{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T07:58:54Z","timestamp":1767859134888,"version":"3.49.0"},"reference-count":66,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,2,10]],"date-time":"2023-02-10T00:00:00Z","timestamp":1675987200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["GS501100001809"],"award-info":[{"award-number":["GS501100001809"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Archit. Code Optim."],"published-print":{"date-parts":[[2023,3,31]]},"abstract":"<jats:p>In modern processors, speculative execution has significantly improved the performance of processors, but it has also introduced speculative execution vulnerabilities. Recent defenses are based on the delayed execution to block various speculative side channels, but we show that several of the current state-of-the-art defenses fail to block some of the available speculative side channels, and the current most secure defense introduces a performance overhead of up to 24.5%.<\/jats:p>\n          <jats:p>We propose SpecTerminator, the first defense framework based on instruction classes that can comprehensively and precisely block all existing speculative side channels. In SpecTerminator, a novel speculative side channel classification scheme based on the features of secret transmission is proposed, and the sensitive instructions in the speculative window are classified and identified using optimized hardware taint tracking and instruction masking techniques to accurately determine the scope of leakage. Then, according to the execution characteristics of these instructions, dedicated delayed execution strategies, such as TLB request ignoring, selective issue, and extended delay-on-miss, are designed for each type of sensitive instruction to precisely control that these instructions are delayed only in pipeline stages that are at risk of leakage. In contrast to previous defenses based on the Gem5 simulator, we have innovatively implemented defenses against Spectre attacks based on the open-source instruction set RISC-V on an FPGA-accelerated simulation platform that is more similar to real hardware. To evaluate the security of SpecTerminator, we have replicated various existing x86-based Spectre variants on RISC-V. On SPEC 2006, SpecTerminator defends against Spectre attacks based on memory hierarchy side channels with a performance overhead of 2.6% and against all existing Spectre attacks with a performance overhead of 6.0%.<\/jats:p>","DOI":"10.1145\/3566053","type":"journal-article","created":{"date-parts":[[2022,11,12]],"date-time":"2022-11-12T12:27:09Z","timestamp":1668256029000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["SpecTerminator: Blocking Speculative Side Channels Based on Instruction Classes on RISC-V"],"prefix":"10.1145","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3934-7605","authenticated-orcid":false,"given":"Hai","family":"Jin","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3367-9702","authenticated-orcid":false,"given":"Zhuo","family":"He","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4390-3819","authenticated-orcid":false,"given":"Weizhong","family":"Qiang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}]}],"member":"320","published-online":{"date-parts":[[2023,2,10]]},"reference":[{"key":"e_1_3_2_2_2","first-page":"132","volume-title":"Proceedings of the ACM\/IEEE 47th Annual International Symposium on Computer Architecture.","author":"Ainsworth Sam","year":"2020","unstructured":"Sam Ainsworth and Timothy M. Jones. 2020. MuonTrap: Preventing cross-domain spectre-like attacks by capturing speculative state. In Proceedings of the ACM\/IEEE 47th Annual International Symposium on Computer Architecture.IEEE, 132\u2013144."},{"key":"e_1_3_2_3_2","first-page":"870","volume-title":"Proceedings of the 40th IEEE Symposium on Security and Privacy.","author":"Aldaya Alejandro Cabrera","year":"2019","unstructured":"Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida Garc\u00e9a, and Nicola Tuveri. 2019. Port contention for fun and profit. In Proceedings of the 40th IEEE Symposium on Security and Privacy. IEEE, 870\u2013887."},{"key":"e_1_3_2_4_2","first-page":"1212","volume-title":"Proceedings of the 49th Annual Design Automation Conference.","author":"Bachrach Jonathan","year":"2012","unstructured":"Jonathan Bachrach, Huy Vo, Brian Richards, Yunsup Lee, Andrew Waterman, Rimas Avi\u017eienis, John Wawrzynek, and Krste Asanovi\u0107. 2012. Chisel: Constructing hardware in a scala embedded language. In Proceedings of the 49th Annual Design Automation Conference.IEEE, 1212\u20131221."},{"key":"e_1_3_2_5_2","first-page":"1073","volume-title":"Proceedings of the 30th USENIX Security Symposium.","author":"Bahmani Raad","year":"2021","unstructured":"Raad Bahmani, Ferdinand Brasser, Ghada Dessouky, Patrick Jauernig, Matthias Klimmek, Ahmad-Reza Sadeghi, and Emmanuel Stapf. 2021. CURE: A security architecture with CUstomizable and resilient enclaves. In Proceedings of the 30th USENIX Security Symposium.USENIX Association, 1073\u20131090."},{"key":"e_1_3_2_6_2","first-page":"151","volume-title":"Proceedings of the 28th International Conference on Parallel Architectures and Compilation Techniques","author":"Barber Kristin","year":"2019","unstructured":"Kristin Barber, Anys Bacha, Li Zhou, Yinqian Zhang, and Radu Teodorescu. 2019. Specshield: Shielding speculative data from microarchitectural covert channels. In Proceedings of the 28th International Conference on Parallel Architectures and Compilation Techniques. IEEE, 151\u2013164."},{"key":"e_1_3_2_7_2","doi-asserted-by":"crossref","first-page":"1046","DOI":"10.1145\/3445814.3446708","volume-title":"Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Behnia Mohammad","year":"2021","unstructured":"Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Neil Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher W. Fletcher, Abhishek Basak, and Alaa Alameldeen. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 1046\u20131060."},{"key":"e_1_3_2_8_2","first-page":"785","volume-title":"Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security","author":"Bhattacharyya Atri","year":"2019","unstructured":"Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, and Anil Kurmus. 2019. SMoTherSpectre: Exploiting speculative execution through port contention. In Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security. ACM, 785\u2013800."},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/3352460.3358310","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Bourgeat Thomas","year":"2019","unstructured":"Thomas Bourgeat, Ilia Lebedev, Andrew Wright, Sizhuo Zhang, and Srinivas Devadas. 2019. Mi6: Secure enclaves in a speculative out-of-order processor. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 42\u201356."},{"key":"e_1_3_2_10_2","first-page":"355","volume-title":"Proceedings of the 16th European Symposium on Research in Computer Security","author":"Brumley Billy Bob","year":"2011","unstructured":"Billy Bob Brumley and Nicola Tuveri. 2011. Remote timing attacks are still practical. In Proceedings of the 16th European Symposium on Research in Computer Security. Springer, 355\u2013371."},{"issue":"5","key":"e_1_3_2_11_2","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","article-title":"Remote timing attacks are practical","volume":"48","author":"Brumley David","year":"2005","unstructured":"David Brumley and Dan Boneh. 2005. Remote timing attacks are practical. Computer Networks 48, 5 (2005), 701\u2013716.","journal-title":"Computer Networks"},{"key":"e_1_3_2_12_2","first-page":"249","volume-title":"Proceedings of the 28th USENIX Security Symposium","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In Proceedings of the 28th USENIX Security Symposium. USENIX Association, 249\u2013266."},{"key":"e_1_3_2_13_2","volume-title":"The Berkeley Out-of-order Machine (Boom): An Industry-competitive, Synthesizable, Parameterized risc-v Processor","author":"Celio Christopher","year":"2015","unstructured":"Christopher Celio, David A. Patterson, and Krste Asanovic. 2015. The Berkeley Out-of-order Machine (Boom): An Industry-competitive, Synthesizable, Parameterized risc-v Processor. Technical Report UCB\/EECS-2015-167. EECS Department, University of California, Berkeley."},{"issue":"3","key":"e_1_3_2_14_2","doi-asserted-by":"crossref","first-page":"377","DOI":"10.1145\/1394608.1382153","article-title":"Flexible hardware acceleration for instruction-grain program monitoring","volume":"36","author":"Chen Shimin","year":"2008","unstructured":"Shimin Chen, Michael Kozuch, Theodoros Strigkos, Babak Falsafi, Phillip B. Gibbons, Todd C. Mowry, Vijaya Ramachandran, Olatunji Ruwase, Michael Ryan, and Evangelos Vlachos. 2008. Flexible hardware acceleration for instruction-grain program monitoring. ACM SIGARCH Computer Architecture News 36, 3 (2008), 377\u2013388.","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"e_1_3_2_15_2","doi-asserted-by":"crossref","first-page":"607","DOI":"10.1145\/3466752.3480068","volume-title":"Proceedings of the 54th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Choudhary Rutvik","year":"2021","unstructured":"Rutvik Choudhary, Jiyong Yu, Christopher Fletcher, and Adam Morrison. 2021. Speculative privacy tracking (SPT): Leaking information from speculative execution without compromising privacy. In Proceedings of the 54th Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 607\u2013622."},{"key":"e_1_3_2_16_2","unstructured":"Michael Clark. 2021. rv8 benchmark suite. Retrieved from https:\/\/github.com\/michaeljclark\/rv8-bench."},{"issue":"2","key":"e_1_3_2_17_2","doi-asserted-by":"crossref","first-page":"482","DOI":"10.1145\/1273440.1250722","article-title":"Raksha: A flexible information flow architecture for software security","volume":"35","author":"Dalton Michael","year":"2007","unstructured":"Michael Dalton, Hari Kannan, and Christos Kozyrakis. 2007. Raksha: A flexible information flow architecture for software security. ACM SIGARCH Computer Architecture News 35, 2 (2007), 482\u2013493.","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"e_1_3_2_18_2","first-page":"137","volume-title":"Proceedings of the 43rd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Deng Daniel Y.","year":"2010","unstructured":"Daniel Y. Deng, Daniel Lo, Greg Malysa, Skyler Schneider, and G. Edward Suh. 2010. Flexible and efficient instruction-grained run-time monitoring using on-chip reconfigurable fabric. In Proceedings of the 43rd Annual IEEE\/ACM International Symposium on Microarchitecture. IEEE, 137\u2013148."},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1145\/3411504.3421216","volume-title":"Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security","author":"Fustos Jacob","year":"2020","unstructured":"Jacob Fustos, Michael Bechtel, and Heechul Yun. 2020. SpectreRewind: Leaking secrets to past instructions. In Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security. ACM, 117\u2013126."},{"key":"e_1_3_2_20_2","first-page":"1","volume-title":"Proceedings of the 56th Annual Design Automation Conference","author":"Fustos Jacob","year":"2019","unstructured":"Jacob Fustos, Farzad Farshchi, and Heechul Yun. 2019. Spectreguard: An efficient data-centric defense mechanism against spectre attacks. In Proceedings of the 56th Annual Design Automation Conference. 1\u20136."},{"key":"e_1_3_2_21_2","volume-title":"Spectrum: Classifying, Replicating and Mitigating Spectre Attacks on a Speculating RISC-V Microarchitecture","author":"Gonzalez Abraham","year":"2019","unstructured":"Abraham Gonzalez, Ben Korpan, Ed Younis, and Jerry Zhao. 2019. Spectrum: Classifying, Replicating and Mitigating Spectre Attacks on a Speculating RISC-V Microarchitecture. Technical Report. University of California at Berkeley."},{"key":"e_1_3_2_22_2","volume-title":"Proceedings of the 3rd Workshop on Computer Architecture Research with RISC-V","author":"Gonzalez Abraham","year":"2019","unstructured":"Abraham Gonzalez, Ben Korpan, Jerry Zhao, Ed Younis, and Krste Asanovic. 2019. Replicating and mitigating spectre attacks on an open source RISC-V microarchitecture. In Proceedings of the 3rd Workshop on Computer Architecture Research with RISC-V."},{"key":"e_1_3_2_23_2","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1007\/978-3-319-62105-0_11","volume-title":"Proceedings of the 9th International Symposium on Engineering Secure Software and Systems","author":"Gruss Daniel","year":"2017","unstructured":"Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Cl\u00e9mentine Maurice, and Stefan Mangard. 2017. Kaslr is dead: Long live kaslr. In Proceedings of the 9th International Symposium on Engineering Secure Software and Systems. Springer, 161\u2013176."},{"key":"e_1_3_2_24_2","first-page":"368","volume-title":"Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss, Cl\u00e9mentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR. In Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security. ACM, 368\u2013379."},{"issue":"4","key":"e_1_3_2_25_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1186736.1186737","article-title":"SPEC CPU2006 benchmark descriptions","volume":"34","author":"Henning John L.","year":"2006","unstructured":"John L. Henning. 2006. SPEC CPU2006 benchmark descriptions. ACM SIGARCH Computer Architecture News 34, 4 (2006), 1\u201317.","journal-title":"ACM SIGARCH Computer Architecture News"},{"key":"e_1_3_2_26_2","article-title":"Speculative Execution, Variant 4: Speculative Store Bypass (SSB) (CVE-2018-3639)","author":"Horn Jann","year":"2018","unstructured":"Jann Horn and Ken Johnson. 2018. Speculative Execution, Variant 4: Speculative Store Bypass (SSB) (CVE-2018-3639). Available from MITRE, CVE-ID CVE-2018-3639. Retrieved October 07, 2022 from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-3639.","journal-title":"Available from MITRE, CVE-ID CVE-2018-3639"},{"key":"e_1_3_2_27_2","unstructured":"Intel. 2018. Speculative Execution Side Channel Mitigations. Retrieved October 07 2022 from https:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/336996-speculative-execution-side-channel-mitigations.pdf."},{"key":"e_1_3_2_28_2","first-page":"29","volume-title":"Proceedings of the ACM\/IEEE 45th Annual International Symposium on Computer Architecture","author":"Karandikar Sagar","year":"2018","unstructured":"Sagar Karandikar, Howard Mao, Donggyu Kim, David Biancolin, Alon Amid, Dayeol Lee, Nathan Pemberton, Emmanuel Amaro, Colin Schmidt, Aditya Chopra, Qijing Huang, Kyle Kovacs, Borivoje Nikoli\u0107, Randy Howard Katz, Jonathan Bachrach, and Krste Asanovi\u0107. 2018. FireSim: FPGA-accelerated cycle-exact scale-out system simulation in the public cloud. In Proceedings of the ACM\/IEEE 45th Annual International Symposium on Computer Architecture. IEEE, 29\u201342."},{"key":"e_1_3_2_29_2","first-page":"1","volume-title":"Proceedings of the 56th ACM\/IEEE Design Automation Conference","author":"Khasawneh Khaled N.","year":"2019","unstructured":"Khaled N. Khasawneh, Esmaeil Mohammadian Koruyeh, Chengyu Song, Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2019. Safespec: Banishing the spectre of a meltdown with leakage-free speculation. In Proceedings of the 56th ACM\/IEEE Design Automation Conference. ACM, 1\u20136."},{"key":"e_1_3_2_30_2","first-page":"974","volume-title":"Proceedings of the 51st Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In Proceedings of the 51st Annual IEEE\/ACM International Symposium on Microarchitecture. IEEE, 974\u2013987."},{"key":"e_1_3_2_31_2","unstructured":"Vladimir Kiriansky and Carl Waldspurger. 2018. Speculative buffer overflows: Attacks and defenses. arXiv:1807.03757. Retrieved from https:\/\/arxiv.org\/abs\/1807.03757."},{"key":"e_1_3_2_32_2","first-page":"1","volume-title":"Proceedings of the 40th IEEE Symposium on Security and Privacy","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In Proceedings of the 40th IEEE Symposium on Security and Privacy. ACM, 1\u201319."},{"key":"e_1_3_2_33_2","first-page":"388","volume-title":"Proceedings of the 19th Annual International Cryptology Conference","author":"Kocher Paul","year":"1999","unstructured":"Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference. Springer, 388\u2013397."},{"key":"e_1_3_2_34_2","doi-asserted-by":"crossref","first-page":"25","DOI":"10.1145\/1456508.1456514","volume-title":"Proceedings of the 2nd ACM Workshop on Computer Security Architectures","author":"Kong Jingfei","year":"2008","unstructured":"Jingfei Kong, Onur Aciicmez, Jean-Pierre Seifert, and Huiyang Zhou. 2008. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures. ACM, 25\u201334."},{"key":"e_1_3_2_35_2","first-page":"3","volume-title":"Proceedings of the 12th USENIX Conference on Offensive Technologies","author":"Koruyeh Esmaeil Mohammadian","year":"2018","unstructured":"Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! Speculation attacks using the return stack buffer. In Proceedings of the 12th USENIX Conference on Offensive Technologies. USENIX Association, 3."},{"key":"e_1_3_2_36_2","first-page":"39","volume-title":"Proceedings of the 41st IEEE Symposium on Security and Privacy","author":"Koruyeh Esmaeil Mohammadian","year":"2020","unstructured":"Esmaeil Mohammadian Koruyeh, Shirin Haji Amin Shirazi, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2020. Speccfi: Mitigating spectre attacks using cfi informed speculation. In Proceedings of the 41st IEEE Symposium on Security and Privacy. IEEE, 39\u201353."},{"key":"e_1_3_2_37_2","first-page":"264","volume-title":"Proceedings of the 25th IEEE International Symposium on High Performance Computer Architecture","author":"Li Peinan","year":"2019","unstructured":"Peinan Li, Lutan Zhao, Rui Hou, Lixin Zhang, and Dan Meng. 2019. Conditional speculation: An effective approach to safeguard out-of-order execution against spectre attacks. In Proceedings of the 25th IEEE International Symposium on High Performance Computer Architecture. IEEE, 264\u2013276."},{"key":"e_1_3_2_38_2","first-page":"973","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading kernel memory from user space. In Proceedings of the 27th USENIX Security Symposium. USENIX Association, 973\u2013990."},{"key":"e_1_3_2_39_2","first-page":"605","volume-title":"Proceedings of 36th IEEE Symposium on Security and Privacy","author":"Liu Fangfei","year":"2015","unstructured":"Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-level cache side-channel attacks are practical. In Proceedings of 36th IEEE Symposium on Security and Privacy. IEEE, 605\u2013622."},{"key":"e_1_3_2_40_2","first-page":"1397","volume-title":"Proceedings of the 30th USENIX Security Symposium","author":"Loughlin Kevin","year":"2021","unstructured":"Kevin Loughlin, Ian Neal, Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, and Baris Kasikci. 2021. DOLMA: Securing speculation with the principle of transient non-observability. In Proceedings of the 30th USENIX Security Symposium. USENIX Association, 1397\u20131414."},{"key":"e_1_3_2_41_2","first-page":"2109","volume-title":"Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security","author":"Maisuradze Giorgi","year":"2018","unstructured":"Giorgi Maisuradze and Christian Rossow. 2018. ret2spec: Speculative execution using return stack buffers. In Proceedings of the 25th ACM SIGSAC Conference on Computer and Communications Security. ACM, 2109\u20132122."},{"key":"e_1_3_2_42_2","first-page":"1","volume-title":"Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy","author":"McKeen Frank","year":"2013","unstructured":"Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V. Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R. Savagaonkar. 2013. Innovative instructions and software model for isolated execution. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy. ACM, 1 pages."},{"key":"e_1_3_2_43_2","unstructured":"Marina Minkin Daniel Moghimi Moritz Lipp Michael Schwarz Jo Van Bulck Daniel Genkin Daniel Gruss Frank Piessens Berk Sunar and Yuval Yarom. 2019. Fallout: Reading kernel writes from user space. arXiv:1905.12701. Retrieved from https:\/\/arxiv.org\/abs\/1905.12701."},{"key":"e_1_3_2_44_2","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1145\/3079856.3080223","volume-title":"Proceedings of the 44th Annual International Symposium on Computer Architecture","author":"Nazari Alireza","year":"2017","unstructured":"Alireza Nazari, Nader Sehatbakhsh, Monjur Alam, Alenka Zajic, and Milos Prvulovic. 2017. Eddie: Em-based detection of deviations in program execution. In Proceedings of the 44th Annual International Symposium on Computer Architecture. ACM, 333\u2013346."},{"key":"e_1_3_2_45_2","first-page":"1","volume-title":"Proceedings of the Cryptographers\u2019 Track at the RSA Conference 2006","author":"Osvik Dag Arne","year":"2006","unstructured":"Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In Proceedings of the Cryptographers\u2019 Track at the RSA Conference 2006. Springer, 1\u201320."},{"key":"e_1_3_2_46_2","first-page":"565","volume-title":"Proceedings of the 25th USENIX Security Symposium","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for cross-cpu attacks. In Proceedings of the 25th USENIX Security Symposium. USENIX Association, 565\u2013581."},{"key":"e_1_3_2_47_2","volume-title":"Proceedings of the 5th Workshop on Computer Architecture Research with RISC-V","author":"Sabbagh Majid","year":"2021","unstructured":"Majid Sabbagh, Yunsi Fei, and David Kaeli. 2021. Secure speculative execution via RISC-V open hardware design. In Proceedings of the 5th Workshop on Computer Architecture Research with RISC-V."},{"key":"e_1_3_2_48_2","first-page":"1379","volume-title":"Proceedings of the 30th USENIX Security Symposium","author":"Saileshwar Gururaj","year":"2021","unstructured":"Gururaj Saileshwar and Moinuddin Qureshi. 2021. MIRAGE: Mitigating conflict-based cache attacks with a practical fully-associative design. In Proceedings of the 30th USENIX Security Symposium. USENIX Association, 1379\u20131396."},{"key":"e_1_3_2_49_2","doi-asserted-by":"crossref","first-page":"73","DOI":"10.1145\/3352460.3358314","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Saileshwar Gururaj","year":"2019","unstructured":"Gururaj Saileshwar and Moinuddin K. Qureshi. 2019. Cleanupspec: An \u201cundo\u201d approach to safe speculation. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 73\u201386."},{"key":"e_1_3_2_50_2","first-page":"723","volume-title":"Proceedings of the ACM\/IEEE 46th Annual International Symposium on Computer Architecture","author":"Sakalis Christos","year":"2019","unstructured":"Christos Sakalis, Stefanos Kaxiras, Alberto Ros, Alexandra Jimborean, and Magnus Sj\u00e4lander. 2019. Efficient invisible speculative execution through selective delay and value prediction. In Proceedings of the ACM\/IEEE 46th Annual International Symposium on Computer Architecture. ACM, 723\u2013735."},{"key":"e_1_3_2_51_2","first-page":"88","volume-title":"Proceedings of the 40th IEEE Symposium on Security and Privacy","author":"Schaik Stephan van","year":"2019","unstructured":"Stephan van Schaik, Alyssa Milburn, Sebastian Sterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue in-flight data load. In Proceedings of the 40th IEEE Symposium on Security and Privacy. 88\u2013105."},{"key":"e_1_3_2_52_2","volume-title":"Proceedings of the 27th Annual Network and Distributed System Security Symposium","author":"Schwarz Michael","year":"2020","unstructured":"Michael Schwarz, Moritz Lipp, Claudio Alberto Canella, Robert Schilling, Florian Kargl, and Daniel Gru\u00df. 2020. ConTExT: A generic approach for mitigating spectre. In Proceedings of the 27th Annual Network and Distributed System Security Symposium. Internet Society."},{"key":"e_1_3_2_53_2","first-page":"753","volume-title":"Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-privilege-boundary data sampling. In Proceedings of the 26th ACM SIGSAC Conference on Computer and Communications Security. ACM, 753\u2013768."},{"key":"e_1_3_2_54_2","first-page":"279","volume-title":"Proceedings of the 24th European Symposium on Research in Computer Security","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz, Martin Schwarzl, Moritz Lipp, Jon Masters, and Daniel Gruss. 2019. Netspectre: Read arbitrary memory over network. In Proceedings of the 24th European Symposium on Research in Computer Security. Springer, 279\u2013299."},{"key":"e_1_3_2_55_2","first-page":"159","volume-title":"Proceedings of the 38th Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Sha Tingting","year":"2005","unstructured":"Tingting Sha, Milo MK Martin, and Amir Roth. 2005. Scalable store-load forwarding via store queue index prediction. In Proceedings of the 38th Annual IEEE\/ACM International Symposium on Microarchitecture. IEEE, 159\u2013170."},{"key":"e_1_3_2_56_2","unstructured":"Julian Stecklina and Thomas Prescher. 2018. Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv:1806.07480. Retrieved from https:\/\/arxiv.org\/abs\/1806.07480."},{"issue":"11","key":"e_1_3_2_57_2","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1145\/1037187.1024404","article-title":"Secure program execution via dynamic information flow tracking","volume":"39","author":"Suh G. Edward","year":"2004","unstructured":"G. Edward Suh, Jae W. Lee, David Zhang, and Srinivas Devadas. 2004. Secure program execution via dynamic information flow tracking. ACM SIGPLAN Notices 39, 11 (2004), 85\u201396.","journal-title":"ACM SIGPLAN Notices"},{"key":"e_1_3_2_58_2","first-page":"1","article-title":"On-demand cut off the covert channel to mitigate meltdown","volume":"64","author":"Tan Yusong","year":"2021","unstructured":"Yusong Tan, Baozi Chen, Liehuang Zhu, Qingbo Wu, Peng Zou, and Yuanzhang Li. 2021. On-demand cut off the covert channel to mitigate meltdown. Science China Information Sciences 64, 9 (2021), 1\u20133.","journal-title":"Science China Information Sciences"},{"key":"e_1_3_2_59_2","first-page":"395","volume-title":"Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems","author":"Taram Mohammadkazem","year":"2019","unstructured":"Mohammadkazem Taram, Ashish Venkat, and Dean Tullsen. 2019. Context-sensitive fencing: Securing speculative execution via microcode customization. In Proceedings of the 24th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 395\u2013410."},{"key":"e_1_3_2_60_2","first-page":"991","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In Proceedings of the 27th USENIX Security Symposium. USENIX Association, 991\u20131008."},{"key":"e_1_3_2_61_2","article-title":"Attacking OpenSSL ECDSA with a small amount of side-channel information","volume":"61","author":"Wang Wenbo","year":"2018","unstructured":"Wenbo Wang and Shuqin Fan. 2018. Attacking OpenSSL ECDSA with a small amount of side-channel information. Science China Information Sciences 61, 3 (2018), 1\u201314.","journal-title":"Science China Information Sciences"},{"key":"e_1_3_2_62_2","doi-asserted-by":"crossref","first-page":"572","DOI":"10.1145\/3352460.3358306","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Weisse Ofir","year":"2019","unstructured":"Ofir Weisse, Ian Neal, Kevin Loughlin, Thomas F. Wenisch, and Baris Kasikci. 2019. NDA: Preventing speculative execution attacks at their source. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 572\u2013586."},{"key":"e_1_3_2_63_2","first-page":"139","volume-title":"Proceedings of 26th IEEE International Symposium on High Performance Computer Architecture","author":"Xiong Wenjie","year":"2020","unstructured":"Wenjie Xiong and Jakub Szefer. 2020. Leaking information through cache LRU states. In Proceedings of 26th IEEE International Symposium on High Performance Computer Architecture. IEEE, 139\u2013152."},{"issue":"3","key":"e_1_3_2_64_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3442479","article-title":"Survey of transient execution attacks and their mitigations","volume":"54","author":"Xiong Wenjie","year":"2021","unstructured":"Wenjie Xiong and Jakub Szefer. 2021. Survey of transient execution attacks and their mitigations. ACM Computing Surveys 54, 3 (2021), 1\u201336.","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_2_65_2","first-page":"428","volume-title":"Proceedings of the 51st Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Yan Mengjia","year":"2018","unstructured":"Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher Fletcher, and Josep Torrellas. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In Proceedings of the 51st Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 428\u2013441."},{"key":"e_1_3_2_66_2","first-page":"719","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium. USENIX Association, 719\u2013732."},{"key":"e_1_3_2_67_2","first-page":"954","volume-title":"Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture","author":"Yu Jiyong","year":"2019","unstructured":"Jiyong Yu, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. 2019. Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data. In Proceedings of the 52nd Annual IEEE\/ACM International Symposium on Microarchitecture. ACM, 954\u2013968."}],"container-title":["ACM Transactions on Architecture and Code Optimization"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3566053","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3566053","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:08:33Z","timestamp":1750183713000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3566053"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,10]]},"references-count":66,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,3,31]]}},"alternative-id":["10.1145\/3566053"],"URL":"https:\/\/doi.org\/10.1145\/3566053","relation":{},"ISSN":["1544-3566","1544-3973"],"issn-type":[{"value":"1544-3566","type":"print"},{"value":"1544-3973","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,10]]},"assertion":[{"value":"2022-02-11","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-09-23","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}