake(client)-Microarchitectures-Intel. https:\/\/en. wikichip.org\/wiki\/intel\/microarchitectures\/skylake_(client).  2019. Wikichip:Skylake(client)-Microarchitectures-Intel. https:\/\/en. wikichip.org\/wiki\/intel\/microarchitectures\/skylake_(client)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSPEC.2019.8651934"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/VLSI-SoC.2017.8203469"},{"key":"e_1_3_2_1_10_1","first-page":"174","article-title":"Preventing a read of a next sequential chunk in branch prediction of a subject chunk","volume":"7","author":"Altshuler Eran","year":"2007","journal-title":"US Patent"},{"key":"e_1_3_2_1_11_1","unstructured":"Nadav Amit Fred Jacobs and Michael Wei. 2019. JumpSwitches: Restoring the Performance of Indirect Branches In the Era of Spectre. In 2019 {USENIX} Annual Technical Conference ({USENIX} {ATC} 19). 285--300.  Nadav Amit Fred Jacobs and Michael Wei. 2019. JumpSwitches: Restoring the Performance of Indirect Branches In the Era of Spectre. In 2019 {USENIX} Annual Technical Conference ({USENIX} {ATC} 19). 285--300."},{"key":"e_1_3_2_1_12_1","volume-title":"ROPMate: Visually Assisting the Creation of ROPbased Exploits. In 2018 IEEE Symposium on Visualization for Cyber Security (VizSec'18)","author":"Angelini Marco","year":"2018"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Thomas Bourgeat Ilia Lebedev Andrew Wright Sizhuo Zhang and Srinivas Devadas. 2019. MI6: Secure enclaves in a speculative out-oforder processor. (2019) 42--56.  Thomas Bourgeat Ilia Lebedev Andrew Wright Sizhuo Zhang and Srinivas Devadas. 2019. MI6: Secure enclaves in a speculative out-oforder processor. (2019) 42--56.","DOI":"10.1145\/3352460.3358310"},{"key":"e_1_3_2_1_15_1","volume-title":"Michael Schwarz, Moritz Lipp","author":"Canella Claudio","year":"2019"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/226099.2949456"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"G. Chen S. Chen Y. Xiao Y. Zhang Z. Lin and T. H. Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. (June 2019) 142--157. https:\/\/doi.org\/10.1109\/EuroSP.2019.00020  G. Chen S. Chen Y. Xiao Y. Zhang Z. Lin and T. H. Lai. 2019. SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution. (June 2019) 142--157. https:\/\/doi.org\/10.1109\/EuroSP.2019.00020","DOI":"10.1109\/EuroSP.2019.00020"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2014.42"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196501"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_3_2_1_21_1","volume-title":"Detecting Spectre Attacks by identifying Cache Side-Channel Attacks using Machine Learning. Advanced Microkernel Operating Systems","author":"Depoix Jonas","year":"2018"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2756550"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978374"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.5555\/3195638.3195686"},{"key":"e_1_3_2_1_25_1","volume-title":"Dmitry Ponomarev, et al.","author":"Evtyushkin Dmitry","year":"2018"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243743"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.5555\/1600258.1600261"},{"key":"e_1_3_2_1_28_1","unstructured":"GCC. 2020. 6.39 Attribute Syntax. https:\/\/gcc.gnu.org\/onlinedocs\/gcc\/ Attribute-Syntax.html.  GCC. 2020. 6.39 Attribute Syntax. https:\/\/gcc.gnu.org\/onlinedocs\/gcc\/ Attribute-Syntax.html."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-016-0141-6"},{"key":"e_1_3_2_1_30_1","volume-title":"Your Processor Leaks Information-and There's Nothing You Can Do About It. arXiv preprint arXiv:1612.04474","author":"Ge Qian","year":"2016"},{"key":"e_1_3_2_1_31_1","volume-title":"Younis, and Jerry Zhao","author":"Gonzalez Abraham","year":"2018"},{"key":"e_1_3_2_1_32_1","first-page":"523","article-title":"Polymorphic branch predictor and method with selectable mode of prediction","volume":"7","author":"Gschwind Michael","year":"2009","journal-title":"US Patent"},{"key":"e_1_3_2_1_33_1","volume-title":"SPECTECTOR: Principled Detection of Speculative Information Flows. arXiv preprint arXiv:1812.08639","author":"Guarnieri Marco","year":"2018"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 6th USENIX conference on Offensive Technologies. USENIX Association, 7--7.","author":"Homescu Andrei","year":"2012"},{"key":"e_1_3_2_1_35_1","volume-title":"Reading privileged memory with a side-channel. Project Zero (January","author":"Horn Jann","year":"2018"},{"key":"e_1_3_2_1_36_1","first-page":"574","article-title":"Method and apparatus for implementing a set-associative branch target buffer","volume":"5","author":"Hoyt Bradley D","year":"1996","journal-title":"US Patent"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2015.7056069"},{"key":"e_1_3_2_1_38_1","volume-title":"Retpoline: A Branch Target Injection Mitigation.","year":"2018"},{"key":"e_1_3_2_1_39_1","unstructured":"Intel. 2018. Speculative Execution Side Channel Mitigations. (2018). reference no. 336996-003.  Intel. 2018. Speculative Execution Side Channel Mitigations. (2018). reference no. 336996-003."},{"key":"e_1_3_2_1_40_1","unstructured":"David Kanter. 2010. Intel's Sandy Bridge Microarchitecture. https: \/\/www.realworldtech.com\/sandy-bridge\/4\/. (2010).  David Kanter. 2010. Intel's Sandy Bridge Microarchitecture. https: \/\/www.realworldtech.com\/sandy-bridge\/4\/. (2010)."},{"key":"e_1_3_2_1_41_1","volume-title":"Chengyu Song, Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh.","author":"Khasawneh Khaled N","year":"2019"},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings of the 25th IEEE International Symposium on High-Performance Computer Architecture.","author":"Khatamifard S Karen","year":"2019"},{"key":"e_1_3_2_1_43_1","first-page":"282","article-title":"Method and apparatus for performing power management by suppressing the speculative execution of instructions within a pipelined microprocessor","volume":"6","author":"Khazam Jonathan","year":"2001","journal-title":"US Patent"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00083"},{"key":"e_1_3_2_1_45_1","volume-title":"Speculative Buffer Overflows: Attacks and Defenses. CoRR abs\/1807.03757","author":"Kiriansky Vladimir","year":"2018"},{"key":"e_1_3_2_1_46_1","volume-title":"Spectre Mitigations in Microsoft's C\/C++ Compiler. Retrieved August 3","author":"Kocher Paul","year":"2018"},{"key":"e_1_3_2_1_47_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)","author":"Kocher Paul","year":"2019"},{"key":"e_1_3_2_1_48_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Koruyeh Esmaeil Mohammadian","year":"2018"},{"key":"e_1_3_2_1_49_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Lipp Moritz","year":"2018"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_3"},{"key":"e_1_3_2_1_53_1","unstructured":"pakt. 2013. A Turing complete ROP compiler. https:\/\/github.com\/pakt\/ ropc.  pakt. 2013. A Turing complete ROP compiler. https:\/\/github.com\/pakt\/ ropc."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/12.214687"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Andrew Prout William Arcand David Bestor Bill Bergeron Chansup Byun Vijay Gadepally Michael Houle Matthew Hubbell Michael Jones Anna Klein etal 2018. Measuring the Impact of Spectre and Meltdown. (2018) 1--5.  Andrew Prout William Arcand David Bestor Bill Bergeron Chansup Byun Vijay Gadepally Michael Houle Matthew Hubbell Michael Jones Anna Klein et al. 2018. Measuring the Impact of Spectre and Meltdown. (2018) 1--5.","DOI":"10.1109\/HPEC.2018.8547554"},{"key":"e_1_3_2_1_56_1","first-page":"433","article-title":"Method and apparatus for pipeline inclusion and instruction restarts in a micro-op cache of a processor","volume":"8","author":"Rappoport Lihu","year":"2013","journal-title":"US Patent"},{"key":"e_1_3_2_1_57_1","first-page":"103","article-title":"Efficient method and apparatus for employing a micro-op cache in a processor","volume":"8","author":"Rappoport Lihu","year":"2012","journal-title":"US Patent"},{"key":"e_1_3_2_1_58_1","unstructured":"Redhat. 2018. Controlling the Performance Impact of Microcode and Security Patches for CVE-2017--5754 CVE-2017--5715 and CVE-2017- 5753 using Red Hat Enterprise Linux Tunables. https:\/\/access.redhat. com\/articles\/3311301.  Redhat. 2018. Controlling the Performance Impact of Microcode and Security Patches for CVE-2017--5754 CVE-2017--5715 and CVE-2017- 5753 using Red Hat Enterprise Linux Tunables. https:\/\/access.redhat. com\/articles\/3311301."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCIS.2011.103"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516716"},{"key":"e_1_3_2_1_61_1","volume-title":"Netspectre: Read arbitrary memory over network.","author":"Schwarz Michael","year":"2019"},{"key":"e_1_3_2_1_62_1","volume-title":"ACM conference on Computer and communications security. New York? 552-- 561","author":"Hovav"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.. In NDSS.  Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.. In NDSS.","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_1_64_1","volume-title":"Effect of Meltdown and Spectre Patches on the Performance of HPC Applications. arXiv preprint arXiv:1801.04329","author":"Simakov Nikolay A","year":"2018"},{"key":"e_1_3_2_1_65_1","first-page":"950","article-title":"Power reduction for processor front-end by caching decoded instructions","volume":"6","author":"Solomon Baruch","year":"2005","journal-title":"US Patent"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_13"},{"key":"e_1_3_2_1_67_1","volume-title":"Retpoline: a software construct for preventing branch-target-injection. Google Help","author":"Turner Paul","year":"2018"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"crossref","unstructured":"Pepe Vila Boris K\u00f6pf and Jos\u00e9 F Morales. 2019. Theory and practice of finding eviction sets. (2019) 39--54.  Pepe Vila Boris K\u00f6pf and Jos\u00e9 F Morales. 2019. Theory and practice of finding eviction sets. (2019) 39--54.","DOI":"10.1109\/SP.2019.00042"},{"key":"e_1_3_2_1_69_1","volume-title":"ExSpectre: Hiding Malware in Speculative Execution. In 26th Annual Network and Distributed System Security Symposium. NDSS-Symposium","author":"Wampler Jack","year":"2019"},{"key":"e_1_3_2_1_70_1","volume-title":"oo7: Low-overhead Defense against Spectre attacks via Program Analysis","author":"Chattopadhyay Sudipta","year":"2019"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11623-010-0024-4"},{"key":"e_1_3_2_1_72_1","volume-title":"InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy. In 2018 51st Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO). IEEE, 428--441","author":"Yan Mengjia","year":"2018"},{"key":"e_1_3_2_1_73_1","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture (MICRO '52)","author":"Yu Jiyong"}],"event":{"name":"ASPLOS '20: Architectural Support for Programming Languages and Operating Systems","location":"Lausanne Switzerland","acronym":"ASPLOS '20","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373376.3378526","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3373376.3378526","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3373376.3378526","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:16Z","timestamp":1750199896000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3373376.3378526"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,3,9]]},"references-count":72,"alternative-id":["10.1145\/3373376.3378526","10.1145\/3373376"],"URL":"https:\/\/doi.org\/10.1145\/3373376.3378526","relation":{},"subject":[],"published":{"date-parts":[[2020,3,9]]},"assertion":[{"value":"2020-03-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}