{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T01:50:33Z","timestamp":1769910633199,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"publisher","award":["439797619"],"award-info":[{"award-number":["439797619"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Bundesministerium f\u00fcr Bildung und Forschung","award":["SASVI,AnoMed"],"award-info":[{"award-number":["SASVI,AnoMed"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690230","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"79-93","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDX"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-5785-9179","authenticated-orcid":false,"given":"Luca","family":"Wilke","sequence":"first","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1501-0936","authenticated-orcid":false,"given":"Florian","family":"Sieck","sequence":"additional","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1116-6973","authenticated-orcid":false,"given":"Thomas","family":"Eisenbarth","sequence":"additional","affiliation":[{"name":"University of L\u00fcbeck, L\u00fcbeck, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Erdem Aktas Cfir Cohen Josh Eads James Forshaw and Felix Wilhelm. 2023. Intel Trust Domain Extensions (TDX) Security Review. https:\/\/services.google.com\/fh\/files\/misc\/intel_tdx_-_full_report_041423.pdf. Accessed on 07.10.2023."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-030--77870--5_19"},{"key":"e_1_3_2_1_3_1","unstructured":"AMD. 2020. AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417268"},{"key":"e_1_3_2_1_5_1","unstructured":"ARM. 2023. Introducing Arm Confidential Compute Architecture. https:\/\/developer.arm.com\/documentation\/den0125\/latest. Revision 0300-01."},{"key":"e_1_3_2_1_6_1","volume-title":"SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016","author":"Arnautov Sergei","year":"2016","unstructured":"Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andr\u00e9 Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O'Keeffe, Mark Stillwell, David Goltzsche, David M. Eyers, R\u00fcdiger Kapitza, Peter R. Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2016, Savannah, GA, USA, November 2--4, 2016, Kimberly Keeton and Timothy Roscoe (Eds.). USENIX Association, 689--703. https:\/\/www.usenix.org\/conference\/osdi16\/technical-sessions\/presentation\/arnautov"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2799647"},{"key":"e_1_3_2_1_8_1","unstructured":"Daniel Bleichenbacher. 2000. On the generation of one-time keys in DL signature schemes. In Presentation at IEEE P1363 working group meeting. 81."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3268935.3268941"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243822"},{"key":"e_1_3_2_1_12_1","volume-title":"32nd USENIX Security Symposium, USENIX Security 2023","author":"Constable Scott","year":"2023","unstructured":"Scott Constable, Jo Van Bulck, Xiang Cheng, Yuan Xiao, Cedric Xing, Ilya Alexandrovich, Taesoo Kim, Frank Piessens, Mona Vij, and Mark Silberstein. 2023. AEX-Notify: Thwarting Precise Single-Stepping Attacks through Interrupt Awareness for Intel SGX Enclaves. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9--11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/constable"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3296957.3173204"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065915"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011214926272"},{"key":"e_1_3_2_1_16_1","unstructured":"IBM. 2022. Introducing IBM Secure Execution for Linux 1.3.0. https:\/\/www.ibm.com\/docs\/en\/linuxonibm\/pdf\/l130se03.pdf. Revision SC34--7721-03."},{"key":"e_1_3_2_1_17_1","first-page":"348549","article-title":"Intel Trust Domain Extensions (Intel TDX) Module Base Architecture Specification","year":"2021","unstructured":"Intel. 2021. Intel Trust Domain Extensions (Intel TDX) Module Base Architecture Specification. Revision 348549-001.","journal-title":"Revision"},{"key":"e_1_3_2_1_18_1","unstructured":"Intel. 2022. Intel Architecture Memory Encryption Technologies. Revision 336907-004US."},{"key":"e_1_3_2_1_19_1","first-page":"325462","article-title":"Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes: 1 to 4","year":"2023","unstructured":"Intel. 2023. Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes: 1 to 4. Revision 325462-080.","journal-title":"Revision"},{"key":"e_1_3_2_1_20_1","unstructured":"Intel. 2023. Intel TDX Documentation. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/technical-documentation\/tdx-security-research-and-assurance.html. Accessed on 30.11.2023."},{"key":"e_1_3_2_1_21_1","unstructured":"Intel. 2023. Intel Trust Domain Extensions. https:\/\/cdrdv2.intel.com\/v1\/dl\/getContent\/690419. Accessed on 07.10.2023."},{"key":"e_1_3_2_1_22_1","unstructured":"Intel. 2023 d. MKTME Side Channel Impact on Intel TDX. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/best-practices\/mktme-side-channel-impact-on-intel-tdx.html. Accessed on 07.10.2023."},{"key":"e_1_3_2_1_23_1","unstructured":"Intel. 2024. Intel TDX Module - Code for Single-Step Detection and Single-Step Prevention. https:\/\/github.com\/intel\/tdx-module\/blob\/tdx_1.5\/src\/td_transitions\/td_exit_stepping.. Accessed on 18.04.2024."},{"key":"e_1_3_2_1_24_1","unstructured":"Intel. 2024. Software Security Guidance - Best Practices. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/topic-technology\/software-security-guidance\/best-practices.html. Accessed on 28.08.2024."},{"key":"e_1_3_2_1_25_1","unstructured":"David Kaplan. 2017. Protecting VM Register state with SEV-ES. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/Protecting-VM-Register-State-with-SEV-ES.pdf."},{"key":"e_1_3_2_1_26_1","unstructured":"David Kaplan Jeremy Powell and Wolle. 2021. AMD Memory Encryption. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/memory-encryption-white-paper.pdf."},{"key":"e_1_3_2_1_27_1","volume-title":"Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium, USENIX Security 2017","author":"Lee Sangho","year":"2017","unstructured":"Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16--18, 2017, Engin Kirda and Thomas Ristenpart (Eds.). USENIX Association, 557--574. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/lee-sangho"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"e_1_3_2_1_29_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Li Mengyuan","year":"2019","unstructured":"Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. 2019. Exploiting Unprotected I\/O Operations in AMD's Secure Encrypted Virtualization. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14--16, 2019, Nadia Heninger and Patrick Traynor (Eds.). USENIX Association, 1257--1272. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_30_1","volume-title":"30th USENIX Security Symposium, USENIX Security 2021","author":"Li Mengyuan","year":"2021","unstructured":"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium, USENIX Security 2021, August 11--13, 2021, Michael Bailey and Rachel Greenstadt (Eds.). USENIX Association, 717--732. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00063"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--66787--4_4"},{"key":"e_1_3_2_1_33_1","volume-title":"CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 469--486. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/moghimi-copycat"},{"key":"e_1_3_2_1_34_1","volume-title":"29th USENIX Security Symposium, USENIX Security 2020","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Berk Sunar, Thomas Eisenbarth, and Nadia Heninger. 2020. TPM-FAIL: TPM meets Timing and Lattice Attacks. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 2057--2073. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/moghimi-tpm"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3193111.3193112"},{"key":"e_1_3_2_1_36_1","first-page":"343754","article-title":"Intel Trust Domain CPU Architectural Extensions. https:\/\/www.kernel.org\/doc\/html\/latest\/crypto\/index.html","author":"Mueller Stephan","year":"2021","unstructured":"Stephan Mueller and Marek Vasut. 2021. Intel Trust Domain CPU Architectural Extensions. https:\/\/www.kernel.org\/doc\/html\/latest\/crypto\/index.html. Revision 343754-002.","journal-title":"Revision"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00057"},{"key":"e_1_3_2_1_38_1","unstructured":"National Institute of Standards and Technology. 2023. FIPS 186--5 - Digital Signature Standard (DSS). https:\/\/nvlpubs.nist.gov\/nistpubs\/FIPS\/NIST.FIPS.186--5.pdf."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1025436905711"},{"key":"e_1_3_2_1_40_1","unstructured":"OpenSSL. 2024. OpenSSL Security Policy. https:\/\/www.openssl.org\/policies\/general\/security-policy.html. Accessed on 18.04.2024."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00020"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.13154\/TCHES.V2019.I1.146--168"},{"key":"e_1_3_2_1_43_1","volume-title":"WESEE: Using Malicious #VC Interrupts to Break AMD SEV-SNP. In to appear at 45th IEEE Symposium on Security and Privacy.","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde. 2024. WESEE: Using Malicious #VC Interrupts to Break AMD SEV-SNP. In to appear at 45th IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_44_1","volume-title":"HECKLER: Breaking Confidential VMs with Malicious Interrupts. In to appear at 33rd USENIX Security Symposium (USENIX Security 24).","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, and Shweta Shinde. 2024. HECKLER: Breaking Confidential VMs with Malicious Interrupts. In to appear at 33rd USENIX Security Symposium (USENIX Security 24)."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354252"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484783"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2024.i1.457--500"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/MM.2020.2986204"},{"key":"e_1_3_2_1_49_1","volume-title":"Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference, USENIX ATC 2017","author":"Porter Donald E.","year":"2017","unstructured":"Chia-che Tsai, Donald E. Porter, and Mona Vij. 2017. Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference, USENIX ATC 2017, Santa Clara, CA, USA, July 12--14, 2017, Dilma Da Silva and Bryan Ford (Eds.). USENIX Association, 645--658. https:\/\/www.usenix.org\/conference\/atc17\/technical-sessions\/presentation\/tsai"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134038"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3-031--35504--2_3"},{"key":"e_1_3_2_1_52_1","volume-title":"Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In 29th USENIX Security Symposium, USENIX Security 2020","author":"Weiser Samuel","year":"2020","unstructured":"Samuel Weiser, David Schrammel, Lukas Bodner, and Raphael Spreitzer. 2020. Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In 29th USENIX Security Symposium, USENIX Security 2020, August 12--14, 2020, Srdjan Capkun and Franziska Roesner (Eds.). USENIX Association, 1767--1784. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/weiser"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274741"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560654"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00080"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2024.i1.180--206"},{"key":"e_1_3_2_1_57_1","unstructured":"wolfSSL. 2023. wolfSSL Manual. https:\/\/www.wolfssl.com\/documentation\/manuals\/wolfssl\/chapter02.html. Accessed on 30.11.2023."},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_59_1","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Zhang Ruiyi","year":"2024","unstructured":"Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng L\u00fc, Andreas Kogler, and Michael Schwarz. 2024. CacheWarp: Software-based Fault Injection using Selective State Reset. In 33rd USENIX Security Symposium (USENIX Security 24)."},{"key":"e_1_3_2_1_60_1","volume-title":"32nd USENIX Security Symposium, USENIX Security 2023","author":"Zhang Ruiyi","year":"2023","unstructured":"Ruiyi Zhang, Taehyun Kim, Daniel Weber, and Michael Schwarz. 2023. (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, August 9--11, 2023, Joseph A. Calandrino and Carmela Troncoso (Eds.). USENIX Association, 7267--7284. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/zhang-ruiyi"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690230","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690230","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:08:18Z","timestamp":1755842898000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690230"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":60,"alternative-id":["10.1145\/3658644.3690230","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690230","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}