{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T01:10:38Z","timestamp":1767834638967,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":54,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,2,22]],"date-time":"2022-02-22T00:00:00Z","timestamp":1645488000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003977","name":"Israel Science Foundation","doi-asserted-by":"publisher","award":["1027\/18"],"award-info":[{"award-number":["1027\/18"]}],"id":[{"id":"10.13039\/501100003977","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["389792660,390696704"],"award-info":[{"award-number":["389792660,390696704"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,2,28]]},"DOI":"10.1145\/3503222.3507729","type":"proceedings-article","created":{"date-parts":[[2022,2,22]],"date-time":"2022-02-22T20:49:01Z","timestamp":1645562941000},"page":"226-239","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["Revizor: testing black-box CPUs against speculation contracts"],"prefix":"10.1145","author":[{"given":"Oleksii","family":"Oleksenko","sequence":"first","affiliation":[{"name":"TU Dresden, Germany"}]},{"given":"Christof","family":"Fetzer","sequence":"additional","affiliation":[{"name":"TU Dresden, Germany"}]},{"given":"Boris","family":"K\u00f6pf","sequence":"additional","affiliation":[{"name":"Microsoft Research, UK"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9659-068X","authenticated-orcid":false,"given":"Mark","family":"Silberstein","sequence":"additional","affiliation":[{"name":"Technion, Israel"}]}],"member":"320","published-online":{"date-parts":[[2022,2,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Andreas Abel and Jan Reineke. 2019. uops.info: Characterizing latency throughput and port usage of instructions on Intel microarchitectures. In ASPLOS.","DOI":"10.1145\/3297858.3304062"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Andreas Abel and Jan Reineke. 2020. nanoBench: A low-overhead tool for running microbenchmarks on x86 systems. In ISPASS.","DOI":"10.1109\/ISPASS48437.2020.00014"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Jade Alglave. 2012. A formal hierarchy of weak memory models. Formal Methods in System Design.","DOI":"10.1007\/s10703-012-0161-5"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"Alasdair Armstrong Thomas Bauereiss Brian Campbell Alastair Reid Kathryn E. Gray Robert M. Norton Prashanth Mundkur Mark Wassell Jon French Christopher Pulte Shaked Flur Ian Stark Neel Krishnaswami and Peter Sewell. 2019. ISA Semantics for ARMv8-a RISC-V and CHERI-MIPS. In POPL.","DOI":"10.1145\/3290384"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.18"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1017\/S0960129511000193"},{"key":"e_1_3_2_1_7_1","volume-title":"Jo Van Bulck, and Yuval Yarom","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, and Yuval Yarom. 2019. Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS."},{"key":"e_1_3_2_1_8_1","volume-title":"Deian Stefan, Tamara Rezk, Gilles Barthe, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe.","author":"Cauligi Sunjay","year":"2020","unstructured":"Sunjay Cauligi, Craig Disselkoen, Klaus v. Gleissenthall, Deian Stefan, Tamara Rezk, Gilles Barthe, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe. 2020. Constant-Time Foundations for the New Spectre Era. In PLDI."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"crossref","unstructured":"Sunjay Cauligi Craig Disselkoen Daniel Moghimi Gilles Barthe and Deian Stefan. 2021. SoK: Practical Foundations for Spectre Defenses. arxiv:2105.05801.","DOI":"10.1109\/SP46214.2022.9833707"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2009-0393"},{"key":"e_1_3_2_1_12_1","unstructured":"Mohammad Rahmani Fadiheh Dominik Stoffel Clark W. Barrett Subhasish Mitra and Wolfgang Kunz. 2019. Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking. In DATE."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Shilpi Goel Warren A. Hunt and Matt Kaufmann. 2017. Engineering a Formal Executable x86 ISA Simulator for Software Verification.","DOI":"10.1007\/978-3-319-48628-4_8"},{"key":"e_1_3_2_1_14_1","volume-title":"Variant 4: Speculative Store Bypass. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1528 Accessed","author":"Google Project Zero","year":"2021","unstructured":"Project Zero Google. 2018. Speculative Execution, Variant 4: Speculative Store Bypass. https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail?id=1528 Accessed: May, 2021."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Ben Gras Cristiano Giuffrida Michael Kurth Herbert Bos and Kaveh Razavi. 2020. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. In NDSS.","DOI":"10.14722\/ndss.2020.23018"},{"key":"e_1_3_2_1_16_1","unstructured":"Daniel Gruss Raphael Spreitzer and Stefan Mangard. 2015. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In Usenix Security."},{"key":"e_1_3_2_1_17_1","volume-title":"SPECTECTOR: Principled Detection of Speculative Information Flows. In S&P.","author":"Guarnieri Marco","year":"2020","unstructured":"Marco Guarnieri, Boris K\u00f6pf, Jose F. Morales, Jan Reineke, and Andres Sanchez. 2020. SPECTECTOR: Principled Detection of Speculative Information Flows. In S&P."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"Marco Guarnieri Boris K\u00f6pf Jan Reineke and Pepe Vila. 2021. Hardware-Software Contracts for Secure Speculation. In S&P.","DOI":"10.1109\/SP40001.2021.00036"},{"key":"e_1_3_2_1_19_1","unstructured":"Shaobo He Michael Emmi and Gabriela Ciocarlie. 2020. ct-fuzz: Fuzzing for Timing Leaks. In ICST."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2544174.2500574"},{"key":"e_1_3_2_1_21_1","unstructured":"Intel Corporation. 2019. Intelsuperscript \u00ae 64 and IA-32 Architectures Software Developer\u2019s Manual."},{"key":"e_1_3_2_1_22_1","unstructured":"Vladimir Kiriansky and Carl Waldspurger. 2018. Speculative Buffer Overflows: Attacks and Defenses. arXiv arxiv:1807.03757."},{"key":"e_1_3_2_1_23_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In S&P.","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In S&P."},{"key":"e_1_3_2_1_24_1","unstructured":"Esmaeil Mohammadian Koruyeh Khaled N Khasawneh Chengyu Song and Nael Abu-Ghazaleh. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In WOOT."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240842"},{"key":"e_1_3_2_1_26_1","volume-title":"Meltdown: Reading Kernel Memory from User Space. In Usenix Security.","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In Usenix Security."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Giorgi Maisuradze and Christian Rossow. 2018. ret2spec: Speculative Execution Using Return Stack Buffers. In CCS.","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_28_1","volume-title":"Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Background Superscalar Memory Architecture. In Usenix Security.","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Moritz Lipp, Berk Sunar, and Michael Schwarz. 2020. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Background Superscalar Memory Architecture. In Usenix Security."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Alon Naveh Efraim Rotem Avi Mendelson Simcha Gochman Rajshree Chabukswar Karthik Krishnan and Arun Kumar. 2006. Power and Thermal Management in the Intel Core Duo Processor.. Intel Technology Journal.","DOI":"10.1535\/itj.1002.03"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"crossref","unstructured":"Hamed Nemati Pablo Buiras Andreas Lindner Roberto Guanciale and Swen Jacobs. 2020. Validation of Abstract Side-Channel Models for Computer Architectures. In CAV.","DOI":"10.1007\/978-3-030-53288-8_12"},{"key":"e_1_3_2_1_31_1","unstructured":"Hamed Nemati Roberto Guanciale Pablo Buiras and Andreas Lindner. 2020. Speculative Leakage in ARM Cortex-A53. arXiv arxiv:2007.06865."},{"key":"e_1_3_2_1_32_1","unstructured":"Oleksii Oleksenko Bohdan Trach Mark Silberstein and Christof Fetzer. 2020. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. In Usenix Security."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Dag Arne Osvik Adi Shamir and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In CT-RSA.","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_1_34_1","volume-title":"Unicorn: Next generation CPU emulator framework. In BlackHat USA.","author":"Quynh Nguyen Anh","year":"2015","unstructured":"Nguyen Anh Quynh and Dang Hoang Vu. 2015. Unicorn: Next generation CPU emulator framework. In BlackHat USA."},{"key":"e_1_3_2_1_35_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Ragab Hany","year":"2021","unstructured":"Hany Ragab, Enrico Barberis, Herbert Bos, and Cristiano Giuffrida. 2021. Rage against the machine clear: A systematic analysis of machine clears and their implications for transient execution attacks. In 30th USENIX Security Symposium (USENIX Security 21). 1451\u20131468."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"crossref","unstructured":"Hany Ragab Alyssa Milburn Kaveh Razavi Herbert Bos and Cristiano Giuffrida. 2021. CrossTalk: Speculative Data Leaks Across Cores Are Real. In S&P.","DOI":"10.1109\/SP40001.2021.00020"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Jose Rodrigo Sanchez Vicarte Pradyumna Shome Nandeeka Nayak Caroline Trippel Adam Morrison David Kohlbrenner and Christopher W Fletcher. 2021. Opening Pandora\u2019s Box: A Systematic Study of New Ways Microarchitecture Can Leak Private Data. In ISCA.","DOI":"10.1109\/ISCA52012.2021.00035"},{"key":"e_1_3_2_1_38_1","first-page":"880","article-title":"Mechanism for saving and retrieving micro-architecture context","volume":"16","author":"Rotem Efraim","year":"2019","unstructured":"Efraim Rotem, Eliezer Weissmann, Boris Ginzburg, Alon Naveh, Nadav Shulman, and Ronny Ronen. 2019. Mechanism for saving and retrieving micro-architecture context. US Patent App. 16\/259,880.","journal-title":"US Patent App."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_3_2_1_40_1","volume-title":"Julian Stecklina, Thomas Prescher, and Daniel Gruss.","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad : Cross-Privilege-Boundary Data Sampling. In CCS."},{"key":"e_1_3_2_1_41_1","unstructured":"Caroline Trippel Daniel Lustig and Margaret Martonosi. 2018. CheckMate: Automated Exploit Program Generation for Hardware Security Verification. In MICRO."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-009-9049-y"},{"key":"e_1_3_2_1_43_1","volume-title":"LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In S&P.","author":"Bulck Jo Van","year":"2020","unstructured":"Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens, and Ku Leuven. 2020. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In S&P."},{"key":"e_1_3_2_1_44_1","volume-title":"RIDL: Rogue In-flight Data Load. In S&P.","author":"van Schaik Stephan","year":"2019","unstructured":"Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue In-flight Data Load. In S&P."},{"key":"e_1_3_2_1_45_1","volume-title":"Deian Stefan, and Ranjit Jhala.","author":"Vassena Marco","year":"2020","unstructured":"Marco Vassena, Klaus V Gleissenthall, Rami G\u00f6khan Kici, Deian Stefan, and Ranjit Jhala. 2020. Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade. CoRR."},{"key":"e_1_3_2_1_46_1","volume-title":"Tulika Mitra, and Abhik Roychoudhury.","author":"Wang Guanhua","year":"2020","unstructured":"Guanhua Wang, Sudipta Chattopadhyay, Arnab Kumar Biswas, Tulika Mitra, and Abhik Roychoudhury. 2020. KLEESpectre: Detecting information leakage through speculative cache attacks via symbolic execution. TOSEM."},{"key":"e_1_3_2_1_47_1","article-title":"oo7: Low-overhead Defense against Spectre Attacks","author":"Wang Guanhua","year":"2019","unstructured":"Guanhua Wang, Sudipta Chattopadhyay, Ivan Gotovchits, Tulika Mitra, and Abhik Roychoudhury. 2019. oo7: Low-overhead Defense against Spectre Attacks. IEEE Transactions on Software Engineering.","journal-title":"IEEE Transactions on Software Engineering."},{"key":"e_1_3_2_1_48_1","volume-title":"Osiris: Automated Discovery of Microarchitectural Side Channels. In Usenix Security.","author":"Weber Daniel","year":"2021","unstructured":"Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow. 2021. Osiris: Automated Discovery of Microarchitectural Side Channels. In Usenix Security."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"},{"key":"e_1_3_2_1_50_1","volume-title":"TestRIG: Framework for testing RISC-V processors with Random Instruction Generation. https:\/\/github.com\/CTSRD-CHERI\/TestRIG Accessed","author":"Woodruff Jonathan","year":"2021","unstructured":"Jonathan Woodruff, Alexandre Joannou, Peter Rugg, Hongyan Xia, James Clarke, Hesham Almatary, Prashanth Mundkur, Robert Norton-Wright, Brian Campbell, Simon Moore, and Peter Sewell. 2018. TestRIG: Framework for testing RISC-V processors with Random Instruction Generation. https:\/\/github.com\/CTSRD-CHERI\/TestRIG Accessed: May, 2021."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"crossref","unstructured":"Yuan Xiao Yinqian Zhang and Radu Teodorescu. 2020. SpeechMiner: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In NDSS.","DOI":"10.14722\/ndss.2020.23105"},{"key":"e_1_3_2_1_52_1","unstructured":"Yuval Yarom and Katrina Falkner. 2014. Flush+Reload: A High Resolution Low Noise L3 Cache Side-channel Attack. In Usenix Security."},{"key":"e_1_3_2_1_53_1","volume-title":"Fletcher","author":"Yu Jiyong","year":"2019","unstructured":"Jiyong Yu, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. 2019. Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data. In MICRO."},{"key":"e_1_3_2_1_54_1","volume-title":"Myers","author":"Zhang Danfeng","year":"2015","unstructured":"Danfeng Zhang, Yao Wang, G. Edward Suh, and Andrew C. Myers. 2015. A hardware design language for timing-sensitive information-flow security. In ASPLOS."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Rui Zhang Calvin Deutschbein Peng Huang and Cynthia Sturton. 2018. End-to-End Automated Exploit Generation for Validating the Security of Processor Designs. In MICRO.","DOI":"10.1109\/MICRO.2018.00071"}],"event":{"name":"ASPLOS '22: 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","location":"Lausanne Switzerland","acronym":"ASPLOS '22","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503222.3507729","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3503222.3507729","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:11:39Z","timestamp":1750191099000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3503222.3507729"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,2,22]]},"references-count":54,"alternative-id":["10.1145\/3503222.3507729","10.1145\/3503222"],"URL":"https:\/\/doi.org\/10.1145\/3503222.3507729","relation":{},"subject":[],"published":{"date-parts":[[2022,2,22]]},"assertion":[{"value":"2022-02-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}