{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:45:42Z","timestamp":1772725542390,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T00:00:00Z","timestamp":1743292800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Natural Sciences and Engineering Research Council of Canada (NSERC)","award":["RGPIN-2023-04796, RGPIN-2021-03729"],"award-info":[{"award-number":["RGPIN-2023-04796, RGPIN-2021-03729"]}]},{"name":"Spanish Ministry of Science and Innovation","award":["ED2021-132464BI00 PRODIGY, Ram\u00f3n y Cajal grant RYC2021-032614-I, PID2022-142290OB-I00 ESPADA"],"award-info":[{"award-number":["ED2021-132464BI00 PRODIGY, Ram\u00f3n y Cajal grant RYC2021-032614-I, PID2022-142290OB-I00 ESPADA"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,3,30]]},"DOI":"10.1145\/3676641.3716247","type":"proceedings-article","created":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T16:47:32Z","timestamp":1743094052000},"page":"32-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["AMuLeT: Automated Design-Time Testing of Secure Speculation Countermeasures"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1354-7545","authenticated-orcid":false,"given":"Bo","family":"Fu","sequence":"first","affiliation":[{"name":"University of Toronto, Toronto, ON, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5268-9910","authenticated-orcid":false,"given":"Leo","family":"Tenenbaum","sequence":"additional","affiliation":[{"name":"University of Toronto, Toronto, ON, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-9085-1342","authenticated-orcid":false,"given":"David","family":"Adler","sequence":"additional","affiliation":[{"name":"University of Toronto, Toronto, ON, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-4908-0867","authenticated-orcid":false,"given":"Assaf","family":"Klein","sequence":"additional","affiliation":[{"name":"Technion - Israel Institute of Technology, Haifa, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-0949-0888","authenticated-orcid":false,"given":"Arpit","family":"Gogia","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9064-4621","authenticated-orcid":false,"given":"Alaa R.","family":"Alameldeen","sequence":"additional","affiliation":[{"name":"Simon Fraser University, Burnaby, BC, Canada"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5767-555X","authenticated-orcid":false,"given":"Marco","family":"Guarnieri","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9659-068X","authenticated-orcid":false,"given":"Mark","family":"Silberstein","sequence":"additional","affiliation":[{"name":"Technion - Israel Institute of Technology, Haifa, Israel"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1964-8038","authenticated-orcid":false,"given":"Oleksii","family":"Oleksenko","sequence":"additional","affiliation":[{"name":"Azure Research, Microsoft, Cambridge, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3542-2548","authenticated-orcid":false,"given":"Gururaj","family":"Saileshwar","sequence":"additional","affiliation":[{"name":"University of Toronto, Toronto, ON, Canada"}]}],"member":"320","published-online":{"date-parts":[[2025,3,30]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/www.unicorn-engine. org\/","author":"The Unicorn","year":"2022","unstructured":"Unicorn - The Ultimate CPU emulator. https:\/\/www.unicorn-engine. org\/, 2022. (Accessed: May 1, 2024)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466752.3480074"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3445814.3446708"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024716.2024718"},{"key":"e_1_3_2_1_5_1","first-page":"2024","article-title":"White-box fuzzing for detecting and locating timing vulnerabilities in processors","author":"Borkar Pallavi","year":"2024","unstructured":"Pallavi Borkar, Chen Chen, Mohamadreza Rostami, Nikhilesh Singh, Rahul Kande, Ahmad-Reza Sadeghi, Chester Rebeiro, and Jeyavijayan Rajendran. Whisperfuzz: White-box fuzzing for detecting and locating timing vulnerabilities in processors. In USENIX Security 2024, 2024.","journal-title":"USENIX Security"},{"key":"e_1_3_2_1_6_1","volume-title":"Software engineering techniques","author":"Randell Buxton","year":"1969","unstructured":"Buxton and Randell. Software engineering techniques, 1969."},{"key":"e_1_3_2_1_7_1","volume-title":"USENIX Security","author":"Chen Boru","year":"2024","unstructured":"Boru Chen, Yingchen Wang, Pradyumna Shome, Christopher W Fletcher, David Kohlbrenner, Riccardo Paccagnella, and Daniel Genkin. Gofetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers. In USENIX Security, 2024."},{"key":"e_1_3_2_1_8_1","volume-title":"USENIX Security","author":"Cheng Xiaoyu","year":"2024","unstructured":"Xiaoyu Cheng, Fei Tong, Hongyu Wang, Zhe Zhou, Fang Jiang, and Yuxing Mao. Speclfb: Eliminating cache side channels in speculative executions. In USENIX Security, 2024."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/DAC18072.2020.9218572"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3152666"},{"key":"e_1_3_2_1_11_1","volume-title":"https:\/\/cyber.wtf\/2016\/09\/27\/covertshotgun\/","author":"Fogh Anders","year":"2016","unstructured":"Anders Fogh. Covert Shotgun. https:\/\/cyber.wtf\/2016\/09\/27\/covertshotgun\/, 2016. (Accessed: December 1, 2018)."},{"key":"e_1_3_2_1_12_1","volume-title":"The championship simulator: Architectural simulation for education and competition","author":"Gober Nathan","year":"2022","unstructured":"Nathan Gober, Gino Chacon, Lei Wang, Paul V. Gratz, Daniel A. Jimenez, Elvira Teran, Seth Pugsley, and Jinchun Kim. The championship simulator: Architectural simulation for education and competition, 2022."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.23018"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00036"},{"key":"e_1_3_2_1_15_1","first-page":"7143","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Hofmann Jana","year":"2023","unstructured":"Jana Hofmann, Emanuele Vannacci, C\u00e9dric Fournet, Boris K\u00f6pf, and Oleksii Oleksenko. Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions. In 32nd USENIX Security Symposium (USENIX Security 23), pages 7143--7160, 2023."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS '22","author":"Hur Jaewon","year":"2022","unstructured":"Jaewon Hur, Suhwan Song, Sunwoo Kim, and Byoungyoung Lee. Specdoctor: Differential fuzz testing to find transient execution vulnerabilities. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, CCS '22, 2022."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00103"},{"key":"e_1_3_2_1_18_1","first-page":"3219","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kande Rahul","year":"2022","unstructured":"Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. The- Huzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22), pages 3219--3236, 2022."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the Design Automation Conference (DAC)","author":"Khasawneh Khaled N","year":"2019","unstructured":"Khaled N Khasawneh, Esmaeil Mohammadian Koruyeh, Chengyu Song, Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. Safespec: Banishing the spectre of a meltdown with leakage-free speculation. In Proceedings of the Design Automation Conference (DAC), 2019."},{"key":"e_1_3_2_1_20_1","volume-title":"Spectre attacks: Exploiting speculative execution","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre attacks: Exploiting speculative execution. In IEEE Security and Privacy (SP), 2019."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA53966.2022.00016"},{"key":"e_1_3_2_1_22_1","first-page":"1397","volume-title":"Baris Kasikci. DOLMA: Securing Speculation with the Principle of Transient Non-Observability. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Loughlin Kevin","year":"2021","unstructured":"Kevin Loughlin, Ian Neal, Jiacheng Ma, Elisa Tsai, Ofir Weisse, Satish Narayanasamy, and Baris Kasikci. DOLMA: Securing Speculation with the Principle of Transient Non-Observability. In 30th USENIX Security Symposium (USENIX Security 21), pages 1397--1414, 2021."},{"key":"e_1_3_2_1_23_1","first-page":"1427","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Moritz Lipp, Berk Sunar, and Michael Schwarz. Medusa: Microarchitectural data leakage via automated attack synthesis. In 29th USENIX Security Symposium (USENIX Security 20), pages 1427--1444, 2020."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-53288-8_12"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507729"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179391"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024724.2024954"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358314"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3307650.3322216"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA52012.2021.00035"},{"key":"e_1_3_2_1_32_1","volume-title":"Cascade: Cpu fuzzing via intricate program generation","author":"Solt Flavien","year":"2024","unstructured":"Flavien Solt, Katharina Ceesay-Seitz, and Kaveh Razavi. Cascade: Cpu fuzzing via intricate program generation. 2024."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00081"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623192"},{"key":"e_1_3_2_1_35_1","first-page":"1415","volume-title":"30th USENIX Security Symposium (USENIX Security","author":"Weber Daniel","year":"2021","unstructured":"Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow. Osiris: Automated discovery of microarchitectural side channels. In 30th USENIX Security Symposium (USENIX Security, pages 1415--1432, 2021."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00042"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579371.3589094"},{"key":"e_1_3_2_1_39_1","volume-title":"USENIX Security","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. Flush reload: A high resolution, low noise, l3 cache side-channel attack. In USENIX Security, 2014."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA45697.2020.00064"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358274"}],"event":{"name":"ASPLOS '25: 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","location":"Rotterdam Netherlands","acronym":"ASPLOS '25","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture"]},"container-title":["Proceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3676641.3716247","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3676641.3716247","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T11:06:21Z","timestamp":1755774381000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3676641.3716247"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,3,30]]},"references-count":41,"alternative-id":["10.1145\/3676641.3716247","10.1145\/3676641"],"URL":"https:\/\/doi.org\/10.1145\/3676641.3716247","relation":{},"subject":[],"published":{"date-parts":[[2025,3,30]]},"assertion":[{"value":"2025-03-30","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}