{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T07:09:49Z","timestamp":1769929789577,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":68,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["427774779"],"award-info":[{"award-number":["427774779"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["16KIS1437K"],"award-info":[{"award-number":["16KIS1437K"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560654","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"2915-2929","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Microwalk-CI"],"prefix":"10.1145","author":[{"given":"Jan","family":"Wichelmann","sequence":"first","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"given":"Florian","family":"Sieck","sequence":"additional","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"given":"Anna","family":"P\u00e4tschke","sequence":"additional","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"given":"Thomas","family":"Eisenbarth","sequence":"additional","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17--20, 2010. Proceedings (Lecture Notes in Computer Science","volume":"124","author":"Onur Aciicc","year":"2010","unstructured":"Onur Aciicc mez, Billy Bob Brumley , and Philipp Grabher . 2010 . New Results on Instruction Cache Attacks. In Cryptographic Hardware and Embedded Systems , CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17--20, 2010. Proceedings (Lecture Notes in Computer Science , Vol. 6225). Springer, 110-- 124 . https:\/\/doi.org\/10.1007\/978--3--642--15031--9_8 10.1007\/978--3--642--15031--9_8 Onur Aciicc mez, Billy Bob Brumley, and Philipp Grabher. 2010. New Results on Instruction Cache Attacks. In Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17--20, 2010. Proceedings (Lecture Notes in Computer Science, Vol. 6225). Springer, 110--124. https:\/\/doi.org\/10.1007\/978--3--642--15031--9_8"},{"key":"e_1_3_2_1_2_1","volume-title":"Proceedings (Lecture Notes in Computer Science","volume":"242","author":"Onur Aciicc","year":"2007","unstructured":"Onur Aciicc mez, c C etin Kaya Kocc , and Jean-Pierre Seifert . 2007 . Predicting Secret Keys Via Branch Prediction. In Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5--9, 2007 , Proceedings (Lecture Notes in Computer Science , Vol. 4377). Springer, 225-- 242 . https:\/\/doi.org\/10.1007\/11967668_15 10.1007\/11967668_15 Onur Aciicc mez, cC etin Kaya Kocc, and Jean-Pierre Seifert. 2007. Predicting Secret Keys Via Branch Prediction. In Topics in Cryptology - CT-RSA 2007, The Cryptographers' Track at the RSA Conference 2007, San Francisco, CA, USA, February 5--9, 2007, Proceedings (Lecture Notes in Computer Science, Vol. 4377). Springer, 225--242. https:\/\/doi.org\/10.1007\/11967668_15"},{"key":"e_1_3_2_1_3_1","unstructured":"AES-JS. Accessed: 2022-05-02. https:\/\/github.com\/ricmoo\/aes-js.  AES-JS. Accessed: 2022-05-02. https:\/\/github.com\/ricmoo\/aes-js."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2020.i2.196-221"},{"key":"e_1_3_2_1_5_1","volume-title":"Verifying Constant-Time Implementations. In 25th USENIX Security Symposium, USENIX Security 16","author":"Almeida Jos\u00e9 Bacelar","year":"2016","unstructured":"Jos\u00e9 Bacelar Almeida , Manuel Barbosa , Gilles Barthe , Francc ois Dupressoir , and Michael Emmi . 2016 . Verifying Constant-Time Implementations. In 25th USENIX Security Symposium, USENIX Security 16 , Austin, TX, USA, August 10--12 , 2016. USENIX Association, 53--70. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/almeida Jos\u00e9 Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Francc ois Dupressoir, and Michael Emmi. 2016. Verifying Constant-Time Implementations. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016. USENIX Association, 53--70. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/almeida"},{"key":"e_1_3_2_1_6_1","volume-title":"Abacus: Precise Side-Channel Analysis. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021","author":"Bao Qinkun","year":"2021","unstructured":"Qinkun Bao , Zihao Wang , Xiaoting Li , James R. Larus , and Dinghao Wu . 2021 . Abacus: Precise Side-Channel Analysis. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021 , Madrid, Spain, 22- -30 May 2021. IEEE, 797--809. https:\/\/doi.org\/10.1109\/ICSE43902.2021.00078 10.1109\/ICSE43902.2021.00078 Qinkun Bao, Zihao Wang, Xiaoting Li, James R. Larus, and Dinghao Wu. 2021. Abacus: Precise Side-Channel Analysis. In 43rd IEEE\/ACM International Conference on Software Engineering, ICSE 2021, Madrid, Spain, 22--30 May 2021. IEEE, 797--809. https:\/\/doi.org\/10.1109\/ICSE43902.2021.00078"},{"key":"e_1_3_2_1_7_1","unstructured":"base64-js. Accessed: 2022-05-02. https:\/\/github.com\/beatgammit\/base64-js.  base64-js. Accessed: 2022-05-02. https:\/\/github.com\/beatgammit\/base64-js."},{"key":"e_1_3_2_1_8_1","unstructured":"base64.js. Accessed: 2022-05-02. https:\/\/github.com\/dankogai\/js-base64.  base64.js. Accessed: 2022-05-02. https:\/\/github.com\/dankogai\/js-base64."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2013.219"},{"key":"e_1_3_2_1_10_1","unstructured":"Daniel J Bernstein. 2005. Cache-Timing Attacks on AES.  Daniel J Bernstein. 2005. Cache-Timing Attacks on AES."},{"key":"e_1_3_2_1_11_1","unstructured":"bn.js. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/bn.js.  bn.js. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/bn.js."},{"key":"e_1_3_2_1_12_1","unstructured":"Ernie Brickell Gary Graunke Michael Neve and Jean-Pierre Seifert. 2006. Software Mitigations to Hedge AES Against Cache-Based Software Side Channel Vulnerabilities. IACR Cryptol. ePrint Arch. (2006) 52. http:\/\/eprint.iacr.org\/2006\/052  Ernie Brickell Gary Graunke Michael Neve and Jean-Pierre Seifert. 2006. Software Mitigations to Hedge AES Against Cache-Based Software Side Channel Vulnerabilities. IACR Cryptol. ePrint Arch. (2006) 52. http:\/\/eprint.iacr.org\/2006\/052"},{"key":"e_1_3_2_1_13_1","volume-title":"CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In 2019 IEEE Symposium on Security and Privacy, S&P 2019","author":"Brotzman Robert","year":"2019","unstructured":"Robert Brotzman , Shen Liu , Danfeng Zhang , Gang Tan , and Mahmut T. Kandemir . 2019 . CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In 2019 IEEE Symposium on Security and Privacy, S&P 2019 , San Francisco, CA, USA, May 19--23 , 2019 . IEEE, 505--521. https:\/\/doi.org\/10.1109\/SP.2019.00022 10.1109\/SP.2019.00022 Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, and Mahmut T. Kandemir. 2019. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In 2019 IEEE Symposium on Security and Privacy, S&P 2019, San Francisco, CA, USA, May 19--23, 2019. IEEE, 505--521. https:\/\/doi.org\/10.1109\/SP.2019.00022"},{"key":"e_1_3_2_1_14_1","first-page":"1","article-title":"SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In SysTEX@SOSP","volume":"4","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck , Frank Piessens , and Raoul Strackx . 2017 . SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In SysTEX@SOSP . ACM , 4 : 1 -- 4 :6. Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control. In SysTEX@SOSP. ACM, 4:1--4:6.","journal-title":"ACM"},{"key":"e_1_3_2_1_15_1","unstructured":"crypto-js. Accessed: 2022-05-02. https:\/\/github.com\/brix\/crypto-js.  crypto-js. Accessed: 2022-05-02. https:\/\/github.com\/brix\/crypto-js."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00074"},{"key":"e_1_3_2_1_17_1","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Doychev Goran","year":"2013","unstructured":"Goran Doychev , Dominik Feld , Boris K\u00f6 pf, Laurent Mauborgne , and Jan Reineke . 2013 . CacheAudit: A Tool for the Static Analysis of Cache Side Channels . In Proceedings of the 22th USENIX Security Symposium , Washington, DC, USA, August 14--16 , 2013. USENIX Association, 431--446. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/doychev Goran Doychev, Dominik Feld, Boris K\u00f6 pf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14--16, 2013. USENIX Association, 431--446. https:\/\/www.usenix.org\/conference\/usenixsecurity13\/technical-sessions\/paper\/doychev"},{"key":"e_1_3_2_1_18_1","unstructured":"Elliptic. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/elliptic.  Elliptic. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/elliptic."},{"key":"e_1_3_2_1_19_1","unstructured":"Forge. Accessed: 2022-05-02. https:\/\/github.com\/digitalbazaar\/forge.  Forge. Accessed: 2022-05-02. https:\/\/github.com\/digitalbazaar\/forge."},{"key":"e_1_3_2_1_20_1","unstructured":"GitLab. Accessed: 2022-04--26. Code Quality. https:\/\/docs.gitlab.com\/ee\/user\/project\/merge_requests\/code_quality.html.  GitLab. Accessed: 2022-04--26. Code Quality. https:\/\/docs.gitlab.com\/ee\/user\/project\/merge_requests\/code_quality.html."},{"key":"e_1_3_2_1_21_1","unstructured":"Google. Accessed: 2022-04--26. Tracing Framework. https:\/\/github.com\/google\/tracing-framework.  Google. Accessed: 2022-04--26. Tracing Framework. https:\/\/github.com\/google\/tracing-framework."},{"key":"e_1_3_2_1_22_1","volume-title":"Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In 27th USENIX Security Symposium, USENIX Security 2018","author":"Gras Ben","year":"2018","unstructured":"Ben Gras , Kaveh Razavi , Herbert Bos , and Cristiano Giuffrida . 2018 . Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In 27th USENIX Security Symposium, USENIX Security 2018 , Baltimore, MD, USA, August 15--17 , 2018. USENIX Association, 955--972. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/gras Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15--17, 2018. USENIX Association, 955--972. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/gras"},{"key":"e_1_3_2_1_23_1","volume-title":"Information Theory with Applications","author":"Silviu","unstructured":"Silviu Guia?u. 1977. Information Theory with Applications . McGraw-Hill Companies . Silviu Guia?u. 1977. Information Theory with Applications. McGraw-Hill Companies."},{"key":"e_1_3_2_1_24_1","unstructured":"hash.js. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/hash.js.  hash.js. Accessed: 2022-05-02. https:\/\/github.com\/indutny\/hash.js."},{"key":"e_1_3_2_1_25_1","volume-title":"13th IEEE International Conference on Software Testing, Validation and Verification, ICST 2020","author":"He Shaobo","year":"2020","unstructured":"Shaobo He , Michael Emmi , and Gabriela F. Ciocarlie . 2020. ct-fuzz: Fuzzing for Timing Leaks . In 13th IEEE International Conference on Software Testing, Validation and Verification, ICST 2020 , Porto, Portugal, October 24--28 , 2020 . IEEE, 466--471. https:\/\/doi.org\/10.1109\/ICST46399.2020.00063 10.1109\/ICST46399.2020.00063 Shaobo He, Michael Emmi, and Gabriela F. Ciocarlie. 2020. ct-fuzz: Fuzzing for Timing Leaks. In 13th IEEE International Conference on Software Testing, Validation and Verification, ICST 2020, Porto, Portugal, October 24--28, 2020. IEEE, 466--471. https:\/\/doi.org\/10.1109\/ICST46399.2020.00063"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings (Lecture Notes in Computer Science","volume":"388","author":"Inci Mehmet Sinan","year":"2016","unstructured":"Mehmet Sinan Inci , Berk G\u00fc lmezoglu, Gorka Irazoqui , Thomas Eisenbarth , and Berk Sunar . 2016 . Cache Attacks Enable Bulk Key Recovery on the Cloud. In Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17--19, 2016 , Proceedings (Lecture Notes in Computer Science , Vol. 9813), , Benedikt Gierlichs and Axel Y. Poschmann (Eds.). Springer, 368-- 388 . https:\/\/doi.org\/10.1007\/978--3--662--53140--2_18 10.1007\/978--3--662--53140--2_18 Mehmet Sinan Inci, Berk G\u00fc lmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cache Attacks Enable Bulk Key Recovery on the Cloud. In Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17--19, 2016, Proceedings (Lecture Notes in Computer Science, Vol. 9813), , Benedikt Gierlichs and Axel Y. Poschmann (Eds.). Springer, 368--388. https:\/\/doi.org\/10.1007\/978--3--662--53140--2_18"},{"key":"e_1_3_2_1_27_1","unstructured":"Intel. Accessed: 2022-05-02. Pin 3.22 User Guide. https:\/\/software.intel.com\/sites\/landingpage\/pintool\/docs\/98547\/Pin\/html\/.  Intel. Accessed: 2022-05-02. Pin 3.22 User Guide. https:\/\/software.intel.com\/sites\/landingpage\/pintool\/docs\/98547\/Pin\/html\/."},{"key":"e_1_3_2_1_28_1","volume-title":"Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries. CoRR","author":"Irazoqui Gorka","year":"2017","unstructured":"Gorka Irazoqui , Kai Cong , Xiaofei Guo , Hareesh Khattri , Arun K. Kanuparthi , Thomas Eisenbarth , and Berk Sunar . 2017. Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries. CoRR , Vol. abs\/ 1709 .01552 ( 2017 ). showeprint[arXiv]1709.01552 http:\/\/arxiv.org\/abs\/1709.01552 Gorka Irazoqui, Kai Cong, Xiaofei Guo, Hareesh Khattri, Arun K. Kanuparthi, Thomas Eisenbarth, and Berk Sunar. 2017. Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries. CoRR , Vol. abs\/1709.01552 (2017). showeprint[arXiv]1709.01552 http:\/\/arxiv.org\/abs\/1709.01552"},{"key":"e_1_3_2_1_29_1","volume-title":"2022 IEEE Symposium on Security and Privacy (S&P). 755--772","author":"Jancar J.","unstructured":"J. Jancar , M. Fourn\u00e9 , D. De Almeida Braga, M. Sabt, P. Schwabe, G. Barthe, P. Fouque, and Y. Acar. 2022. \"They're not that hard to mitigate\": What Cryptographic Library Developers Think About Timing Attacks . In 2022 IEEE Symposium on Security and Privacy (S&P). 755--772 . J. Jancar, M. Fourn\u00e9, D. De Almeida Braga, M. Sabt, P. Schwabe, G. Barthe, P. Fouque, and Y. Acar. 2022. \"They're not that hard to mitigate\": What Cryptographic Library Developers Think About Timing Attacks. In 2022 IEEE Symposium on Security and Privacy (S&P). 755--772."},{"key":"e_1_3_2_1_30_1","volume-title":"16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9--11, 2009. Proceedings (Lecture Notes in Computer Science","volume":"255","author":"Jensen Simon Holm","year":"2009","unstructured":"Simon Holm Jensen , Anders M\u00f8ller , and Peter Thiemann . 2009 . Type Analysis for JavaScript. In Static Analysis , 16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9--11, 2009. Proceedings (Lecture Notes in Computer Science , Vol. 5673). Springer, 238-- 255 . https:\/\/doi.org\/10.1007\/978--3--642-03237-0_17 10.1007\/978--3--642-03237-0_17 Simon Holm Jensen, Anders M\u00f8ller, and Peter Thiemann. 2009. Type Analysis for JavaScript. In Static Analysis, 16th International Symposium, SAS 2009, Los Angeles, CA, USA, August 9--11, 2009. Proceedings (Lecture Notes in Computer Science, Vol. 5673). Springer, 238--255. https:\/\/doi.org\/10.1007\/978--3--642-03237-0_17"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635904"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007","author":"Boris","year":"2007","unstructured":"Boris K\u00f6 pf and David A. Basin. 2007. An Information-Theoretic Model for Adaptive Side-Channel Attacks . In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007 , Alexandria, Virginia, USA, October 28--31 , 2007 . ACM, 286--296. https:\/\/doi.org\/10.1145\/1315245.1315282 10.1145\/1315245.1315282 Boris K\u00f6 pf and David A. Basin. 2007. An Information-Theoretic Model for Adaptive Side-Channel Attacks. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28--31, 2007. ACM, 286--296. https:\/\/doi.org\/10.1145\/1315245.1315282"},{"key":"e_1_3_2_1_33_1","unstructured":"Adam Langley. 2010. ctgrind: Checking that Functions are Constant Time with Valgrind.  Adam Langley. 2010. ctgrind: Checking that Functions are Constant Time with Valgrind."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3167132.3167151"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.43"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3456629"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10766-018-0611-9"},{"key":"e_1_3_2_1_38_1","volume-title":"CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi , Jo Van Bulck , Nadia Heninger , Frank Piessens , and Berk Sunar . 2020 . CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium, USENIX Security 2020 , August 12 --14 , 2020, , Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 469--486. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/moghimi-copycat Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, , Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 469--486. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/moghimi-copycat"},{"key":"e_1_3_2_1_39_1","volume-title":"TIMECOP: Automated Dynamic Analysis for Timing Side-Channels. https:\/\/www.post-apocalyptic-crypto.org\/timecop\/","author":"Neikes Moritz","year":"2020","unstructured":"Moritz Neikes . 2020 . TIMECOP: Automated Dynamic Analysis for Timing Side-Channels. https:\/\/www.post-apocalyptic-crypto.org\/timecop\/ Moritz Neikes. 2020. TIMECOP: Automated Dynamic Analysis for Timing Side-Channels. https:\/\/www.post-apocalyptic-crypto.org\/timecop\/"},{"key":"e_1_3_2_1_40_1","unstructured":"OpenJS Foundation. Accessed: 2022-05-02. Node.js - JavaScript Runtime. https:\/\/nodejs.org.  OpenJS Foundation. Accessed: 2022-05-02. Node.js - JavaScript Runtime. https:\/\/nodejs.org."},{"key":"e_1_3_2_1_41_1","unstructured":"OpenTelemetry. Accessed: 2022-04--26. OpenTelemetry JavaScript. https:\/\/github.com\/open-telemetry\/opentelemetry-js.  OpenTelemetry. Accessed: 2022-04--26. OpenTelemetry JavaScript. https:\/\/github.com\/open-telemetry\/opentelemetry-js."},{"key":"e_1_3_2_1_42_1","volume-title":"Proceedings (Lecture Notes in Computer Science","volume":"20","author":"Osvik Dag Arne","year":"2006","unstructured":"Dag Arne Osvik , Adi Shamir , and Eran Tromer . 2006 . Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13--17, 2006 , Proceedings (Lecture Notes in Computer Science , Vol. 3860). Springer, 1-- 20 . https:\/\/doi.org\/10.1007\/11605805_1 10.1007\/11605805_1 Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13--17, 2006, Proceedings (Lecture Notes in Computer Science, Vol. 3860). Springer, 1--20. https:\/\/doi.org\/10.1007\/11605805_1"},{"key":"e_1_3_2_1_43_1","unstructured":"pbkdf2. Accessed: 2022-05-02. https:\/\/github.com\/crypto-browserify\/pbkdf2.  pbkdf2. Accessed: 2022-05-02. https:\/\/github.com\/crypto-browserify\/pbkdf2."},{"key":"e_1_3_2_1_44_1","volume-title":"DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium, USENIX Security 16","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl , Daniel Gruss , Cl\u00e9 mentine Maurice , Michael Schwarz , and Stefan Mangard . 2016 . DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium, USENIX Security 16 , Austin, TX, USA, August 10--12 , 2016, , Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 565--581. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/pessl Peter Pessl, Daniel Gruss, Cl\u00e9 mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10--12, 2016, , Thorsten Holz and Stefan Savage (Eds.). USENIX Association, 565--581. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/pessl"},{"key":"e_1_3_2_1_45_1","volume-title":"2022-05-02. The RedMonk Programming Language Rankings","author":"Monk Red","year":"2022","unstructured":"Red Monk . Accessed : 2022-05-02. The RedMonk Programming Language Rankings : January 2022 . https:\/\/redmonk.com\/sogrady\/2022\/03\/28\/language-rankings-1--22\/. Red Monk. Accessed: 2022-05-02. The RedMonk Programming Language Rankings: January 2022. https:\/\/redmonk.com\/sogrady\/2022\/03\/28\/language-rankings-1--22\/."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.23919\/DATE.2017.7927267"},{"key":"e_1_3_2_1_47_1","volume-title":"SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers. In IEEE European Symposium on Security and Privacy, EuroS&P 2021","author":"Rokicki Thomas","year":"2021","unstructured":"Thomas Rokicki , Cl\u00e9 mentine Maurice , and Pierre Laperdrix . 2021 . SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers. In IEEE European Symposium on Security and Privacy, EuroS&P 2021 , Vienna, Austria, September 6--10 , 2021. IEEE, 472--486. https:\/\/doi.org\/10.1109\/EuroSP51992.2021.00039 10.1109\/EuroSP51992.2021.00039 Thomas Rokicki, Cl\u00e9 mentine Maurice, and Pierre Laperdrix. 2021. SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers. In IEEE European Symposium on Security and Privacy, EuroS&P 2021, Vienna, Austria, September 6--10, 2021. IEEE, 472--486. https:\/\/doi.org\/10.1109\/EuroSP51992.2021.00039"},{"key":"e_1_3_2_1_48_1","unstructured":"Samsung. Accessed: 2022-04--26. Jalangi2 Source. https:\/\/github.com\/Samsung\/jalangi2.  Samsung. Accessed: 2022-04--26. Jalangi2 Source. https:\/\/github.com\/Samsung\/jalangi2."},{"key":"e_1_3_2_1_49_1","unstructured":"SAP. Accessed: 2022-04--26. Project Foxhound. https:\/\/github.com\/SAP\/project-foxhound.  SAP. Accessed: 2022-04--26. Project Foxhound. https:\/\/github.com\/SAP\/project-foxhound."},{"key":"e_1_3_2_1_50_1","volume-title":"JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018","author":"Schwarz Michael","year":"2018","unstructured":"Michael Schwarz , Moritz Lipp , and Daniel Gruss . 2018 . JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018 , San Diego, California, USA, February 18--21 , 2018. The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_07A-3_Schwarz_paper.pdf Michael Schwarz, Moritz Lipp, and Daniel Gruss. 2018. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18--21, 2018. The Internet Society. http:\/\/wp.internetsociety.org\/ndss\/wp-content\/uploads\/sites\/25\/2018\/02\/ndss2018_07A-3_Schwarz_paper.pdf"},{"key":"e_1_3_2_1_51_1","volume-title":"FC 2017, Sliema, Malta, April 3--7","volume":"267","author":"Schwarz Michael","year":"2017","unstructured":"Michael Schwarz , Cl\u00e9 mentine Maurice , Daniel Gruss , and Stefan Mangard . 2017 . Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript. In Financial Cryptography and Data Security - 21st International Conference , FC 2017, Sliema, Malta, April 3--7 , 2017, Revised Selected Papers (Lecture Notes in Computer Science , Vol. 10322). Springer, 247-- 267 . https:\/\/doi.org\/10.1007\/978--3--319--70972--7_13 10.1007\/978--3--319--70972--7_13 Michael Schwarz, Cl\u00e9 mentine Maurice, Daniel Gruss, and Stefan Mangard. 2017. Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript. In Financial Cryptography and Data Security - 21st International Conference, FC 2017, Sliema, Malta, April 3--7, 2017, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 10322). Springer, 247--267. https:\/\/doi.org\/10.1007\/978--3--319--70972--7_13"},{"key":"#cr-split#-e_1_3_2_1_52_1.1","doi-asserted-by":"crossref","unstructured":"Koushik Sen Swaroop Kalasapur Tasneem G. Brutch and Simon Gibbs. 2013. Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering ESEC\/FSE'13 Saint Petersburg Russian Federation August 18--26 2013. ACM 488--498. https:\/\/doi.org\/10.1145\/2491411.2491447 10.1145\/2491411.2491447","DOI":"10.1145\/2491411.2491447"},{"key":"#cr-split#-e_1_3_2_1_52_1.2","doi-asserted-by":"crossref","unstructured":"Koushik Sen Swaroop Kalasapur Tasneem G. Brutch and Simon Gibbs. 2013. Jalangi: A Selective Record-Replay and Dynamic Analysis Framework for JavaScript. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering ESEC\/FSE'13 Saint Petersburg Russian Federation August 18--26 2013. ACM 488--498. https:\/\/doi.org\/10.1145\/2491411.2491447","DOI":"10.1145\/2491411.2491447"},{"key":"e_1_3_2_1_53_1","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Shusterman Anatoly","year":"2021","unstructured":"Anatoly Shusterman , Ayush Agarwal , Sioli O'Connell , Daniel Genkin , Yossi Oren , and Yuval Yarom . 2021 . PrimeProbe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses . In 30th USENIX Security Symposium, USENIX Security 2021 , August 11 --13 , 2021. USENIX Association, 2863--2880. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/shusterman Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren, and Yuval Yarom. 2021. PrimeProbe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses. In 30th USENIX Security Symposium, USENIX Security 2021, August 11--13, 2021. USENIX Association, 2863--2880. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/shusterman"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484783"},{"key":"e_1_3_2_1_55_1","unstructured":"Manu Sridharan Koushik Sen and Liang Gong. Accessed: 2022-04--26. Jalangi2 Presentation. https:\/\/manu.sridharan.net\/files\/JalangiTutorial.pdf.  Manu Sridharan Koushik Sen and Liang Gong. Accessed: 2022-04--26. Jalangi2 Presentation. https:\/\/manu.sridharan.net\/files\/JalangiTutorial.pdf."},{"key":"e_1_3_2_1_56_1","unstructured":"Stack Overflow. Accessed: 2022-05-02. 2021 Developer Survey - Programming scripting and markup languages. https:\/\/insights.stackoverflow.com\/survey\/2021#section-most-popular-technologies-programming-scripting-and-markup-languages.  Stack Overflow. Accessed: 2022-05-02. 2021 Developer Survey - Programming scripting and markup languages. https:\/\/insights.stackoverflow.com\/survey\/2021#section-most-popular-technologies-programming-scripting-and-markup-languages."},{"key":"e_1_3_2_1_57_1","volume-title":"Automated Analysis of Security-Critical JavaScript APIs. In 32nd IEEE Symposium on Security and Privacy, S&P 2011","author":"Taly Ankur","year":"2011","unstructured":"Ankur Taly , \u00da lfar Erlingsson, John C. Mitchell , Mark S. Miller , and Jasvir Nagra . 2011 . Automated Analysis of Security-Critical JavaScript APIs. In 32nd IEEE Symposium on Security and Privacy, S&P 2011 , 22--25 May 2011, Berkeley, California, USA. IEEE Computer Society, 363--378. https:\/\/doi.org\/10.1109\/SP. 2011.39 10.1109\/SP.2011.39 Ankur Taly, \u00da lfar Erlingsson, John C. Mitchell, Mark S. Miller, and Jasvir Nagra. 2011. Automated Analysis of Security-Critical JavaScript APIs. In 32nd IEEE Symposium on Security and Privacy, S&P 2011, 22--25 May 2011, Berkeley, California, USA. IEEE Computer Society, 363--378. https:\/\/doi.org\/10.1109\/SP.2011.39"},{"key":"e_1_3_2_1_58_1","unstructured":"TweetNaCl.js. Accessed: 2022-05-02. https:\/\/tweetnacl.js.org.  TweetNaCl.js. Accessed: 2022-05-02. https:\/\/tweetnacl.js.org."},{"key":"e_1_3_2_1_59_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Wang Shuai","year":"2019","unstructured":"Shuai Wang , Yuyan Bao , Xiao Liu , Pei Wang , Danfeng Zhang , and Dinghao Wu . 2019 . Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation . In 28th USENIX Security Symposium, USENIX Security 2019 , Santa Clara, CA, USA, August 14--16 , 2019. USENIX Association, 657--674. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/wang-shuai Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. 2019. Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14--16, 2019. USENIX Association, 657--674. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/wang-shuai"},{"key":"e_1_3_2_1_60_1","volume-title":"CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Wang Shuai","year":"2017","unstructured":"Shuai Wang , Pei Wang , Xiao Liu , Danfeng Zhang , and Dinghao Wu . 2017 . CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium, USENIX Security 2017 , Vancouver, BC, Canada, August 16--18 , 2017. USENIX Association, 235--252. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/wang-shuai Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017. USENIX Association, 235--252. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/wang-shuai"},{"key":"e_1_3_2_1_61_1","volume-title":"Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Weiser Samuel","year":"2020","unstructured":"Samuel Weiser , David Schrammel , Lukas Bodner , and Raphael Spreitzer . 2020 . Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In 29th USENIX Security Symposium, USENIX Security 2020 , August 12 --14 , 2020. USENIX Association, 1767--1784. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/weiser Samuel Weiser, David Schrammel, Lukas Bodner, and Raphael Spreitzer. 2020. Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020. USENIX Association, 1767--1784. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/weiser"},{"key":"e_1_3_2_1_62_1","volume-title":"DATA--Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. In 27th USENIX Security Symposium (USENIX Security 18)","author":"Weiser Samuel","year":"2018","unstructured":"Samuel Weiser , Andreas Zankl , Raphael Spreitzer , Katja Miller , Stefan Mangard , and Georg Sigl . 2018 . DATA--Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. In 27th USENIX Security Symposium (USENIX Security 18) . USENIX Association, 603--620. Samuel Weiser, Andreas Zankl, Raphael Spreitzer, Katja Miller, Stefan Mangard, and Georg Sigl. 2018. DATA--Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, 603--620."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274741"},{"key":"e_1_3_2_1_64_1","volume-title":"Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, S&P 2015","author":"Xu Yuanzhong","year":"2015","unstructured":"Yuanzhong Xu , Weidong Cui , and Marcus Peinado . 2015 . Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, S&P 2015 , San Jose, CA, USA, May 17--21 , 2015. IEEE Computer Society, 640--656. https:\/\/doi.org\/10.1109\/SP.2015.45 10.1109\/SP.2015.45 Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, S&P 2015, San Jose, CA, USA, May 17--21, 2015. IEEE Computer Society, 640--656. https:\/\/doi.org\/10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner . 2014 . FLUSHRELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack . In Proceedings of the 23rd USENIX Security Symposium , San Diego, CA, USA, August 20--22 , 2014, , Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 719--732. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/yarom Yuval Yarom and Katrina Falkner. 2014. FLUSHRELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20--22, 2014, , Kevin Fu and Jaeyeon Jung (Eds.). USENIX Association, 719--732. https:\/\/www.usenix.org\/conference\/usenixsecurity14\/technical-sessions\/presentation\/yarom"},{"key":"e_1_3_2_1_66_1","volume-title":"Proceedings (Lecture Notes in Computer Science","volume":"367","author":"Yarom Yuval","year":"2016","unstructured":"Yuval Yarom , Daniel Genkin , and Nadia Heninger . 2016 . CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. In Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17--19, 2016 , Proceedings (Lecture Notes in Computer Science , Vol. 9813), , Benedikt Gierlichs and Axel Y. Poschmann (Eds.). Springer, 346-- 367 . https:\/\/doi.org\/10.1007\/978--3--662--53140--2_17 10.1007\/978--3--662--53140--2_17 Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2016. CacheBleed: A Timing Attack on OpenSSL Constant Time RSA. In Cryptographic Hardware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17--19, 2016, Proceedings (Lecture Notes in Computer Science, Vol. 9813), , Benedikt Gierlichs and Axel Y. Poschmann (Eds.). Springer, 346--367. https:\/\/doi.org\/10.1007\/978--3--662--53140--2_17"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664273"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560654","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560654","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:59Z","timestamp":1750182539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560654"}},"subtitle":["Practical Side-Channel Analysis for JavaScript Applications"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":68,"alternative-id":["10.1145\/3548606.3560654","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560654","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}