{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:16:44Z","timestamp":1763968604632,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Deutsche Forschungsgemeinschaft","award":["EXC 2092 CASA - 390781972;"],"award-info":[{"award-number":["EXC 2092 CASA - 390781972;"]}]},{"DOI":"10.13039\/501100006374","name":"Australian Research Council","doi-asserted-by":"publisher","award":["DP210102670"],"award-info":[{"award-number":["DP210102670"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Israel Science Foundation","doi-asserted-by":"publisher","award":["1807\/23"],"award-info":[{"award-number":["1807\/23"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3690313","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"109-123","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Spec-o-Scope: Cache Probing at Cache Speed"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-5983-1652","authenticated-orcid":false,"given":"Gal","family":"Horowitz","sequence":"first","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6013-7426","authenticated-orcid":false,"given":"Eyal","family":"Ronen","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Tel Aviv, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0401-4197","authenticated-orcid":false,"given":"Yuval","family":"Yarom","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alejandro Cabrera Aldaya and Billy Bob Brumley. 2022. HyperDegrade: From GHz to MHz Effective CPU Frequencies. In USENIX Security. 2801--2818. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/aldaya"},{"key":"e_1_3_2_1_2_1","volume-title":"Katrina Falkner, Joop van de Pol, and Yuval Yarom.","author":"Allan Thomas","year":"2016","unstructured":"Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol, and Yuval Yarom. 2016. Amplifying side channels through performance degradation."},{"key":"e_1_3_2_1_3_1","first-page":"86","article-title":"S-Box","volume":"4","author":"Ashokkumar C","year":"2020","unstructured":"C Ashokkumar, Bholanath Roy, M Bhargav Sri Venkatesh, and Bernard L. Menezes. 2020. \u201cS-Box\u201d Implementation of AES Is Not Side Channel Resistant. HASS, Vol. 4 (2020), 86--97.","journal-title":"Implementation of AES Is Not Side Channel Resistant. HASS"},{"volume-title":"Software Grand Exposure: SGX Cache Attacks Are Practical","author":"Brasser Ferdinand","key":"e_1_3_2_1_4_1","unstructured":"Ferdinand Brasser, Urs M\u00fcller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In WOOT. USENIX Association. https:\/\/www.usenix.org\/conference\/woot17\/workshop-program\/presentation\/brasser"},{"volume-title":"Aim","author":"Briongos Samira","key":"e_1_3_2_1_5_1","unstructured":"Samira Briongos, Ida Bruhns, Pedro Malag\u00f3n, Thomas Eisenbarth, and Jos\u00e9 Manuel Moya. 2021. Aim, Wait, Shoot: How the CacheSniper Technique Improves Unprivileged Cache Attacks. In EuroS&P. 683--700."},{"key":"e_1_3_2_1_6_1","volume-title":"O'Hallaron","author":"Bryant Randal E.","year":"2016","unstructured":"Randal E. Bryant and David R. O'Hallaron. 2016. Computer Systems: A Programmer's Perspection. Pearson."},{"key":"e_1_3_2_1_7_1","volume-title":"TCHES","volume":"3","author":"William Cheng Shing Hing","year":"2024","unstructured":"Shing Hing William Cheng, Chitchanok Chuengsatiansup, Daniel Genkin, Dallas McNeil, Toby Murray, Yuval Yarom, and Zhiyuan Zhang. 2024. EvictSpecTime: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks. TCHES, Vol. 3, 2024 (2024). https:\/\/eprint.iacr.org\/2024\/149"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Dmitry Evtyushkin Thomas Benjamin Jesse Elwell Jeffrey A. Eitel Angelo Sapello and Abhrajit Ghosh. 2021. Computing with Time: Microarchitectural Weird Machines. In ASPLOS. 758--772.","DOI":"10.1145\/3445814.3446729"},{"key":"e_1_3_2_1_9_1","volume-title":"Instruction Tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs. https:\/\/www.agner.org\/optimize\/instruction_tables.pdf.","author":"Fog Agner","year":"2022","unstructured":"Agner Fog. 2022. Instruction Tables: Lists of instruction latencies, throughputs and micro-operation breakdowns for Intel, AMD, and VIA CPUs. https:\/\/www.agner.org\/optimize\/instruction_tables.pdf."},{"key":"e_1_3_2_1_10_1","unstructured":"Agner Fog. 2023. The microarchitecture of Intel AMD and VIA CPUs. https:\/\/www.agner.org\/optimize\/microarchitecture.pdf."},{"key":"e_1_3_2_1_11_1","unstructured":"Marc Green Leandro Rodrigues-Lima Andreas Zankl Gorka Irazoqui Johann Heyszl and Thomas Eisenbarth. 2017. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think. In USENIX Security."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Daniel Gruss Cl\u00e9mentine Maurice Klaus Wagner and Stefan Mangard. 2016. FlushFlush: A Fast and Stealthy Cache Attack.","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_1_13_1","unstructured":"Daniel Gruss Raphael Spreitzer and Stefan Mangard. 2015. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In USENIX Security. 897--912. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity15\/sec15-paper-gruss.pdf"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Mehmet Sinan Inci Berk G\u00fclmezoglu Gorka Irazoqui Thomas Eisenbarth and Berk Sunar. 2016. Cache Attacks Enable Bulk Key Recovery on the Cloud. In CHES. 368--388.","DOI":"10.1007\/978-3-662-53140-2_18"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2015.42"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/978--3--319--11379--1_15"},{"key":"e_1_3_2_1_18_1","unstructured":"David A. Kaplan. 2023. Optimization and Amplification of Cache Side Channel Signals. hrefhttps:\/\/arxiv.org\/pdf\/2303.00122.pdftextttarXiv\/2303.00122."},{"key":"e_1_3_2_1_19_1","unstructured":"Daniel Katzman William Kosasih Chitchanok Chuengsatiansup Eyal Ronen and Yuval Yarom. 2023. The Gates of Time: Improving Cache Attacks with Transient Execution. In USENIX Security. https:\/\/www.usenix.org\/system\/files\/usenixsecurity23-katzman.pdf"},{"key":"e_1_3_2_1_20_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In IEEE SP. 1--19."},{"key":"e_1_3_2_1_21_1","first-page":"1","article-title":"Attack Directories on ARM big.LITTLE Processors","volume":"62","author":"Kou Zili","year":"2022","unstructured":"Zili Kou, Sharad Sinha, Wenjian He, and Wei Zhang. 2022. Attack Directories on ARM big.LITTLE Processors. In ICCAD. 62:1--62:9.","journal-title":"ICCAD."},{"volume-title":"NetCat: Practical Cache Attacks from the Network","author":"Kurth Michael","key":"e_1_3_2_1_22_1","unstructured":"Michael Kurth, Ben Gras, Dennis Andriesse, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2020. NetCat: Practical Cache Attacks from the Network. In IEEE SP. 20--38."},{"key":"e_1_3_2_1_23_1","unstructured":"Andrew Kwong Walter Wang Jason Kim Jonathan Berger Daniel Genkin Eyal Ronen Hovav Shacham Riad S. Wahby and Yuval Yarom. 2023. Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome's Password Leak Detect Protocol. In USENIX Security. 7107--7124. https:\/\/www.usenix.org\/system\/files\/usenixsecurity23-kwong.pdf"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Moritz Lipp Daniel Gruss Michael Schwarz David Bidner Cl\u00e9mentine Maurice and Stefan Mangard. 2017. Practical Keystroke Timing Attacks in Sandboxed JavaScript. In ESORICS. 191--209.","DOI":"10.1007\/978-3-319-66399-9_11"},{"key":"e_1_3_2_1_25_1","unstructured":"Moritz Lipp Daniel Gruss Raphael Spreitzer Cl\u00e9mentine Maurice and Stefan Mangard. 2016. ARMageddon: Cache Attacks on Mobile Devices. In USENIX Security. 549--564. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity16\/sec16_paper_lipp.pdf"},{"key":"e_1_3_2_1_26_1","volume-title":"Meltdown: Reading Kernel Memory from User Space. In USENIX Security. 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In USENIX Security. 973--990. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/lipp"},{"key":"e_1_3_2_1_27_1","volume-title":"Lee","author":"Liu Fangfei","year":"2015","unstructured":"Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B. Lee. 2015. Last-Level Cache Side-Channel Attacks are Practical. In IEEE SP. 605--622."},{"key":"e_1_3_2_1_28_1","volume-title":"Stefan Mangard, and Kay R\u00f6mer.","author":"Maurice Cl\u00e9mentine","year":"2017","unstructured":"Cl\u00e9mentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Stefan Mangard, and Kay R\u00f6mer. 2017. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud. In NDSS. https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2017\/09\/ndss2017_06A-1_Maurice_paper.pdf"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Ahmad Moghimi Gorka Irazoqui and Thomas Eisenbarth. 2017. CacheZoom: How SGX Amplifies the Power of Cache Attacks. In CHES.","DOI":"10.1007\/978-3-319-66787-4_4"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"Michael Neve and Jean-Pierre Seifert. 2006. Advances on Access-Driven Cache Attacks on AES. In SAC. 147--162. https:\/\/doi.org\/10.1007\/978--3--540--74462--7_11","DOI":"10.1007\/978--3--540--74462--7_11"},{"key":"e_1_3_2_1_31_1","volume-title":"Keromytis","author":"Oren Yossef","year":"2015","unstructured":"Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, and Angelos D. Keromytis. 2015. The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. In CCS. 1406--1418."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"crossref","unstructured":"Dag Arne Osvik Adi Shamir and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In CT-RSA. 1--20.","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_1_33_1","unstructured":"Colin Percival. 2005. Cache Missing for Fun and Profit. https:\/\/www.daemonology.net\/papers\/htt.pdf"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"crossref","unstructured":"Antoon Purnal Marton Bognar Frank Piessens and Ingrid Verbauwhede. 2023. ShowTime: Amplifying Arbitrary CPU Timing Side Channels.","DOI":"10.1145\/3579856.3590332"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Antoon Purnal Furkan Turan and Ingrid Verbauwhede. 2021. PrimeScope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks. In CCS. 2906--2920.","DOI":"10.1145\/3460120.3484816"},{"key":"e_1_3_2_1_36_1","unstructured":"Eyal Ronen. 2024. eyalr0\/Spec-o-Scope: V1.0.0."},{"key":"e_1_3_2_1_37_1","unstructured":"Aria Shahverdi Mahammad Shirinov and Dana Dachman-Soled. 2021. Database Reconstruction from Noisy Volumes: A Cache Side-Channel Attack on SQLite. In USENIX Security. 1019--1035. https:\/\/www.usenix.org\/system\/files\/sec21-shahverdi.pdf"},{"key":"e_1_3_2_1_38_1","unstructured":"Anatoly Shusterman Lachlan Kang Yarden Haskal Yosef Meltser Prateek Mittal Yossi Oren and Yuval Yarom. 2019. Robust Website Fingerprinting Through the Cache Occupancy Channel. In USENIX Security. 639--656. https:\/\/www.usenix.org\/system\/files\/sec19-shusterman.pdf"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Yukiyasu Tsunoo Teruo Saito Tomoyasu Suzaki Maki Shigeri and Hiroshi Miyauchi. 2003. Cryptanalysis of DES Implemented on Computers with Cache. In CHES. 62--76.","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"crossref","unstructured":"Yukiyasu Tsunoo Etsuko Tsujihara Kazuhiko Minematsu and Hiroshi Miyauchi. 2002. Cryptanalysis of Block Ciphers Implemented on Computers with Cache. In ISITIA.","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"crossref","unstructured":"Jo Van Bulck Frank Piessens and Raoul Strackx. 2017. SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control.","DOI":"10.1145\/3152701.3152706"},{"key":"e_1_3_2_1_42_1","volume-title":"Wahby","author":"Wang Ping-Lun","year":"2023","unstructured":"Ping-Lun Wang, Fraser Brown, and Riad S. Wahby. 2023. The ghost is the machine: Weird machines in transient execution. In WOOT. 264--272."},{"key":"e_1_3_2_1_43_1","unstructured":"Ping-Lun Wang Riccardo Paccagnella Riad S. Wahby and Fraser Brown. 2024. Bending microarchitectural weird machines towards practicality. In USENIX Security."},{"key":"e_1_3_2_1_44_1","volume-title":"Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In USENIX Security. 2003--2020. https:\/\/www.usenix.org\/system\/files\/sec20-yan.pdf","author":"Yan Mengjia","year":"2020","unstructured":"Mengjia Yan, Christopher W. Fletcher, and Josep Torrellas. 2020. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In USENIX Security. 2003--2020. https:\/\/www.usenix.org\/system\/files\/sec20-yan.pdf"},{"volume-title":"Attack Directories","author":"Yan Mengjia","key":"e_1_3_2_1_45_1","unstructured":"Mengjia Yan, Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, Roy H. Campbell, and Josep Torrellas. 2019. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. In IEEE SP. 888--904."},{"key":"e_1_3_2_1_46_1","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FlushReload: A High Resolution Low Noise L3 Cache Side-Channel Attack. In USENIX Security. 719--732. https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity14\/sec14-paper-yarom.pdf"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Yinqian Zhang Ari Juels Michael K. Reiter and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In CCS. 305--316.","DOI":"10.1145\/2382196.2382230"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Yinqian Zhang Ari Juels Michael K. Reiter and Thomas Ristenpart. 2014. Cross-Tenant Side-Channel Attacks in PaaS Clouds. In CCS. 990--1003.","DOI":"10.1145\/2660267.2660356"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Salt Lake City UT USA","acronym":"CCS '24"},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690313","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3690313","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:09:14Z","timestamp":1755842954000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3690313"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":48,"alternative-id":["10.1145\/3658644.3690313","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3690313","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}