{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T16:48:02Z","timestamp":1761324482818,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":53,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560613","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"1489-1503","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels"],"prefix":"10.1145","author":[{"given":"Ahmad","family":"Ibrahim","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbruecken, Germany"}]},{"given":"Hamed","family":"Nemati","sequence":"additional","affiliation":[{"name":"Stanford University &amp; CISPA Helmholtz Center for Information Security, Stanford, CA, USA"}]},{"given":"Till","family":"Schl\u00fcter","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbruecken, Germany"}]},{"given":"Nils Ole","family":"Tippenhauer","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbruecken, Germany"}]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbruecken, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/RTAS.2013.6531080"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISPASS.2014.6844475"},{"key":"e_1_3_2_2_3_1","first-page":"112","volume-title":"Proceedings of the 8th International Conference on Information and Communications Security, ICICS","author":"Onur","year":"2006","unstructured":"Onur A\u0131i\u00e7mez and \u00c7etin Kaya Ko\u00e7. Trace-driven Cache Attacks on AES (Short Paper) . In Proceedings of the 8th International Conference on Information and Communications Security, ICICS , pages 112 -- 121 . Springer-Verlag , 2006 . Onur A\u0131i\u00e7mez and \u00c7etin Kaya Ko\u00e7. Trace-driven Cache Attacks on AES (Short Paper). In Proceedings of the 8th International Conference on Information and Communications Security, ICICS, pages 112--121. Springer-Verlag, 2006."},{"key":"e_1_3_2_2_4_1","unstructured":"asmregex. https:\/\/github.com\/Usibre\/asmregex\/.  asmregex. https:\/\/github.com\/Usibre\/asmregex\/."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICROW.2012.13"},{"key":"e_1_3_2_2_6_1","volume-title":"Learning cache replacement policies using register automata","author":"Cebollero Guillem Rueda","year":"2013","unstructured":"Guillem Rueda Cebollero . Learning cache replacement policies using register automata . 2013 . Guillem Rueda Cebollero. Learning cache replacement policies using register automata. 2013."},{"key":"e_1_3_2_2_7_1","unstructured":"ARM Cortex-A53 mpcore processor technical reference manual. https:\/\/ developer.arm.com\/documentation\/ddi0500\/j\/.  ARM Cortex-A53 mpcore processor technical reference manual. https:\/\/ developer.arm.com\/documentation\/ddi0500\/j\/."},{"key":"e_1_3_2_2_8_1","volume-title":"Electromagnetic analy- sis: Concrete results. CHES '01, page 251--261","author":"Gandolfi Karine","year":"2001","unstructured":"Karine Gandolfi , Christophe Mourtel , and Francis Olivier . Electromagnetic analy- sis: Concrete results. CHES '01, page 251--261 , Berlin, Heidelberg , 2001 . Springer-Verlag . Karine Gandolfi, Christophe Mourtel, and Francis Olivier. Electromagnetic analy- sis: Concrete results. CHES '01, page 251--261, Berlin, Heidelberg, 2001. Springer-Verlag."},{"key":"e_1_3_2_2_9_1","unstructured":"GDB developers. GDB: The GNU Project Debugger. https:\/\/www.gnu.org\/software\/gdb.  GDB developers. GDB: The GNU Project Debugger. https:\/\/www.gnu.org\/software\/gdb."},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23018"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978356"},{"key":"e_1_3_2_2_12_1","first-page":"300","volume-title":"DIMVA 2016, San Sebasti\u00e1n, Spain, July 7-8, 2016","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss , Cl\u00e9mentine Maurice , and Stefan Mangard . Rowhammer.js : A remote software-induced fault attack in javascript. In Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference , DIMVA 2016, San Sebasti\u00e1n, Spain, July 7-8, 2016 , Proceedings , pages 300 -- 321 , 2016 . Daniel Gruss, Cl\u00e9mentine Maurice, and Stefan Mangard. Rowhammer.js: A remote software-induced fault attack in javascript. In Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, San Sebasti\u00e1n, Spain, July 7-8, 2016, Proceedings, pages 300--321, 2016."},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_2_14_1","first-page":"897","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Gruss Daniel","year":"2015","unstructured":"Daniel Gruss , Raphael Spreitzer , and Stefan Mangard . Cache template attacks: Automating attacks on inclusive last-level caches . In 24th USENIX Security Symposium (USENIX Security 15) , pages 897 -- 912 , Washington, D.C. , August 2015 . USENIX Association. Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium (USENIX Security 15), pages 897--912, Washington, D.C., August 2015. USENIX Association."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.11"},{"key":"e_1_3_2_2_16_1","volume-title":"June","author":"Jaleel Aamer","year":"2010","unstructured":"Aamer Jaleel , Kevin B. Theobald , Simon C. Steely , and Joel Emer . High performance cache replacement using re-reference interval prediction (rrip). 38(3):60--71 , June 2010 . Aamer Jaleel, Kevin B. Theobald, Simon C. Steely, and Joel Emer. High performance cache replacement using re-reference interval prediction (rrip). 38(3):60--71, June 2010."},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00002"},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.5555\/646761.706156"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/646764.703989"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2009.165"},{"key":"e_1_3_2_2_21_1","first-page":"549","volume-title":"25th USENIX Security Symposium, USENIX Security 16","author":"Lipp Moritz","year":"2016","unstructured":"Moritz Lipp , Daniel Gruss , Raphael Spreitzer , Cl\u00e9mentine Maurice , and Stefan Mangard . Armageddon : Cache attacks on mobile devices . In 25th USENIX Security Symposium, USENIX Security 16 , Austin, TX, USA , August 10-12, 2016 , pages 549 -- 564 , 2016. Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Cl\u00e9mentine Maurice, and Stefan Mangard. Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016, pages 549--564, 2016."},{"key":"e_1_3_2_2_22_1","volume-title":"arXiv preprint arXiv:1801.01207","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp , Michael Schwarz , Daniel Gruss , Thomas Prescher , Werner Haas , Stefan Mangard , Paul Kocher , Daniel Genkin , Yuval Yarom , and Mike Hamburg . Meltdown. arXiv preprint arXiv:1801.01207 , 2018 . Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown. arXiv preprint arXiv:1801.01207, 2018."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_3"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23294"},{"key":"e_1_3_2_2_26_1","first-page":"1427","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi , Moritz Lipp , Berk Sunar , and Michael Schwarz . Medusa : Mi- croarchitectural data leakage via automated attack synthesis. In Srdjan Capkun and Franziska Roesner, editors , 29th USENIX Security Symposium, USENIX Security 2020 , August 12-14, 2020 , pages 1427 -- 1444 . USENIX Association , 2020. Daniel Moghimi, Moritz Lipp, Berk Sunar, and Michael Schwarz. Medusa: Mi- croarchitectural data leakage via automated attack synthesis. In Srdjan Capkun and Franziska Roesner, editors, 29th USENIX Security Symposium, USENIX Security 2020, August 12-14, 2020, pages 1427--1444. USENIX Association, 2020."},{"key":"e_1_3_2_2_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-53288-8_12"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.5555\/1756516.1756531"},{"key":"e_1_3_2_2_30_1","volume-title":"Februar 2020","author":"Nilizadeh Shirin","year":"2020","unstructured":"Shirin Nilizadeh , Yannic Noller , and Corina S. Pasareanu . Diffuzz: Differential fuzzing for side-channel analysis. In Software Engineering 2020, Fachtagung des GI-Fachbereichs Softwaretechnik, 24.-28 . Februar 2020 , Innsbruck, Austria, pages 125--126 , 2020 . Shirin Nilizadeh, Yannic Noller, and Corina S. Pasareanu. Diffuzz: Differential fuzzing for side-channel analysis. In Software Engineering 2020, Fachtagung des GI-Fachbereichs Softwaretechnik, 24.-28. Februar 2020, Innsbruck, Austria, pages 125--126, 2020."},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SBAC-PAD.2007.15"},{"key":"e_1_3_2_2_33_1","volume-title":"In Proc. of BSDCan 2005","author":"Percival Colin","year":"2005","unstructured":"Colin Percival . Cache missing for fun and profit . In In Proc. of BSDCan 2005 , 2005 . Colin Percival. Cache missing for fun and profit. In In Proc. of BSDCan 2005, 2005."},{"key":"e_1_3_2_2_34_1","volume-title":"Stefan Mangard. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security Symposium","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl , Daniel Gruss , Cl\u00e9mentine Maurice , Michael Schwarz , and Stefan Mangard. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security Symposium , 2016 . Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security Symposium, 2016."},{"key":"e_1_3_2_2_35_1","unstructured":"Plumber. https:\/\/github.com\/scy-phy\/plumber\/.  Plumber. https:\/\/github.com\/scy-phy\/plumber\/."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00020"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"e_1_3_2_2_38_1","volume-title":"One covert channel to rule them all: A practical approach to data exfiltration in the cloud","author":"Semal Benjamin","year":"2020","unstructured":"Benjamin Semal , Konstantinos Markantonakis , Keith Mayes , and Jan Kalbantner . One covert channel to rule them all: A practical approach to data exfiltration in the cloud . 2020 . Benjamin Semal, Konstantinos Markantonakis, Keith Mayes, and Jan Kalbantner. One covert channel to rule them all: A practical approach to data exfiltration in the cloud. 2020."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243736"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-10672-9_3"},{"key":"e_1_3_2_2_41_1","volume-title":"Fastspec: Scalable generation and detection of spectre gadgets using neural embeddings. CoRR, abs\/2006.14147","author":"Tol M. Caner","year":"2020","unstructured":"M. Caner Tol , Koray Yurtseven , Berk G\u00fclmezoglu , and Berk Sunar . Fastspec: Scalable generation and detection of spectre gadgets using neural embeddings. CoRR, abs\/2006.14147 , 2020 . M. Caner Tol, Koray Yurtseven, Berk G\u00fclmezoglu, and Berk Sunar. Fastspec: Scalable generation and detection of spectre gadgets using neural embeddings. CoRR, abs\/2006.14147, 2020."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00081"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00145-009-9049-y"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"e_1_3_2_2_45_1","first-page":"207","volume-title":"IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS 2009, April 26-28, 2009, Boston, Massachusetts, USA","author":"Uzelac Vladimir","year":"2009","unstructured":"Vladimir Uzelac and Aleksandar Milenkovic . Experiment flows and microbench- marks for reverse engineering of branch predictor structures . In IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS 2009, April 26-28, 2009, Boston, Massachusetts, USA , Proceedings , pages 207 -- 217 , 2009 . Vladimir Uzelac and Aleksandar Milenkovic. Experiment flows and microbench- marks for reverse engineering of branch predictor structures. In IEEE International Symposium on Performance Analysis of Systems and Software, ISPASS 2009, April 26-28, 2009, Boston, Massachusetts, USA, Proceedings, pages 207--217, 2009."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00087"},{"key":"e_1_3_2_2_47_1","volume-title":"Cacheout: Leaking data on intel cpus via cache evictions","author":"van Schaik Stephan","year":"2020","unstructured":"Stephan van Schaik , Marina Minkin , Andrew Kwong , Daniel Genkin , and Yuval Yarom . Cacheout: Leaking data on intel cpus via cache evictions , 2020 . Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin, and Yuval Yarom. Cacheout: Leaking data on intel cpus via cache evictions, 2020."},{"key":"e_1_3_2_2_48_1","volume-title":"Opening pandora's box: A systematic study of new ways microarchitecture can leak private data","author":"Sanchez Vicarte Jose Rodrigo","year":"2021","unstructured":"Jose Rodrigo Sanchez Vicarte , Pradyumna Shome , Nandeeka Nayak , Caroline Trippel , Adam Morrison , David Kohlbrenner , and Christopher W Fletcher . Opening pandora's box: A systematic study of new ways microarchitecture can leak private data . 2021 . Jose Rodrigo Sanchez Vicarte, Pradyumna Shome, Nandeeka Nayak, Caroline Trippel, Adam Morrison, David Kohlbrenner, and Christopher W Fletcher. Opening pandora's box: A systematic study of new ways microarchitecture can leak private data. 2021."},{"key":"e_1_3_2_2_49_1","first-page":"519","volume-title":"Cachequery: Learning replacement policies from hardware caches. PLDI","author":"Vila Pepe","year":"2020","unstructured":"Pepe Vila , Pierre Ganty , Marco Guarnieri , and Boris K\u00f6pf . Cachequery: Learning replacement policies from hardware caches. PLDI 2020 , page 519 -- 532 , New York, NY , USA, 2020. Association for Computing Machinery . Pepe Vila, Pierre Ganty, Marco Guarnieri, and Boris K\u00f6pf. Cachequery: Learning replacement policies from hardware caches. PLDI 2020, page 519--532, New York, NY, USA, 2020. Association for Computing Machinery."},{"key":"e_1_3_2_2_50_1","volume-title":"Osiris: Automated discovery of microarchitectural side channels. CoRR, abs\/2106.03470","author":"Weber Daniel","year":"2021","unstructured":"Daniel Weber , Ahmad Ibrahim , Hamed Nemati , Michael Schwarz , and Christian Rossow . Osiris: Automated discovery of microarchitectural side channels. CoRR, abs\/2106.03470 , 2021 . 51] Zhenyu Wu, Zhang Xu , and Haining Wang. Whispers in the Hyper-space : High- speed Covert Channel Attacks in the Cloud. In USENIX Security Symposium , 2012. Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow. Osiris: Automated discovery of microarchitectural side channels. CoRR, abs\/2106.03470, 2021. 51] Zhenyu Wu, Zhang Xu, and Haining Wang. Whispers in the Hyper-space: High- speed Covert Channel Attacks in the Cloud. In USENIX Security Symposium, 2012."},{"key":"e_1_3_2_2_51_1","first-page":"719","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner . FlushReload : a high resolution, low noise, L3 cache side-channel attack . In Proceedings of the 23rd USENIX Conference on Security Symposium , pages 719 -- 732 , 2014 . Yuval Yarom and Katrina Falkner. FlushReload: a high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Conference on Security Symposium, pages 719--732, 2014."},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-017-0152-y"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382230"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Los Angeles CA USA","acronym":"CCS '22"},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560613","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560613","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:58Z","timestamp":1750182538000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560613"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":53,"alternative-id":["10.1145\/3548606.3560613","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560613","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}