{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T08:39:24Z","timestamp":1773218364832,"version":"3.50.1"},"reference-count":186,"publisher":"Association for Computing Machinery (ACM)","issue":"7","license":[{"start":{"date-parts":[[2024,4,9]],"date-time":"2024-04-09T00:00:00Z","timestamp":1712620800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["No. 62122023 and U20A20202"],"award-info":[{"award-number":["No. 62122023 and U20A20202"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Science and Technology Innovation Program of Hunan Province","award":["No.2021RC4019"],"award-info":[{"award-number":["No.2021RC4019"]}]},{"DOI":"10.13039\/501100004735","name":"Natural Science Foundation of Hunan Province","doi-asserted-by":"crossref","award":["No. 2023JJ40160"],"award-info":[{"award-number":["No. 2023JJ40160"]}],"id":[{"id":"10.13039\/501100004735","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Natural Science Foundation of Changsha City","award":["No. kq2208212"],"award-info":[{"award-number":["No. kq2208212"]}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Research Foundation of Education Bureau of Hunan Province","award":["No. 23B0036"],"award-info":[{"award-number":["No. 23B0036"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2024,7,31]]},"abstract":"<jats:p>Microarchitectural vulnerabilities, such as Meltdown and Spectre, exploit subtle microarchitecture state to steal the user\u2019s secret data and even compromise the operating systems. In recent years, considerable discussion lies in understanding the attack-defense mechanisms and exploitability of such vulnerabilities. Unfortunately, there have been few investigations into a systematic elaboration of threat models, attack scenarios and requirements, and defense targets of the resulting attacks. In this article, we fill this gap and make the following contributions. We first propose two sets of taxonomies for classifying microarchitectural timing side-channel attacks and their countermeasures according to various attack conditions. Based on the taxonomies proposed, we then review published attacks and existing defenses and systematically analyze their internals. In particular, we also provide a comprehensive analysis of the similarities and differences among those attacks, uncovering the corresponding practicality and severity by identifying the attack targets\/platforms and the security boundaries that can be bypassed to reveal information. We further examine the scalability of those defenses through specifying expected defense goals and costs. We also discuss corresponding detection methods based on different classifications. Finally, we propose several key challenges of existing countermeasures and the attack trends, and discuss directions for future research.<\/jats:p>","DOI":"10.1145\/3645109","type":"journal-article","created":{"date-parts":[[2024,2,7]],"date-time":"2024-02-07T11:59:15Z","timestamp":1707307155000},"page":"1-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["Timing Side-channel Attacks and Countermeasures in CPU Microarchitectures"],"prefix":"10.1145","volume":"56","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8712-2964","authenticated-orcid":false,"given":"Jiliang","family":"Zhang","sequence":"first","affiliation":[{"name":"Hunan University, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5453-7984","authenticated-orcid":false,"given":"Congcong","family":"Chen","sequence":"additional","affiliation":[{"name":"Hunan University, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5716-4995","authenticated-orcid":false,"given":"Jinhua","family":"Cui","sequence":"additional","affiliation":[{"name":"Hunan University, Changsha, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5224-4048","authenticated-orcid":false,"given":"Keqin","family":"Li","sequence":"additional","affiliation":[{"name":"State University of New York, New York, USA"}]}],"member":"320","published-online":{"date-parts":[[2024,4,9]]},"reference":[{"key":"e_1_3_1_2_2","first-page":"110","volume-title":"CHES","author":"Ac\u0131i\u00e7mez Onur","year":"2010","unstructured":"Onur Ac\u0131i\u00e7mez, Billy Bob Brumley, and Philipp Grabher. 2010. New results on instruction cache attacks. In CHES, 110\u2013124."},{"key":"e_1_3_1_3_2","first-page":"565","volume-title":"MICRO","author":"Ahn Jaeguk","year":"2021","unstructured":"Jaeguk Ahn, Jiho Kim, Hans Kasan, Leila Delshadtehrani, Wonjun Song, Ajay Joshi, and John Kim. 2021. Network-on-chip microarchitecture-based covert channel in gpus. In MICRO, 565\u2013577."},{"key":"e_1_3_1_4_2","first-page":"592","volume-title":"MICRO","author":"Ainsworth Sam","year":"2021","unstructured":"Sam Ainsworth. 2021. GhostMinion: A strictness-ordered cache system for spectre mitigation. In MICRO, 592\u2013606."},{"key":"e_1_3_1_5_2","first-page":"1218","volume-title":"MICRO","author":"Ajorpaz Samira Mirbagher","year":"2022","unstructured":"Samira Mirbagher Ajorpaz, Daniel Moghimi, Jeffrey Neal Collins, Gilles Pokam, Nael Abu-Ghazaleh, and Dean Tullsen. 2022. EVAX: Towards a practical, pro-active & adaptive architecture for high performance & security. In MICRO, 1218\u20131236."},{"key":"e_1_3_1_6_2","first-page":"870","volume-title":"S&P","author":"Aldaya Alejandro Cabrera","year":"2019","unstructured":"Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida Garc\u00eda, and Nicola Tuveri. 2019. Port contention for fun and profit. In S&P, 870\u2013887."},{"key":"e_1_3_1_7_2","volume-title":"AMD Product Security","year":"2023","unstructured":"AMD. 2023. AMD Product Security. Retrieved August 2023 from https:\/\/www.amd.com\/en\/corporate\/product-security"},{"key":"e_1_3_1_8_2","volume-title":"AMD64 Architecture Programmer\u2019s Manual","year":"2023","unstructured":"AMD. 2023. AMD64 Architecture Programmer\u2019s Manual. Retrieved August 2023 from https:\/\/www.amd.com\/system\/files\/TechDocs\/40332.pdf"},{"key":"e_1_3_1_9_2","first-page":"623","volume-title":"S&P","author":"Andrysco Marc","year":"2015","unstructured":"Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. 2015. On subnormal floating point and abnormal timing. In S&P, 623\u2013639."},{"key":"e_1_3_1_10_2","volume-title":"mbedTLS (Formerly Known as PolarSSL)","author":"Corporation ARM","year":"2010","unstructured":"ARM Corporation. 2010. mbedTLS (Formerly Known as PolarSSL). Retrieved April 2022 from https:\/\/tls.mbed.org\/"},{"key":"e_1_3_1_11_2","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1145\/3338508.3359574","volume-title":"ASHES","author":"Bandara Sahan","year":"2019","unstructured":"Sahan Bandara and Michel A Kinsy. 2019. Adaptive caches as a defense mechanism against cache side-channel attacks. In ASHES, 55\u201364."},{"key":"e_1_3_1_12_2","first-page":"1046","volume-title":"ASPLOS","author":"Behnia Mohammad","year":"2021","unstructured":"Mohammad Behnia, Prateek Sahu, Riccardo Paccagnella, Jiyong Yu, Zirui Neil Zhao, Xiang Zou, Thomas Unterluggauer, Josep Torrellas, Carlos Rozas, Adam Morrison, Frank Mckeen, Fangfei Liu, Ron Gabor, Christopher W. Fletcher, Abhishek Basak, and Alaa Alameldeen. 2021. Speculative interference attacks: Breaking invisible speculation schemes. In ASPLOS, 1046\u20131060."},{"key":"e_1_3_1_13_2","volume-title":"Cache-timing Attacks on AES","author":"Bernstein Daniel J.","year":"2005","unstructured":"Daniel J. Bernstein. 2005. Cache-timing Attacks on AES. Retrieved August 2021 from http:https:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.140.2835&rep=rep1&type=pdf"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2019.2958611"},{"key":"e_1_3_1_15_2","first-page":"1","volume-title":"RAID","author":"Bhattacharyya Atri","year":"2020","unstructured":"Atri Bhattacharyya, Andr\u00e9s S\u00e1nchez, Esmaeil M. Koruyeh, Nael Abu-Ghazaleh, Chengyu Song, and Mathias Payer. 2020. SpecROP: Speculative exploitation of ROP chains. In RAID, 1\u201316."},{"key":"e_1_3_1_16_2","first-page":"785","volume-title":"CCS","author":"Bhattacharyya Atri","year":"2019","unstructured":"Atri Bhattacharyya, Alexandra Sandulescu, Matthias Neugschwandtner, Alessandro Sorniotti, Babak Falsafi, Mathias Payer, and Anil Kurmus. 2019. SMoTherSpectre: Exploiting speculative execution through port contention. In CCS, 785\u2013800."},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/3023872"},{"key":"e_1_3_1_18_2","first-page":"1","volume-title":"WOOT","author":"Brasser Ferdinand","year":"2017","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software grand exposure: SGX cache attacks are practical. In WOOT, 1\u201312."},{"key":"e_1_3_1_19_2","first-page":"1967","volume-title":"USENIX Security","author":"Briongos Samira","year":"2020","unstructured":"Samira Briongos, Pedro Malag\u00f3n, Jos\u00e9 M. Moya, and Thomas Eisenbarth. 2020. RELOAD+ REFRESH: Abusing cache replacement policies to perform stealthy cache attacks. In USENIX Security, 1967\u20131984."},{"key":"e_1_3_1_20_2","first-page":"667","volume-title":"ASIACRYPT","author":"Brumley Billy Bob","year":"2009","unstructured":"Billy Bob Brumley and Risto M. Hakala. 2009. Cache-timing template attacks. In ASIACRYPT, 667\u2013684."},{"key":"e_1_3_1_21_2","first-page":"991","volume-title":"USENIX Security","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the keys to the intel SGX kingdom with transient out-of-order execution. In USENIX Security, 991\u20131008."},{"key":"e_1_3_1_22_2","doi-asserted-by":"publisher","DOI":"10.3390\/electronics8091057"},{"key":"e_1_3_1_23_2","first-page":"769","volume-title":"CCS","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, et\u00a0al. 2019. Fallout: Leaking data on meltdown-resistant CPUs. In CCS, 769\u2013784."},{"key":"e_1_3_1_24_2","first-page":"249","volume-title":"USENIX Security","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin Von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A systematic evaluation of transient execution attacks and defenses. In USENIX Security, 249\u2013266."},{"key":"e_1_3_1_25_2","volume-title":"Speculative Load Hardening (A Spectre Variant #1 Mitigation Technique)","author":"Carruth C.","year":"2018","unstructured":"C. Carruth. 2018. Speculative Load Hardening (A Spectre Variant #1 Mitigation Technique). Retrieved November 2022 from https:\/\/releases.llvm.org\/8.0.1\/docs\/SpeculativeLoadHardening.html"},{"key":"e_1_3_1_26_2","first-page":"288","volume-title":"CSF","author":"Cheang Kevin","year":"2019","unstructured":"Kevin Cheang, Cameron Rasmussen, Sanjit Seshia, and Pramod Subramanyan. 2019. A formal approach to secure speculation. In CSF, 288\u201328815."},{"key":"e_1_3_1_27_2","first-page":"25","volume-title":"ASPDAC","author":"Chen Congcong","year":"2022","unstructured":"Congcong Chen, Chaoqun Shen, and Jiliang Zhang. 2022. Lightweight and secure branch predictors against spectre attacks. In ASPDAC, 25\u201330."},{"key":"e_1_3_1_28_2","doi-asserted-by":"crossref","unstructured":"Guoxing Chen Sanchuan Chen Yuan Xiao Yinqian Zhang Zhiqiang Lin and Ten H. Lai. 2019. SgxPectre: stealing intel secrets from SGX enclaves Via speculative execution. In EuroS&P. 142\u2013157.","DOI":"10.1109\/EuroSP.2019.00020"},{"key":"e_1_3_1_29_2","first-page":"216","volume-title":"MICRO","author":"Chen Jie","year":"2014","unstructured":"Jie Chen and Guru Venkataramani. 2014. CC-hunter: Uncovering covert timing channels on shared processor hardware. In MICRO, 216\u2013228."},{"key":"e_1_3_1_30_2","first-page":"529","volume-title":"ICCD","author":"Chowdhuryy Md Hafizul Islam","year":"2020","unstructured":"Md Hafizul Islam Chowdhuryy, Hang Liu, and Fan Yao. 2020. BranchSpec: Information leakage attacks exploiting speculative branch instruction executions. In ICCD, 529\u2013536."},{"key":"e_1_3_1_31_2","volume-title":"Cloudflare Workers","year":"2019","unstructured":"Cloudflare. 2019. Cloudflare Workers. Retrieved August, 2023 from https:\/\/www.cloudflare.com\/products\/cloudflare-workers\/"},{"key":"e_1_3_1_32_2","volume-title":"Meltdown Strikes Back: The L1 Terminal Fault Vulnerability","author":"Corbet Jonathan","year":"2018","unstructured":"Jonathan Corbet. 2018. Meltdown Strikes Back: The L1 Terminal Fault Vulnerability. Retrieved October 2022 from https:\/\/lwn.net\/Articles\/762570\/"},{"key":"e_1_3_1_33_2","unstructured":"Victor Costan and Srinivas Devadas. 2016. Intel SGX explained. Cryptology ePrint Archive. https:\/\/eprint.iacr.org\/2016\/086"},{"key":"e_1_3_1_34_2","first-page":"1","volume-title":"NDSS","author":"Crane Stephen","year":"2015","unstructured":"Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting cache side-channel attacks through dynamic software diversity. In NDSS, 1\u201314."},{"key":"e_1_3_1_35_2","first-page":"1","volume-title":"DATE","author":"Cui Jinhua","year":"2023","unstructured":"Jinhua Cui, Yiyun Yin, Congcong Chen, and Jiliang Zhang. 2023. SPOILER-alert: Detecting spoiler attack using cuckoo filter. In DATE, 1\u20136."},{"key":"e_1_3_1_36_2","first-page":"82","volume-title":"HPCA","author":"Cui Yujie","year":"2022","unstructured":"Yujie Cui, Chun Yang, and Xu Cheng. 2022. Abusing cache line dirty states to leak information in commercial processors. In HPCA, 82\u201397."},{"key":"e_1_3_1_37_2","first-page":"697","volume-title":"DAC","author":"Deng Shuwen","year":"2021","unstructured":"Shuwen Deng and Jakub Szefer. 2021. New predictor-based attacks in processors. In DAC, 697\u2013702."},{"key":"e_1_3_1_38_2","first-page":"451","volume-title":"USENIX Security","author":"Dessouky Ghada","year":"2020","unstructured":"Ghada Dessouky, Tommaso Frassetto, and Ahmad-Reza Sadeghi. 2020. HybCache: Hybrid side-channel-resilient caches for trusted execution environments. In USENIX Security, 451\u2013468."},{"key":"e_1_3_1_39_2","first-page":"51","volume-title":"USENIX Security","author":"Disselkoen Craig","year":"2017","unstructured":"Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen. 2017. Prime+ abort: A timer-free high-precision L3 cache attack using intel TSX. In USENIX Security, 51\u201367."},{"key":"e_1_3_1_40_2","first-page":"1","volume-title":"HASP","author":"Evtyushkin Dmitry","year":"2015","unstructured":"Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2015. Covert channels through branch predictors: A feasibility study. In HASP, 1\u20138."},{"key":"e_1_3_1_41_2","first-page":"1","volume-title":"MICRO","author":"Evtyushkin Dmitry","year":"2016","unstructured":"Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR. In MICRO, 1\u201313."},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/2870636"},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3296957.3173204"},{"key":"e_1_3_1_44_2","first-page":"1","volume-title":"DAC","author":"Fang Hongyu","year":"2020","unstructured":"Hongyu Fang, Milo\u0161 Doroslova\u010dki, and Guru Venkataramani. 2020. Reuse-trap: Re-purposing cache reuse distance to defend against side channel leakage. In DAC, 1\u20136."},{"key":"e_1_3_1_45_2","volume-title":"The Microarchitecture of Intel, AMD, and VIA CPUs","author":"Fog Agner","year":"2023","unstructured":"Agner Fog. 2023. The Microarchitecture of Intel, AMD, and VIA CPUs. Retrieved August 2023 from https:\/\/www.agner.org\/optimize\/microarchitecture.pdf"},{"key":"e_1_3_1_46_2","volume-title":"CARRV","author":"Fuchs Franz A.","year":"2021","unstructured":"Franz A. Fuchs, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. 2021. Developing a test suite for transient-execution attacks on risc-v and cheri-risc-v. In CARRV."},{"key":"e_1_3_1_47_2","first-page":"117","volume-title":"ASHES","author":"Fustos Jacob","year":"2020","unstructured":"Jacob Fustos, Michael Bechtel, and Heechul Yun. 2020. Spectrerewind: Leaking secrets to past instructions. In ASHES, 117\u2013126."},{"key":"e_1_3_1_48_2","first-page":"1","volume-title":"DAC","author":"Fustos Jacob","year":"2019","unstructured":"Jacob Fustos, Farzad Farshchi, and Heechul Yun. 2019. Spectreguard: An efficient data-centric defense mechanism against spectre attacks. In DAC, 1\u20136."},{"key":"e_1_3_1_49_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-016-0141-6"},{"key":"e_1_3_1_50_2","volume-title":"ISCA","author":"Ghaniyoun Moein","year":"2023","unstructured":"Moein Ghaniyoun, Kristin Barber, Yuan Xiao, Yinqian Zhang, and Radu Teodorescu. 2023. TEESec: Pre-silicon vulnerability discovery for trusted execution environments. In ISCA, 1\u201315."},{"key":"e_1_3_1_51_2","volume-title":"CARRV","author":"Gonzalez Abraham","year":"2019","unstructured":"Abraham Gonzalez, Ben Korpan, Jerry Zhao, Ed Younis, and Krste Asanovic. 2019. Replicating and mitigating spectre attacks on an open source RISC-V microarchitecture. In CARRV, 1\u20137."},{"key":"e_1_3_1_52_2","volume-title":"Retpoline: A Software Construct for Preventing Branch-target-injection","year":"2018","unstructured":"Google. 2018. Retpoline: A Software Construct for Preventing Branch-target-injection. Retrieved August 2021 from https:\/\/support.google.com\/faqs\/answer\/7625886"},{"key":"e_1_3_1_53_2","first-page":"955","volume-title":"USENIX Security","author":"Gras Ben","year":"2018","unstructured":"Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with tlb attacks. In USENIX Security, 955\u2013972."},{"key":"e_1_3_1_54_2","first-page":"1","volume-title":"NDSS","author":"Gras Ben","year":"2017","unstructured":"Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Cristiano Giuffrida. 2017. ASLR on the line: Practical cache attacks on the MMU. In NDSS, 1\u201315."},{"key":"e_1_3_1_55_2","first-page":"217","volume-title":"USENIX Security","author":"Gruss Daniel","year":"2017","unstructured":"Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In USENIX Security, 217\u2013233."},{"key":"e_1_3_1_56_2","first-page":"161","volume-title":"ESSoS","author":"Gruss Daniel","year":"2017","unstructured":"Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Cl\u00e9mentine Maurice, and Stefan Mangard. 2017. Kaslr is dead: Long live kaslr. In ESSoS, 161\u2013176."},{"key":"e_1_3_1_57_2","first-page":"245","volume-title":"S&P","author":"Gruss Daniel","year":"2018","unstructured":"Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O\u2019Connell, Wolfgang Schoechl, and Yuval Yarom. 2018. Another flip in the wall of rowhammer defenses. In S&P, 245\u2013261."},{"key":"e_1_3_1_58_2","first-page":"368","volume-title":"CCS","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss, Cl\u00e9mentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR. In CCS, 368\u2013379."},{"key":"e_1_3_1_59_2","first-page":"279","volume-title":"DIMVA","author":"Gruss Daniel","year":"2016","unstructured":"Daniel Gruss, Cl\u00e9mentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: A fast and stealthy cache attack. In DIMVA, 279\u2013299."},{"key":"e_1_3_1_60_2","first-page":"897","volume-title":"USENIX Security","author":"Gruss Daniel","year":"2015","unstructured":"Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache template attacks: Automating attacks on inclusive last-level caches. In USENIX Security, 897\u2013912."},{"key":"e_1_3_1_61_2","first-page":"38","volume-title":"S&P","author":"Guanciale Roberto","year":"2016","unstructured":"Roberto Guanciale, Hamed Nemati, Christoph Baumann, and Mads Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In S&P, 38\u201355."},{"key":"e_1_3_1_62_2","first-page":"1","volume-title":"S&P","author":"Guarnieri Marco","year":"2020","unstructured":"Marco Guarnieri, Boris K\u00f6pf, Jos\u00e9 F. Morales, Jan Reineke, and Andr\u00e9s S\u00e1nchez. 2020. Spectector: Principled detection of speculative information flows. In S&P, 1\u201319."},{"key":"e_1_3_1_63_2","first-page":"1458","volume-title":"S&P","author":"Guo Yanan","year":"2022","unstructured":"Yanan Guo, Andrew Zigerelli, Youtao Zhang, and Jun Yang. 2022. Adversarial prefetch: New cross-core cache side channel attacks. In S&P, 1458\u20131473."},{"key":"e_1_3_1_64_2","first-page":"57","volume-title":"MICRO","author":"Harris Austin","year":"2019","unstructured":"Austin Harris, Shijia Wei, Prateek Sahu, Pranav Kumar, Todd Austin, and Mohit Tiwari. 2019. Cyclone: Detecting contention-based cache information leaks through cyclic interference. In MICRO, 57\u201372."},{"key":"e_1_3_1_65_2","volume-title":"Computer Architecture, Fifth Edition: A Quantitative Approach","author":"Hennessy John L.","year":"2011","unstructured":"John L. Hennessy and David A. Patterson. 2011. Computer Architecture, Fifth Edition: A Quantitative Approach."},{"key":"e_1_3_1_66_2","volume-title":"Speculative Execution, Variant 4: Speculative Store Bypass","author":"Horn Jann","year":"2018","unstructured":"Jann Horn. 2018. Speculative Execution, Variant 4: Speculative Store Bypass. Retrieved March 2022 from https:\/\/bugs.chromium.org\/p\/project-zero\/issues\/detail"},{"key":"e_1_3_1_67_2","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1145\/3268935.3268940","volume-title":"SysTEX","author":"Hosseinzadeh Shohreh","year":"2018","unstructured":"Shohreh Hosseinzadeh, Hans Liljestrand, Ville Lepp\u00e4nen, and Andrew Paverd. 2018. Mitigating branch-shadowing attacks on Intel SGX using control flow randomization. In SysTEX, 42\u201347."},{"key":"e_1_3_1_68_2","first-page":"52","volume-title":"RISP","author":"Hu Wei-Ming","year":"1992","unstructured":"Wei-Ming Hu. 1992. Lattice scheduling and covert channels. In RISP, 52\u201361."},{"key":"e_1_3_1_69_2","first-page":"191","volume-title":"S&P","author":"Hund Ralf","year":"2013","unstructured":"Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel space ASLR. In S&P, 191\u2013205."},{"key":"e_1_3_1_70_2","unstructured":"INTEL. 2016. Intel Software Guard Extensions (Intel SGX). Retrieved February 2024 from https:\/\/cdrdv2-public.intel.com\/671581\/intel-sgx-developer-guide.pdf"},{"key":"e_1_3_1_71_2","volume-title":"Intel 64 and IA-32 Architectures Software Developer\u2019s Manual","year":"2016","unstructured":"Intel. 2016. Intel 64 and IA-32 Architectures Software Developer\u2019s Manual. Retrieved August 2023 from https:\/\/www.intel.cn\/content\/dam\/www\/public\/us\/en\/documents\/manuals\/64-ia-32-architectures-software-developers-manual.pdf"},{"key":"e_1_3_1_72_2","volume-title":"Deep Dive: Intel Analysis of L1 Terminal Fault","year":"2018","unstructured":"Intel. 2018. Deep Dive: Intel Analysis of L1 Terminal Fault. Retrieved December 2022 from https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/overview.html"},{"key":"e_1_3_1_73_2","volume-title":"Intel Analysis of Speculative Execution Side Channels","year":"2018","unstructured":"Intel. 2018. Intel Analysis of Speculative Execution Side Channels. Retrieved September 2020 from https:\/\/newsroom.intel.com\/wp-content\/uploads\/sites\/11\/2018\/01\/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdf"},{"key":"e_1_3_1_74_2","volume-title":"Intel 64 and IA-32 Architectures Optimization Reference Manual","year":"2018","unstructured":"Intel. 2018. Intel 64 and IA-32 Architectures Optimization Reference Manual. Retrieved August 2023 from https:\/\/www.intel.com\/content\/dam\/doc\/manual\/64-ia-32-architectures-optimization-manual.pdf"},{"key":"e_1_3_1_75_2","volume-title":"Speculative Execution Side Channel Mitigation","year":"2018","unstructured":"Intel. 2018. Speculative Execution Side Channel Mitigation. Retrieved September 2020 from https:\/\/www.intel.com\/content\/dam\/develop\/external\/us\/en\/documents\/336996-speculative-execution-side-channel-mitigations.pdf"},{"key":"e_1_3_1_76_2","volume-title":"Guidelines for Mitigating Timing Side Channels against Cryptographic Implementations","author":"Corporation Intel","year":"2019","unstructured":"Intel Corporation. 2019. Guidelines for Mitigating Timing Side Channels against Cryptographic Implementations. Retrieved June 2022 from https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/secure-coding\/mitigate-timing-side-channel-crypto-implementation.html"},{"key":"e_1_3_1_77_2","first-page":"353","volume-title":"Asia CCS","author":"Irazoqui Gorka","year":"2016","unstructured":"Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Asia CCS, 353\u2013364."},{"key":"e_1_3_1_78_2","first-page":"621","volume-title":"USENIX Security","author":"Islam Saad","year":"2019","unstructured":"Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk Gulmezoglu, Thomas Eisenbarth, and Berk Sunar. 2019. SPOILER: Speculative load hazards boost rowhammer and cache attacks. In USENIX Security, 621\u2013637."},{"key":"e_1_3_1_79_2","first-page":"139","volume-title":"ICCAD","author":"Jiang Zhen Hang","year":"2017","unstructured":"Zhen Hang Jiang and Yunsi Fei. 2017. A novel cache bank timing attack. In ICCAD, 139\u2013146."},{"key":"e_1_3_1_80_2","first-page":"96","volume-title":"ICEEE","author":"Kadir Mohd Fadzil Abdul","year":"2019","unstructured":"Mohd Fadzil Abdul Kadir, Jin Kee Wong, Fauziah Ab Wahab, Ahmad Faisal Amri Abidin Bharun, Mohamad Afendee Mohamed, and Aznida Hayati Zakaria. 2019. Retpoline technique for mitigating spectre attack. In ICEEE, 96\u2013101."},{"key":"e_1_3_1_81_2","first-page":"97","volume-title":"ESORICS","author":"Kelsey John","year":"1998","unstructured":"John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. 1998. Side channel cryptanalysis of product ciphers. In ESORICS, 97\u2013110."},{"key":"e_1_3_1_82_2","first-page":"957","volume-title":"USENIX Security","author":"Kemerlis Vasileios P.","year":"2014","unstructured":"Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. 2014. ret2dir: Rethinking kernel isolation. In USENIX Security, 957\u2013972."},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10617-008-9018-y"},{"key":"e_1_3_1_84_2","first-page":"1","volume-title":"DAC","author":"Khasawneh Khaled N.","year":"2019","unstructured":"Khaled N. Khasawneh, Esmaeil Mohammadian Koruyeh, Chengyu Song, Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2019. Safespec: Banishing the spectre of a meltdown with leakage-free speculation. In DAC, 1\u20136."},{"key":"e_1_3_1_85_2","first-page":"67","volume-title":"HPCA","author":"Kim Sowoong","year":"2022","unstructured":"Sowoong Kim, Myeonggyun Han, and Woongki Baek. 2022. DPrime+DAbort: A high-precision and timer-free directory-based side-channel attack in non-inclusive cache hierarchies using Intel TSX. In HPCA, 67\u201381."},{"key":"e_1_3_1_86_2","first-page":"189","volume-title":"USENIX Security","author":"Kim Taesoo","year":"2012","unstructured":"Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud. In USENIX Security, 189\u2013204."},{"key":"e_1_3_1_87_2","first-page":"974","volume-title":"MICRO","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky, Ilia Lebedev, Saman Amarasinghe, Srinivas Devadas, and Joel Emer. 2018. DAWG: A defense against cache timing attacks in speculative execution processors. In MICRO, 974\u2013987."},{"key":"e_1_3_1_88_2","article-title":"Speculative buffer overflows: Attacks and defenses","author":"Kiriansky Vladimir","year":"2018","unstructured":"Vladimir Kiriansky and Carl A. Waldspurger. 2018. Speculative buffer overflows: Attacks and defenses. arXiv:1807.03757. Retrieved from https:\/\/arxiv.org\/abs\/1807.03757","journal-title":"arXiv:1807.03757"},{"key":"e_1_3_1_89_2","first-page":"1","volume-title":"S&P","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre attacks: Exploiting speculative execution. In S&P, 1\u201319."},{"key":"e_1_3_1_90_2","first-page":"1","volume-title":"WOOT","author":"Koruyeh Esmaeil Mohammadian","year":"2018","unstructured":"Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! speculation attacks using the return stack buffer. In WOOT, 1\u201312."},{"key":"e_1_3_1_91_2","first-page":"39","volume-title":"S&P","author":"Koruyeh Esmaeil Mohammadian","year":"2020","unstructured":"Esmaeil Mohammadian Koruyeh, Shirin Haji Amin Shirazi, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2020. SpecCFI: Mitigating spectre attacks using cfi informed speculation. In S&P, 39\u201353."},{"key":"e_1_3_1_92_2","first-page":"309","volume-title":"EuroS&P)","author":"Koschel Jakob","year":"2020","unstructured":"Jakob Koschel, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. TagBleed: Breaking KASLR on the isolated kernel address space using tagged TLBs. In EuroS&P), 309\u2013321."},{"key":"e_1_3_1_93_2","first-page":"557","volume-title":"USENIX Security","author":"Lee Sangho","year":"2017","unstructured":"Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security, 557\u2013574."},{"key":"e_1_3_1_94_2","volume-title":"Vulnerability of Speculative Processors to Cache Timing Side Channel Mechanism","author":"LIMITED ARM","year":"2018","unstructured":"ARM LIMITED. 2018. Vulnerability of Speculative Processors to Cache Timing Side Channel Mechanism. Retrieved December 2022 from https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2018-3640"},{"key":"e_1_3_1_95_2","first-page":"1","volume-title":"DTIS","author":"Linar\u00e8s Antoine","year":"2021","unstructured":"Antoine Linar\u00e8s, David Hely, Frank Lhermet, and Giorgio Di Natale. 2021. Design space exploration applied to decurity. In DTIS, 1\u20134."},{"key":"e_1_3_1_96_2","doi-asserted-by":"publisher","DOI":"10.1109\/MAHC.2015.27"},{"key":"e_1_3_1_97_2","first-page":"643","volume-title":"USENIX Security","author":"Lipp Moritz","year":"2022","unstructured":"Moritz Lipp, Daniel Gruss, and Michael Schwarz. 2022. AMD prefetch attacks through power and time. In USENIX Security, 643\u2013660."},{"key":"e_1_3_1_98_2","first-page":"191","volume-title":"ESORICS","author":"Lipp Moritz","year":"2017","unstructured":"Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Cl\u00e9mentine Maurice, and Stefan Mangard. 2017. Practical keystroke timing attacks in sandboxed javascript. In ESORICS, 191\u2013209."},{"key":"e_1_3_1_99_2","first-page":"549","volume-title":"USENIX Security","author":"Lipp Moritz","year":"2016","unstructured":"Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Cl\u00e9mentine Maurice, and Stefan Mangard. 2016. ARMageddon: Cache attacks on mobile devices. In USENIX Security, 549\u2013564."},{"key":"e_1_3_1_100_2","doi-asserted-by":"crossref","first-page":"813","DOI":"10.1145\/3320269.3384746","volume-title":"Asia CCS","author":"Lipp Moritz","year":"2020","unstructured":"Moritz Lipp, Vedad Had\u017ei\u0107, Michael Schwarz, Arthur Perais, Cl\u00e9mentine Maurice, and Daniel Gruss. 2020. Take a way: Exploring the security implications of AMD\u2019s cache way predictors. In Asia CCS, 813\u2013825."},{"key":"e_1_3_1_101_2","first-page":"973","volume-title":"USENIX Security","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading kernel memory from user space. In USENIX Security, 973\u2013990."},{"key":"e_1_3_1_102_2","first-page":"406","volume-title":"HPCA","author":"Liu Fangfei","year":"2016","unstructured":"Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In HPCA, 406\u2013418."},{"key":"e_1_3_1_103_2","first-page":"605","volume-title":"S&P","author":"Liu Fangfei","year":"2015","unstructured":"Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level cache side-channel attacks are practical. In S&P, 605\u2013622."},{"key":"e_1_3_1_104_2","doi-asserted-by":"publisher","DOI":"10.1145\/3456629"},{"key":"e_1_3_1_105_2","first-page":"2109","volume-title":"CCS","author":"Maisuradze Giorgi","year":"2018","unstructured":"Giorgi Maisuradze and Christian Rossow. 2018. Ret2spec: Speculative execution using return stack buffers. In CCS, 2109\u20132122."},{"key":"e_1_3_1_106_2","first-page":"118","volume-title":"ISCA","author":"Martin Robert","year":"2012","unstructured":"Robert Martin, John Demme, and Simha Sethumadhavan. 2012. Timewarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In ISCA, 118\u2013129."},{"key":"e_1_3_1_107_2","first-page":"423","volume-title":"Brute Force and Buffer Overflow Attacks","author":"Mihailescu Marius Iulian","year":"2021","unstructured":"Marius Iulian Mihailescu and Stefania Loredana Nita. 2021. Brute Force and Buffer Overflow Attacks. 423\u2013434."},{"key":"e_1_3_1_108_2","first-page":"1124","volume-title":"MICRO","author":"Mirbagher-Ajorpaz Samira","year":"2020","unstructured":"Samira Mirbagher-Ajorpaz, Gilles Pokam, Esmaeil Mohammadian-Koruyeh, Elba Garza, Nael Abu-Ghazaleh, and Daniel A. Jim\u00e9nez. 2020. PerSpectron: Detecting invariant footprints of microarchitectural attacks with perceptron. In MICRO, 1124\u20131137."},{"key":"e_1_3_1_109_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10766-018-0611-9"},{"key":"e_1_3_1_110_2","first-page":"469","volume-title":"USENIX Security","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled instruction-level attacks on enclaves. In USENIX Security, 469\u2013486."},{"key":"e_1_3_1_111_2","first-page":"1481","volume-title":"USENIX Security","author":"Oleksenko Oleksii","year":"2020","unstructured":"Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, and Christof Fetzer. 2020. SpecFuzz: Bringing spectre-type vulnerabilities to the surface. In USENIX Security, 1481\u20131498."},{"key":"e_1_3_1_112_2","first-page":"1","volume-title":"CT-RSA","author":"Osvik Dag Arne","year":"2006","unstructured":"Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: The case of AES. In CT-RSA, 1\u201320."},{"key":"e_1_3_1_113_2","first-page":"645","volume-title":"USENIX Security","author":"Paccagnella Riccardo","year":"2021","unstructured":"Riccardo Paccagnella, Licheng Luo, and Christopher W. Fletcher. 2021. Lord of the ring (s): Side channel attacks on the CPU On-Chip ring interconnect are practical. In USENIX Security, 645\u2013662."},{"key":"e_1_3_1_114_2","article-title":"Theoretical use of cache memory as a cryptanalytic side-channel","author":"Page D.","year":"2002","unstructured":"D. Page. 2002. Theoretical use of cache memory as a cryptanalytic side-channel. Cryptology ePrint Archive. https:\/\/eprint.iacr.org\/2002\/169.pdf","journal-title":"Cryptology ePrint Archive"},{"key":"e_1_3_1_115_2","unstructured":"Colin Percival. 2005. Cache missing for fun and profit."},{"key":"e_1_3_1_116_2","first-page":"1639","volume-title":"CCS","author":"Garc\u00eda Cesar Pereida","year":"2016","unstructured":"Cesar Pereida Garc\u00eda, Billy Bob Brumley, and Yuval Yarom. 2016. Make sure DSA signing exponentiations really are constant-time. In CCS, 1639\u20131650."},{"key":"e_1_3_1_117_2","first-page":"565","volume-title":"USENIX Security","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM addressing for cross-CPU attacks. In USENIX Security, 565\u2013581."},{"key":"e_1_3_1_118_2","volume-title":"What Spectre and Meltdown Mean for Webkit","author":"Pizlo Filip","year":"2018","unstructured":"Filip Pizlo. 2018. What Spectre and Meltdown Mean for Webkit. Retrieved December 2022 from https:\/\/webkit.org\/blog\/8048\/what-spectre-and-meltdown-mean-for-webkit\/"},{"key":"e_1_3_1_119_2","first-page":"663","volume-title":"USENIX Security","author":"Puddu Ivan","year":"2021","unstructured":"Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan \u010capkun. 2021. Frontal attack: Leaking control-flow in SGX via the CPU frontend. In USENIX Security, 663\u2013680."},{"key":"e_1_3_1_120_2","first-page":"2906","volume-title":"CCS","author":"Purnal Antoon","year":"2021","unstructured":"Antoon Purnal, Furkan Turan, and Ingrid Verbauwhede. 2021. Prime + Scope: Overcoming the observer effect for high-precision cache contention attacks. In CCS, 2906\u20132920."},{"key":"e_1_3_1_121_2","first-page":"1","volume-title":"NDSS","author":"Qi Zhenxiao","year":"2021","unstructured":"Zhenxiao Qi, Qian Feng, Yueqiang Cheng, Mengjia Yan, Peng Li, Heng Yin, and Tao Wei. 2021. SpecTaint: Speculative taint analysis for discovering spectre gadgets. In NDSS, 1\u201314."},{"key":"e_1_3_1_122_2","first-page":"775","volume-title":"MICRO","author":"Qureshi Moinuddin K.","year":"2018","unstructured":"Moinuddin K. Qureshi. 2018. CEASER: Mitigating conflict-based cache attacks via encrypted-address and remapping. In MICRO, 775\u2013787."},{"key":"e_1_3_1_123_2","first-page":"360","volume-title":"ISCA","author":"Qureshi Moinuddin K.","year":"2019","unstructured":"Moinuddin K. Qureshi. 2019. New attacks and defense for encrypted-address cache. In ISCA, 360\u2013371."},{"key":"e_1_3_1_124_2","first-page":"1852","volume-title":"S&P","author":"Ragab Hany","year":"2021","unstructured":"Hany Ragab, Alyssa Milburn, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2021. Crosstalk: Speculative data leaks across cores are real. In S&P, 1852\u20131867."},{"key":"e_1_3_1_125_2","first-page":"71","volume-title":"USENIX Security","author":"Rane Ashay","year":"2016","unstructured":"Ashay Rane, Calvin Lin, and Mohit Tiwari. 2016. Secure, precise, and fast floating-point operations on x86 processors. In USENIX Security, 71\u201386."},{"key":"e_1_3_1_126_2","first-page":"1661","volume-title":"USENIX Security","author":"Reis Charles","year":"2019","unstructured":"Charles Reis, Alexander Moshchuk, and Nasko Oskov. 2019. Site isolation: Process separation for web sites within the browser. In USENIX Security, 1661\u20131678."},{"key":"e_1_3_1_127_2","unstructured":"Scott Dion Rodgers Rohit Vidwans Joel Huang Michael A. Fetterman and Kamla Huck. 1999. Method and apparatus for generating event handler vectors based on both operating mode and event type. US Patent 5 889 982."},{"key":"e_1_3_1_128_2","first-page":"1077","volume-title":"ASPLOS","author":"Saileshwar Gururaj","year":"2021","unstructured":"Gururaj Saileshwar, Christopher W. Fletcher, and Moinuddin Qureshi. 2021. Streamline: A fast, flushless cache covert-channel attack by enabling asynchronous collusion. In ASPLOS, 1077\u20131090."},{"key":"e_1_3_1_129_2","first-page":"73","volume-title":"MICRO","author":"Saileshwar Gururaj","year":"2019","unstructured":"Gururaj Saileshwar and Moinuddin K. Qureshi. 2019. Cleanupspec: An \u201cundo\u201d approach to safe speculation. In MICRO, 73\u201386."},{"key":"e_1_3_1_130_2","first-page":"753","volume-title":"CCS","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss. 2019. ZombieLoad: Cross-privilege-boundary data sampling. In CCS, 753\u2013768."},{"key":"e_1_3_1_131_2","first-page":"279","volume-title":"ESORICS","author":"Schwarz Michael","year":"2019","unstructured":"Michael Schwarz, Martin Schwarzl, Moritz Lipp, Jon Masters, and Daniel Gruss. 2019. Netspectre: Read arbitrary memory over network. In ESORICS, 279\u2013299."},{"key":"e_1_3_1_132_2","first-page":"167","volume-title":"ESORICS","author":"Schwarzl Martin","year":"2022","unstructured":"Martin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Michael Schwarz, and Daniel Gruss. 2022. Robust and scalable process isolation against spectre in the cloud. In ESORICS, 167\u2013186."},{"key":"e_1_3_1_133_2","first-page":"309","volume-title":"USENIX ATC","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX ATC, 309\u2013318."},{"key":"e_1_3_1_134_2","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1145\/3394885.3431638","volume-title":"ASPDAC","author":"Shen Chaoqun","year":"2021","unstructured":"Chaoqun Shen, Congcong Chen, and Jiliang Zhang. 2021. Micro-architectural cache side-channel attacks and countermeasures. In ASPDAC, 441\u2013448."},{"key":"e_1_3_1_135_2","first-page":"1","volume-title":"DAC","author":"Shen Chaoqun","year":"2023","unstructured":"Chaoqun Shen, Jiliang Zhang, and Gang Qu. 2023. MES-attacks: Software-controlled covert channels based on mutual exclusion and synchronization. In DAC, 1\u20136."},{"key":"e_1_3_1_136_2","first-page":"194","volume-title":"DSN-W","author":"Shi Jicheng","year":"2011","unstructured":"Jicheng Shi, Xiang Song, Haibo Chen, and Binyu Zang. 2011. Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In DSN-W, 194\u2013199."},{"key":"e_1_3_1_137_2","first-page":"639","volume-title":"USENIX Security","author":"Shusterman Anatoly","year":"2019","unstructured":"Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren, and Yuval Yarom. 2019. Robust website fingerprinting through the cache occupancy channel. In USENIX Security, 639\u2013656."},{"key":"e_1_3_1_138_2","first-page":"318","volume-title":"ISCA","author":"Skarlatos Dimitrios","year":"2019","unstructured":"Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher. 2019. Microscope: Enabling microarchitectural replay attacks. In ISCA, 318\u2013331."},{"key":"e_1_3_1_139_2","article-title":"Lazyfp: Leaking fpu register state using microarchitectural side-channels","author":"Stecklina Julian","year":"2018","unstructured":"Julian Stecklina and Thomas Prescher. 2018. Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv:1806.07480. Retrieved from https:\/\/arxiv.org\/abs\/1806.07480","journal-title":"arXiv:1806.07480"},{"key":"e_1_3_1_140_2","first-page":"322","volume-title":"S&P","author":"Tan Mingtian","year":"2021","unstructured":"Mingtian Tan, Junpeng Wan, Zhe Zhou, and Zhou Li. 2021. Invisible probe: Timing attacks with pcie congestion side-channel. In S&P, 322\u2013338."},{"key":"e_1_3_1_141_2","first-page":"1","volume-title":"NDSS","author":"Tan Qinhan","year":"2021","unstructured":"Qinhan Tan, Zhihua Zeng, Kai Bu, and Kui Ren. 2021. PhantomCache: Obfuscating cache conflicts with localized randomization. In NDSS, 1\u201317."},{"key":"e_1_3_1_142_2","first-page":"395","volume-title":"ASPLOS","author":"Taram Mohammadkazem","year":"2019","unstructured":"Mohammadkazem Taram, Ashish Venkat, and Dean Tullsen. 2019. Context-sensitive fencing: Securing speculative execution via microcode customization. In ASPLOS, 395\u2013410."},{"key":"e_1_3_1_143_2","first-page":"681","volume-title":"S&P","author":"Tobah Youssef","year":"2022","unstructured":"Youssef Tobah, Andrew Kwong, Ingab Kang, Daniel Genkin, and Kang G. Shin. 2022. SpecHammer: Combining spectre and rowhammer for new speculative attacks. In S&P, 681\u2013698."},{"key":"e_1_3_1_144_2","first-page":"1","volume-title":"DAC","author":"Trilla David","year":"2018","unstructured":"David Trilla, Carles Hernandez, Jaume Abella, and Francisco J. Cazorla. 2018. Cache side-channel attacks and time-predictability in high-performance critical real-time systems. In DAC, 1\u20136."},{"key":"e_1_3_1_145_2","article-title":"MeltdownPrime and SpectrePrime: Automatically-synthesized attacks exploiting invalidation-based coherence protocols","author":"Trippel Caroline","year":"2018","unstructured":"Caroline Trippel, Daniel Lustig, and Margaret Martonosi. 2018. MeltdownPrime and SpectrePrime: Automatically-synthesized attacks exploiting invalidation-based coherence protocols. arXiv:1802.03802. Retrieved from https:\/\/arxiv.org\/abs\/1802.03802","journal-title":"arXiv:1802.03802"},{"key":"e_1_3_1_146_2","first-page":"62","volume-title":"CHES","author":"Tsunoo Yukiyasu","year":"2003","unstructured":"Yukiyasu Tsunoo, Teruo Saito, Tomoyasu Suzaki, Maki Shigeri, and Hiroshi Miyauchi. 2003. Cryptanalysis of DES implemented on computers with cache. In CHES, 62\u201376."},{"key":"e_1_3_1_147_2","first-page":"54","volume-title":"S&P","author":"Bulck Jo Van","year":"2020","unstructured":"Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lippi, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, and Frank Piessens. 2020. LVI: Hijacking transient execution through microarchitectural load value injection. In S&P, 54\u201372."},{"key":"e_1_3_1_148_2","first-page":"1","volume-title":"SysTEX","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A practical attack framework for precise enclave execution control. In SysTEX, 1\u20136."},{"key":"e_1_3_1_149_2","first-page":"178","volume-title":"CCS","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Nemesis: Studying microarchitectural timing leaks in rudimentary cpu interrupt logic. In CCS, 178\u2013195."},{"key":"e_1_3_1_150_2","first-page":"1041","volume-title":"USENIX Security","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In USENIX Security, 1041\u20131056."},{"key":"e_1_3_1_151_2","first-page":"937","volume-title":"USENIX Security","author":"Schaik Stephan Van","year":"2018","unstructured":"Stephan Van Schaik, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Malicious management unit: Why stopping cache attacks in software is harder than you think. In USENIX Security, 937\u2013954."},{"key":"e_1_3_1_152_2","first-page":"88","volume-title":"S&P","author":"Schaik Stephan van","year":"2019","unstructured":"Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue in-flight data load. In S&P, 88\u2013105."},{"key":"e_1_3_1_153_2","first-page":"339","volume-title":"S&P","author":"Schaik Stephan van","year":"2021","unstructured":"Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin, and Yuval Yarom. 2021. CacheOut: Leaking data on Intel CPUs via cache evictions. In S&P, 339\u2013354."},{"key":"e_1_3_1_154_2","first-page":"39","volume-title":"S&P","author":"Vila Pepe","year":"2019","unstructured":"Pepe Vila, Boris K\u00f6pf, and Jos\u00e9 F. Morales. 2019. Theory and practice of finding eviction sets. In S&P, 39\u201354."},{"key":"e_1_3_1_155_2","first-page":"466","volume-title":"HPCA","author":"Vougioukas Ilias","year":"2019","unstructured":"Ilias Vougioukas, Nikos Nikoleris, Andreas Sandberg, Stephan Diestelhorst, Bashir M. Al-Hashimi, and Geoff V. Merrett. 2019. BRB: Mitigating branch predictor side-channels. In HPCA, 466\u2013477."},{"key":"e_1_3_1_156_2","first-page":"1506","volume-title":"S&P","author":"Wan Junpeng","year":"2022","unstructured":"Junpeng Wan, Yanxiang Bi, Zhe Zhou, and Zhou Li. 2022. MeshUp: Stateless cache side-channel attack on CPU mesh. In S&P, 1506\u20131524."},{"key":"e_1_3_1_157_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2953709"},{"key":"e_1_3_1_158_2","first-page":"1","volume-title":"ITC","author":"Wang Ying","year":"2018","unstructured":"Ying Wang, Wen Li, Huawei Li, and Xiaowei Li. 2018. Lightweight timing channel protection for shared DRAM controller. In ITC, 1\u201310."},{"key":"e_1_3_1_159_2","first-page":"679","volume-title":"USENIX Security)","author":"Wang Yingchen","year":"2022","unstructured":"Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W. Fletcher, and David Kohlbrenner. 2022. Hertzbleed: Turning power side-channel attacks into remote timing attacks on x86. In USENIX Security), 679\u2013697."},{"key":"e_1_3_1_160_2","first-page":"473","volume-title":"ACSAC","author":"Wang Zhenghong","year":"2006","unstructured":"Zhenghong Wang and Ruby B. Lee. 2006. Covert and side channels due to processor architecture. In ACSAC, 473\u2013482."},{"key":"e_1_3_1_161_2","first-page":"572","volume-title":"MICRO","author":"Weisse Ofir","year":"2019","unstructured":"Ofir Weisse, Ian Neal, Kevin Loughlin, Thomas F. Wenisch, and Baris Kasikci. 2019. NDA: Preventing speculative execution attacks at their source. In MICRO, 572\u2013586."},{"key":"e_1_3_1_162_2","volume-title":"Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-order Execution","author":"Weisse Ofir","year":"2018","unstructured":"Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas F. Wenisch, and Yuval Yarom. 2018. Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-order Execution. Retrieved September 2021 from https:\/\/foreshadowattack.eu\/foreshadow-NG.pdf"},{"key":"e_1_3_1_163_2","first-page":"675","volume-title":"USENIX Security","author":"Werner Mario","year":"2019","unstructured":"Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. 2019. ScatterCache: Thwarting cache attacks via cache set randomization. In USENIX Security, 675\u2013692."},{"key":"e_1_3_1_164_2","first-page":"2","volume-title":"RISP","author":"Wray J.C.","year":"1991","unstructured":"J.C. Wray. 1991. An analysis of covert timing channels. In RISP, 2\u20137."},{"key":"e_1_3_1_165_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2014.2304439"},{"key":"e_1_3_1_166_2","first-page":"139","volume-title":"HPCA","author":"Xiong Wenjie","year":"2020","unstructured":"Wenjie Xiong and Jakub Szefer. 2020. Leaking information through cache LRU states. In HPCA, 139\u2013152."},{"key":"e_1_3_1_167_2","doi-asserted-by":"publisher","DOI":"10.1145\/3442479"},{"key":"e_1_3_1_168_2","first-page":"29","volume-title":"CCSW","author":"Xu Yunjing","year":"2011","unstructured":"Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. 2011. An exploration of L2 cache covert channels in virtualized environments. In CCSW, 29\u201340."},{"key":"e_1_3_1_169_2","first-page":"640","volume-title":"S&P","author":"Xu Yuanzhong","year":"2015","unstructured":"Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In S&P, 640\u2013656."},{"key":"e_1_3_1_170_2","first-page":"428","volume-title":"MICRO","author":"Yan Mengjia","year":"2018","unstructured":"Mengjia Yan, Jiho Choi, Dimitrios Skarlatos, Adam Morrison, Christopher Fletcher, and Josep Torrellas. 2018. Invisispec: Making speculative execution invisible in the cache hierarchy. In MICRO, 428\u2013441."},{"key":"e_1_3_1_171_2","first-page":"888","volume-title":"S&P","author":"Yan Mengjia","year":"2019","unstructured":"Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher Fletcher, Roy Campbell, and Josep Torrellas. 2019. Attack directories, not caches: Side channel attacks in a non-inclusive world. In S&P, 888\u2013904."},{"key":"e_1_3_1_172_2","first-page":"1","volume-title":"ISCA","author":"Yang Yuheng","year":"2023","unstructured":"Yuheng Yang, Thomas Bourgeat, Stella Lau, and Mengjia Yan. 2023. Pensieve: Microarchitectural modeling for security evaluation. In ISCA, 1\u201315."},{"key":"e_1_3_1_173_2","first-page":"168","volume-title":"HPCA","author":"Yao Fan","year":"2018","unstructured":"Fan Yao, Milos Doroslovacki, and Guru Venkataramani. 2018. Are coherence protocol states vulnerable to information leakage? In HPCA, 168\u2013179."},{"key":"e_1_3_1_174_2","first-page":"155","volume-title":"GLSVLSI","author":"Yao Fan","year":"2017","unstructured":"Fan Yao, Guru Venkataramani, and Milo\u0161 Doroslova\u010dki. 2017. Covert timing channels exploiting non-uniform memory access based architectures. In GLSVLSI, 155\u2013160."},{"key":"e_1_3_1_175_2","first-page":"719","volume-title":"USENIX Security","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In USENIX Security, 719\u2013732."},{"key":"e_1_3_1_176_2","doi-asserted-by":"publisher","DOI":"10.1007\/s13389-017-0152-y"},{"key":"e_1_3_1_177_2","first-page":"1973","volume-title":"USENIX Security","author":"Yu Jiyong","year":"2023","unstructured":"Jiyong Yu, Aishani Dutta, Trent Jaeger, David Kohlbrenner, and Christopher W. Fletcher. 2023. Synchronization storage channels (S2C): Timer-less cache side-channel attacks on the apple M1 via hardware synchronization instructions. In USENIX Security, 1973\u20131990."},{"key":"e_1_3_1_178_2","volume-title":"NDSS","author":"Yu Jiyong","year":"2019","unstructured":"Jiyong Yu, Lucas Hsiung, Mohamad El Hajj, and Christopher W. Fletcher. 2019. Data oblivious ISA extensions for side channel-resistant and high performance computing. In NDSS, 1\u201315."},{"key":"e_1_3_1_179_2","first-page":"954","volume-title":"MICRO","author":"Yu Jiyong","year":"2019","unstructured":"Jiyong Yu, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. 2019. Speculative taint tracking (STT) : A comprehensive protection for speculatively accessed data. In MICRO, 954\u2013968."},{"key":"e_1_3_1_180_2","doi-asserted-by":"publisher","DOI":"10.1145\/2775054.2694372"},{"key":"e_1_3_1_181_2","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2023.3291669"},{"key":"e_1_3_1_182_2","first-page":"7267","volume-title":"USENIX Security","author":"Zhang Ruiyi","year":"2023","unstructured":"Ruiyi Zhang, Taehyun Kim, Daniel Weber, and Michael Schwarz. 2023. (M)WAIT for it: Bridging the gap between microarchitectural and architectural side channels. In USENIX Security, 7267\u20137284."},{"key":"e_1_3_1_183_2","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1007\/978-3-319-45719-2_6","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"Zhang Tianwei","year":"2016","unstructured":"Tianwei Zhang, Yinqian Zhang, and Ruby B. Lee. 2016. CloudRadar: A real-time side-channel attack detection system in clouds. In Research in Attacks, Intrusions, and Defenses, 118\u2013140."},{"key":"e_1_3_1_184_2","first-page":"1","volume-title":"HPCA","author":"Zhang Xin","year":"2024","unstructured":"Xin Zhang, Zhi Zhang, Qingni Shen, Wenhao Wang, Yansong Gao, Zhuoxi Yang, and Jiliang Zhang. 2024. SegScope: Probing fine-grained interrupts via architectural footprints. In HPCA, 1\u201315."},{"key":"e_1_3_1_185_2","first-page":"827","volume-title":"CCS","author":"Zhang Yinqian","year":"2013","unstructured":"Yinqian Zhang and Michael K. Reiter. 2013. D\u00fcppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In CCS, 827\u2013838."},{"key":"e_1_3_1_186_2","first-page":"1267","volume-title":"DAC","author":"Zhao Lutan","year":"2021","unstructured":"Lutan Zhao, Peinan Li, Rui Hou, Michael C. Huang, Jiazhen Li, Lixin Zhang, Xuehai Qian, and Dan Meng. 2021. A lightweight isolation mechanism for secure branch predictors. In DAC, 1267\u20131272."},{"key":"e_1_3_1_187_2","first-page":"871","volume-title":"CCS","author":"Zhou Ziqiao","year":"2016","unstructured":"Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A software approach to defeating side channels in last-level caches. In CCS, 871\u2013882."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3645109","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3645109","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:28Z","timestamp":1750291408000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3645109"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,9]]},"references-count":186,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2024,7,31]]}},"alternative-id":["10.1145\/3645109"],"URL":"https:\/\/doi.org\/10.1145\/3645109","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,9]]},"assertion":[{"value":"2023-02-07","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-31","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-04-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}