{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,8]],"date-time":"2026-01-08T04:24:49Z","timestamp":1767846289618,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":46,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,6,23]],"date-time":"2024-06-23T00:00:00Z","timestamp":1719100800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,6,23]]},"DOI":"10.1145\/3649329.3655895","type":"proceedings-article","created":{"date-parts":[[2024,11,7]],"date-time":"2024-11-07T19:27:22Z","timestamp":1731007642000},"page":"1-6","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Conjuring: Leaking Control Flow via Speculative Fetch Attacks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3219-7544","authenticated-orcid":false,"given":"Ali","family":"Hajiabadi","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8742-134X","authenticated-orcid":false,"given":"Trevor E.","family":"Carlson","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, N\/A, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Battery properties management 2021. https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/bluetooth-next.git\/tree\/drivers\/hid\/hid-input.c#n247."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Nathan Binkert et al. 2011. The gem5 simulator. ACM SIGARCH Computer Architecture News (2011).","DOI":"10.1145\/2024716.2024718"},{"key":"e_1_3_2_1_3_1","unstructured":"Bluetooth connection activity management 2021. https:\/\/git.kernel.org\/pub\/scm\/bluetooth\/bluetooth-next.git\/tree\/drivers\/hid\/hid-input.c#n383."},{"key":"e_1_3_2_1_4_1","volume-title":"CCS","author":"Borrello Pietro","year":"2021","unstructured":"Pietro Borrello, et al. 2021. Constantine: Automatic side-channel resistance using efficient control and data flow linearization. In CCS 2021."},{"key":"e_1_3_2_1_5_1","unstructured":"Claudio Canella et al. 2019. A systematic evaluation of transient execution attacks and defenses. In USENIX Security 2019."},{"key":"e_1_3_2_1_6_1","volume-title":"In Proceedings 5th Championship on Branch Prediction.","year":"2016","unstructured":"CBP-5 Kit 2016. In Proceedings 5th Championship on Branch Prediction."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA57654.2024.00013"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Md Hafizul Islam Chowdhuryy et al. 2021. Leaking secrets through modern branch predictor in the speculative world. IEEE Trans. Comput. (2021).","DOI":"10.1109\/TC.2021.3122830"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA53966.2022.00013"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Dmitry Evtyushkin et al. 2016. Understanding and mitigating covert channels through branch predictors. ACM TACO (2016).","DOI":"10.1145\/2870636"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3173204"},{"key":"e_1_3_2_1_12_1","unstructured":"Ben Gras et al. 2018. Translation Leak-aside Buffer: Defeating cache side-channel protections with TLB Attacks. In USENIX Security 2018."},{"key":"e_1_3_2_1_13_1","volume-title":"ISCA","author":"Grayson Brian","year":"2020","unstructured":"Brian Grayson, et al. 2020. Evolution of the Samsung Exynos CPU microarchitecture. In ISCA 2020."},{"key":"e_1_3_2_1_14_1","volume-title":"DAC","author":"Hajiabadi Ali","year":"2024","unstructured":"Ali Hajiabadi, et al. 2024. Levioso: Efficient compiler-informed secure speculation. In DAC 2024."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Nadia Heninger et al. 2009. Reconstructing RSA private keys from random key bits. In Crypto 2009.","DOI":"10.1007\/978-3-642-03356-8_1"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2003.1253199"},{"key":"e_1_3_2_1_17_1","volume-title":"HPCA","author":"Daniel","year":"2001","unstructured":"Daniel A Jim\u00e9nez et al. 2001. Dynamic branch prediction with perceptrons. In HPCA 2001."},{"key":"e_1_3_2_1_18_1","volume-title":"CHES","author":"Marc","year":"2002","unstructured":"Marc Joye et al. 2002. The Montgomery powering ladder. In CHES 2002."},{"key":"e_1_3_2_1_19_1","unstructured":"Ofek Kirzner et al. 2021. An analysis of speculative type confusion vulnerabilities in the wild. In USENIX Security 2021."},{"key":"e_1_3_2_1_20_1","volume-title":"Spectre Attacks: Exploiting speculative execution. In S&P","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, et al. 2019. Spectre Attacks: Exploiting speculative execution. In S&P 2019."},{"key":"e_1_3_2_1_21_1","unstructured":"Jaekyu Lee et al. 2020. Securing branch predictors with two-level encryption. ACM TACO (2020)."},{"key":"e_1_3_2_1_22_1","unstructured":"Sangho Lee et al. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security 2017."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2694344.2694385"},{"key":"e_1_3_2_1_24_1","volume-title":"MbedTLS: An open source, portable, easy to use, readable and flexible SSL library. ARM Holdings plc","author":"Mbed Arm","year":"2019","unstructured":"Arm Mbed. 2019. MbedTLS: An open source, portable, easy to use, readable and flexible SSL library. ARM Holdings plc (2019)."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11734727_14"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCAD57390.2023.10323979"},{"key":"e_1_3_2_1_27_1","unstructured":"Popping the hood on Golden Cove 2021. https:\/\/chipsandcheese.com\/2021\/12\/02\/popping-the-hood-on-golden-cove\/."},{"key":"e_1_3_2_1_28_1","volume-title":"Frontal Attack: Leaking control-flow in SGX via the CPU frontend. In USENIX Security","author":"Puddu Ivan","year":"2021","unstructured":"Ivan Puddu, et al. 2021. Frontal Attack: Leaking control-flow in SGX via the CPU frontend. In USENIX Security 2021."},{"key":"e_1_3_2_1_29_1","volume-title":"Raccoon: Closing digital side-channels through obfuscated execution. In USENIX Security","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane, et al. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In USENIX Security 2015."},{"key":"e_1_3_2_1_30_1","unstructured":"RSA LibreSSL 3.3.6 2023. https:\/\/github.com\/PowerShell\/LibreSSL\/blob\/edfc7eb366aa242e8966332e6d98a16cd4264d6c\/crypto\/bn\/bn_exp.c#L481."},{"key":"e_1_3_2_1_31_1","unstructured":"Roei Schuster et al. 2021. You autocomplete me: Poisoning vulnerabilities in neural code completion. In USENIX Security 2021."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64322-8_14"},{"key":"e_1_3_2_1_33_1","unstructured":"Nigel Smart et al. 2012. ECRYPT II yearly report on algorithms and keysizes (2011--2012). European network of excellence in cryptology (ECRYPT II) (2012)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304060"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2019.00058"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613424.3614275"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213851"},{"key":"e_1_3_2_1_39_1","unstructured":"Yuval Yarom et al. 2014. Flush+Reload: A high resolution low noise L3 cache Side-Channel attack. In USENIX Security 2014."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Hosein Yavarzadeh et al. 2023. Half&Half: Demystifying Intel's directional branch predictors for fast secure partitioned execution. In S&P 2023.","DOI":"10.1109\/SP46215.2023.10179309"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23061"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358274"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00023"},{"key":"e_1_3_2_1_44_1","unstructured":"Zhiyuan Zhang et al. 2023. BunnyHop: Exploiting the instruction prefetcher. In USENIX Security 2023."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18074.2021.9586178"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA53966.2022.00033"}],"event":{"name":"DAC '24: 61st ACM\/IEEE Design Automation Conference","location":"San Francisco CA USA","acronym":"DAC '24","sponsor":["SIGDA ACM Special Interest Group on Design Automation","IEEE-CEDA","SIGBED ACM Special Interest Group on Embedded Systems"]},"container-title":["Proceedings of the 61st ACM\/IEEE Design Automation Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649329.3655895","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3649329.3655895","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:48Z","timestamp":1750295868000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3649329.3655895"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,23]]},"references-count":46,"alternative-id":["10.1145\/3649329.3655895","10.1145\/3649329"],"URL":"https:\/\/doi.org\/10.1145\/3649329.3655895","relation":{},"subject":[],"published":{"date-parts":[[2024,6,23]]},"assertion":[{"value":"2024-11-07","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}