{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:10:25Z","timestamp":1772039425880,"version":"3.50.1"},"reference-count":27,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2024,1,10]],"date-time":"2024-01-10T00:00:00Z","timestamp":1704844800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["CCF-1901446"],"award-info":[{"award-number":["CCF-1901446"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2024,1,31]]},"abstract":"<jats:p>Electromagnetic (EM) fields have been extensively studied as potent side-channel tools for testing the security of hardware implementations. In this work, a low-cost side-channel disassembler that uses fine-grained EM signals to predict a program's execution trace with high accuracy is proposed. Unlike conventional side-channel disassemblers, the proposed disassembler does not require extensive randomized instantiations of instructions to profile them, instead relying on leakage-model-informed sub-sampling of potential architectural states resulting from instruction execution, which is further augmented by using a structured hierarchical approach. The proposed disassembler consists of two phases: (i) In the feature-selection phase, signals are collected with a relatively small EM probe, performing high-resolution scans near the chip surface, as profiling codes are executed. The measured signals from the numerous probe configurations are compiled into a hierarchical database by storing the min-max envelopes of the probed EM fields and differential signals derived from them, a novel dimension that increases the potency of the analysis. The envelope-to-envelope distances are evaluated throughout the hierarchy to identify optimal measurement configurations that maximize the distance between each pair of instruction classes. (ii) In the classification phase, signals measured for unknown instructions using optimal measurement configurations identified in the first phase are compared to the envelopes stored in the database to perform binary classification with majority voting, identifying candidate instruction classes at each hierarchical stage. Both phases of the disassembler rely on a four-stage hierarchical grouping of instructions by their length, size, operands, and functions. The proposed disassembler is shown to recover \u223c97\u201399% of instructions from several test and application benchmark programs executed on the AT89S51 microcontroller.<\/jats:p>","DOI":"10.1145\/3629167","type":"journal-article","created":{"date-parts":[[2023,10,25]],"date-time":"2023-10-25T21:35:55Z","timestamp":1698269755000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["A Hierarchical Classification Method for High-accuracy Instruction Disassembly with Near-field EM Measurements"],"prefix":"10.1145","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9833-2710","authenticated-orcid":false,"given":"Vishnuvardhan V.","family":"Iyer","sequence":"first","affiliation":[{"name":"The University of Texas at Austin, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1917-7386","authenticated-orcid":false,"given":"Aditya","family":"Thimmaiah","sequence":"additional","affiliation":[{"name":"The University of Texas at Austin, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6223-4748","authenticated-orcid":false,"given":"Michael","family":"Orshansky","sequence":"additional","affiliation":[{"name":"The University of Texas at Austin, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6748-2054","authenticated-orcid":false,"given":"Andreas","family":"Gerstlauer","sequence":"additional","affiliation":[{"name":"The University of Texas at Austin, Texas, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2573-1515","authenticated-orcid":false,"given":"Ali E.","family":"Yilmaz","sequence":"additional","affiliation":[{"name":"The University of Texas at Austin, Texas, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,1,10]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978299"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931065"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-06320-1_11"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-17499-5_4"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3195970.3196094"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3432291.3432300"},{"key":"e_1_3_2_8_2","first-page":"139","volume-title":"Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE\u201915)","author":"Strobel Daehyun","year":"2015","unstructured":"Daehyun Strobel, Florian Bache, David Oswald, Falk Schellenberg, and Christof Paar. 2015. Scandalee: A side-channel-based disassembler using local electromagnetic emanations. In Proceedings of the Design, Automation & Test in Europe Conference & Exhibition (DATE\u201915). EDA Consortium, San Jose, CA, 139\u2013144."},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-42068-0_9"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/EMC\/SI\/PI\/EMCEurope52599.2021.9559360"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/TEMC.2022.3157664"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.vlsi.2005.12.013"},{"key":"e_1_3_2_13_2","article-title":"An introduction to the intel MCS-51 SingleChip Microcomputer Family","author":"Wharton John","year":"1980","unstructured":"John Wharton. 1980. An introduction to the intel MCS-51 SingleChip Microcomputer Family. Application Note AP-69 (May 1980), Intel Corporation.","journal-title":"Application Note AP-69"},{"key":"e_1_3_2_14_2","unstructured":"ATMEL. 2008. 8-bit microcontroller with 4K bytes in-system programmable flash. AT89S51 datasheet."},{"key":"e_1_3_2_15_2","unstructured":"Dalton Project\/Benchmark Applications for Synthesizeable VHDL Model. i8051 Benchmarks. Retrieved from http:\/\/www.ann.ece.ufl.edu\/i8051\/i8051benchmarks\/index.html."},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-15074-6_10"},{"key":"e_1_3_2_17_2","volume-title":"An Adaptive Measurement Protocol for Fine-grained Electromagnetic Side-channel Analysis of Cryptographic ModulesM.S. thesis","author":"Iyer Vishnuvardhan V.","year":"2019","unstructured":"Vishnuvardhan V. Iyer. 2019. An Adaptive Measurement Protocol for Fine-grained Electromagnetic Side-channel Analysis of Cryptographic Modules. M.S. thesis, University of Texas, Austin."},{"key":"e_1_3_2_18_2","first-page":"1","volume-title":"Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI\u201921)","author":"Iyer Vishnuvardhan V.","year":"2021","unstructured":"Vishnuvardhan V. Iyer, Meizhi Wang, Jaydeep Kulkarni, and Ali E. Yilmaz. 2021. A systematic evaluation of EM and power side-channel analysis attacks on AES implementations. In Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI\u201921), San Antonio, TX, 1\u20136."},{"key":"e_1_3_2_19_2","first-page":"472","volume-title":"proceedings of the 25th Euromicro Conference on Digital System Design (DSD\u201922)","author":"Maillard Julien","year":"2022","unstructured":"Julien Maillard, Thomas Hiscock, Maxime Lecomte, and Christophe Clavier. 2022. Towards fine-grained side-channel instruction disassembly on a system-on-chip. In proceedings of the 25th Euromicro Conference on Digital System Design (DSD\u201922). 472\u2013479."},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3079856.3080223"},{"key":"e_1_3_2_21_2","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (SEC'15)","unstructured":"Nicolas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: on the effectiveness of control-flow integrity. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC'15). USENIX Association, USA, 161--176."},{"key":"e_1_3_2_22_2","first-page":"385","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium (SEC\u201914). USENIX Association","author":"Carlini Nicholas","year":"2014","unstructured":"Nicholas Carlini and David Wagner. 2014. ROP is still dangerous: Breaking modern defenses. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC\u201914). USENIX Association. 385\u2013399."},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966919"},{"key":"e_1_3_2_24_2","first-page":"161","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (SEC\u201915). USENIX Association","author":"Carlini Nicolas","year":"2015","unstructured":"Nicolas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: On the effectiveness of control-flow integrity. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC\u201915). USENIX Association. 161\u2013176."},{"key":"e_1_3_2_25_2","first-page":"106","volume-title":"Proceedings of the 39th Annual International Symposium on Computer Architecture (ISCA\u201912)","author":"Demme John","year":"2012","unstructured":"John Demme, Robert Martin, Adam Waksman, and Simha Sethumadhavan. 2012. Side-channel vulnerability factor: A metric for measuring information leakage. In Proceedings of the 39th Annual International Symposium on Computer Architecture (ISCA\u201912). IEEE Computer Society, 106\u2013117"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2014.39"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-34041-3_26"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-16815-4_11"}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3629167","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3629167","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:18Z","timestamp":1750178178000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3629167"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,1,10]]},"references-count":27,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,31]]}},"alternative-id":["10.1145\/3629167"],"URL":"https:\/\/doi.org\/10.1145\/3629167","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"value":"1539-9087","type":"print"},{"value":"1558-3465","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,1,10]]},"assertion":[{"value":"2023-05-21","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-10-09","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}