{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,11]],"date-time":"2025-09-11T22:51:57Z","timestamp":1757631117852,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100006374","name":"National Key Research and Development Program of China","doi-asserted-by":"publisher","award":["No. 2022YFE0113200"],"award-info":[{"award-number":["No. 2022YFE0113200"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No. 62361166633, U21A20464"],"award-info":[{"award-number":["No. 62361166633, U21A20464"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,6]]},"DOI":"10.1145\/3676642.3736115","type":"proceedings-article","created":{"date-parts":[[2025,8,6]],"date-time":"2025-08-06T22:19:59Z","timestamp":1754518799000},"page":"64-80","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-6254-2004","authenticated-orcid":false,"given":"Jinyan","family":"Xu","sequence":"first","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8251-2424","authenticated-orcid":false,"given":"Yangye","family":"Zhou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-1817-4117","authenticated-orcid":false,"given":"Xingzhi","family":"Zhang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-1132-0838","authenticated-orcid":false,"given":"Yinshuai","family":"Li","sequence":"additional","affiliation":[{"name":"Southern University of Science and Technology, Shenzhen, Guangdong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2475-3675","authenticated-orcid":false,"given":"Qinhan","family":"Tan","sequence":"additional","affiliation":[{"name":"Princeton University, Princeton, NJ, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7585-1075","authenticated-orcid":false,"given":"Yinqian","family":"Zhang","sequence":"additional","affiliation":[{"name":"Southern University of Science and Technology, Shenzhen, Guangdong, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7610-4736","authenticated-orcid":false,"given":"Yajin","family":"Zhou","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0178-0171","authenticated-orcid":false,"given":"Rui","family":"Chang","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2899-6121","authenticated-orcid":false,"given":"Wenbo","family":"Shen","sequence":"additional","affiliation":[{"name":"Zhejiang University, Hangzhou, Zhejiang, China"}]}],"member":"320","published-online":{"date-parts":[[2025,8,6]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"1433","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Ahmed Salman","year":"2023","unstructured":"Salman Ahmed, Hans Liljestrand, Hani Jamjoom, Matthew Hicks, N Asokan, and Danfeng Daphne Yao. 2023. Not All Data are Created Equal: Data and Pointer Prioritization for Scalable Protection Against {Data-Oriented} Attacks. In 32nd USENIX Security Symposium (USENIX Security 23). 1433-1450."},{"key":"e_1_3_2_1_2_1","first-page":"1691","article-title":"Register transfer level information flow tracking for provably secure hardware design. In Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017","author":"Ardeshiricham Armaiti","year":"2017","unstructured":"Armaiti Ardeshiricham, Wei Hu, Joshua Marxen, and Ryan Kastner. 2017. Register transfer level information flow tracking for provably secure hardware design. In Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017. IEEE, 1691-1696.","journal-title":"IEEE"},{"key":"e_1_3_2_1_3_1","first-page":"971","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Barberis Enrico","year":"2022","unstructured":"Enrico Barberis, Pietro Frigo, Marius Muench, Herbert Bos, and Cristiano Giuffrida. 2022. Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 971-988. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/barberis"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363219"},{"key":"e_1_3_2_1_5_1","first-page":"1361","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Chen Chen","year":"2023","unstructured":"Chen Chen, Rahul Kande, Nathan Nguyen, Flemming Andersen, Aakash Tyagi, Ahmad-Reza Sadeghi, and Jeyavijayan Rajendran. 2023. {HyPFuzz}:{Formal-Assisted} Processor Fuzzing. In 32nd USENIX Security Symposium (USENIX Security 23). 1361-1378."},{"key":"e_1_3_2_1_6_1","unstructured":"Design Automation Standards Committee et al. 2009. IEEE Standard VHDL Language Reference Manual. IEEE Std 1076-2008 (Revision of IEEE Std 1076-2002) (2009) 1-640."},{"key":"e_1_3_2_1_7_1","volume-title":"USENIX Security Symposium","volume":"114","author":"Cox Benjamin","year":"2006","unstructured":"Benjamin Cox, David Evans, Adrian Filipi, Jonathan Rowanhill, Wei Hu, Jack Davidson, John Knight, Anh Nguyen-Tuong, and Jason Hiser. 2006. N-Variant Systems: A Secretless Framework for Security through Diversity.. In USENIX Security Symposium,, Vol. 114. 114."},{"key":"e_1_3_2_1_8_1","first-page":"3861","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Easdon Catherine","year":"2022","unstructured":"Catherine Easdon, Michael Schwarz, Martin Schwarzl, and Daniel Gruss. 2022. Rapid prototyping for microarchitectural attacks. In 31st USENIX Security Symposium (USENIX Security 22). 3861-3877."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TC.2022.3152666"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411504.3421216"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579371.3589070"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISCA52012.2021.00073"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00036"},{"key":"e_1_3_2_1_14_1","first-page":"7143","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Hofmann Jana","year":"2023","unstructured":"Jana Hofmann, Emanuele Vannacci, C\u00e9dric Fournet, Boris K\u00f6pf, and Oleksii Oleksenko. 2023. Speculation at Fault: Modeling and Testing Microarchitectural Leakage of {CPU} Exceptions. In 32nd USENIX Security Symposium (USENIX Security 23). 7143-7160."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3447867"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TCAD.2011.2120970"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2012.2189105"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560578"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00103"},{"key":"e_1_3_2_1_20_1","first-page":"3219","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Kande Rahul","year":"2022","unstructured":"Rahul Kande, Addison Crump, Garrett Persyn, Patrick Jauernig, Ahmad-Reza Sadeghi, Aakash Tyagi, and Jeyavijayan Rajendran. 2022. {TheHuzz}: Instruction fuzzing of processors using {Golden-Reference} models for finding {Software-Exploitable} vulnerabilities. In 31st USENIX Security Symposium (USENIX Security 22). 3219-3236."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3399742"},{"key":"e_1_3_2_1_22_1","volume-title":"12th USENIX Workshop on Offensive Technologies (WOOT 18)","author":"Koruyeh Esmaeil Mohammadian","year":"2018","unstructured":"Esmaeil Mohammadian Koruyeh, Khaled N Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre returns! speculation attacks using the return stack buffer. In 12th USENIX Workshop on Offensive Technologies (WOOT 18)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3240765.3240842"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993316.1993512"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3357033"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_27_1","first-page":"1427","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Moritz Lipp, Berk Sunar, and Michael Schwarz. 2020. Medusa: Microarchitectural data leakage via automated attack synthesis. In 29th USENIX Security Symposium (USENIX Security 20). 1427-1444."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507729"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46215.2023.10179391"},{"key":"e_1_3_2_1_30_1","first-page":"1481","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Oleksenko Oleksii","year":"2020","unstructured":"Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, and Christof Fetzer. 2020. {SpecFuzz}: Bringing spectre-type vulnerabilities to the surface. In 29th USENIX Security Symposium (USENIX Security 20). 1481-1498."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3297858.3304054"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00082"},{"key":"e_1_3_2_1_33_1","first-page":"1","article-title":"SIGFuzz: A framework for discovering microarchitectural timing side channels. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE)","author":"Rajapaksha Chathura","year":"2023","unstructured":"Chathura Rajapaksha, Leila Delshadtehrani, Manuel Egele, and Ajay Joshi. 2023. SIGFuzz: A framework for discovering microarchitectural timing side channels. In 2023 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1-6.","journal-title":"IEEE"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519071"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_36_1","volume-title":"Proc. 33rd USENIX Secur. Symp. 1-18","author":"Solt Flavien","year":"2024","unstructured":"Flavien Solt, Katharina Ceesay-Seitz, and Kaveh Razavi. 2024. Cascade: CPU fuzzing via intricate program generation. In Proc. 33rd USENIX Secur. Symp. 1-18."},{"key":"e_1_3_2_1_37_1","first-page":"2549","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Solt Flavien","year":"2022","unstructured":"Flavien Solt, Ben Gras, and Kaveh Razavi. 2022. {CellIFT}: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in {RTL}. In 31st USENIX Security Symposium (USENIX Security 22). 2549-2566."},{"key":"e_1_3_2_1_38_1","unstructured":"Sycuricon. 2025. Starship SoC Generator. https:\/\/github.com\/sycuricon\/starship. [Accessed 01-07-2025]."},{"key":"e_1_3_2_1_39_1","unstructured":"Qinhan Tan Yuheng Yang Thomas Bourgeat Sharad Malik and Mengjia Yan. 2024. RTL Verification for Secure Speculation Using Contract Shadow Logic. arXiv preprint arXiv:2407.12232 (2024)."},{"volume-title":"The Verilog\u00ae hardware description language","author":"Thomas Donald","key":"e_1_3_2_1_40_1","unstructured":"Donald Thomas and Philip Moorby. 2008. The Verilog\u00ae hardware description language. Springer Science & Business Media."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024723.2000087"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1508244.1508258"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.2018.00081"},{"key":"e_1_3_2_1_44_1","first-page":"7303","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Trujillo Dani\u00ebl","year":"2023","unstructured":"Dani\u00ebl Trujillo, Johannes Wikner, and Kaveh Razavi. 2023. Inception: Exposing new attack surfaces with training in transient execution. In 32nd USENIX Security Symposium (USENIX Security 23). 7303-7320."},{"key":"e_1_3_2_1_45_1","volume-title":"Proceedings of the 27th USENIX Security Symposium. USENIX Association.","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium. USENIX Association."},{"key":"e_1_3_2_1_46_1","volume-title":"RIDL: Rogue In-flight Data Load. In S&P, .","author":"van Schaik Stephan","year":"2019","unstructured":"Stephan van Schaik, Alyssa Milburn, Sebastian \u00d6sterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2019. RIDL: Rogue In-flight Data Load. In S&P, ."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3576915.3623192"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3352460.3358306"},{"key":"e_1_3_2_1_49_1","volume-title":"Herbert Bos, and Cristiano Giuffrida.","author":"Wiebing Sander","year":"2024","unstructured":"Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida. 2024. InSpectre Gadget: Inspecting the residual attack surface of cross-privilege Spectre v2. In USENIX Security."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613424.3614275"},{"key":"e_1_3_2_1_51_1","volume-title":"SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In 27th Annual Network and Distributed System Security Symposium.","author":"Xiao Yuan","year":"2020","unstructured":"Yuan Xiao, Yinqian Zhang, and Radu Teodorescu. 2020. SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In 27th Annual Network and Distributed System Security Symposium."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3489517.3530549"},{"key":"e_1_3_2_1_53_1","first-page":"1307","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Xu Jinyan","year":"2023","unstructured":"Jinyan Xu, Yiyuan Liu, Sirui He, Haoran Lin, Yajin Zhou, and Cong Wang. 2023. {MorFuzz}: Fuzzing processor via runtime instruction morphing enhanced synchronizable co-simulation. In 32nd USENIX Security Symposium (USENIX Security 23). 1307-1324."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO56248.2022.00080"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3579371.3589094"},{"key":"e_1_3_2_1_56_1","first-page":"7267","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Zhang Ruiyi","year":"2023","unstructured":"Ruiyi Zhang, Taehyun Kim, Daniel Weber, and Michael Schwarz. 2023. ({M) WAIT} for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In 32nd USENIX Security Symposium (USENIX Security 23). 7267-7284."},{"key":"e_1_3_2_1_57_1","volume-title":"SonicBOOM: The 3rd Generation Berkeley Out-of-Order Machine. (May","author":"Zhao Jerry","year":"2020","unstructured":"Jerry Zhao, Ben Korpan, Abraham Gonzalez, and Krste Asanovic. 2020. SonicBOOM: The 3rd Generation Berkeley Out-of-Order Machine. (May 2020)."}],"event":{"name":"ASPLOS '25: 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems","sponsor":["SIGPLAN ACM Special Interest Group on Programming Languages","SIGOPS ACM Special Interest Group on Operating Systems","SIGARCH ACM Special Interest Group on Computer Architecture"],"location":"Rotterdam Netherlands","acronym":"ASPLOS '25"},"container-title":["Proceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 3"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3676642.3736115","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,10]],"date-time":"2025-09-10T22:23:20Z","timestamp":1757543000000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3676642.3736115"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,6]]},"references-count":57,"alternative-id":["10.1145\/3676642.3736115","10.1145\/3676642"],"URL":"https:\/\/doi.org\/10.1145\/3676642.3736115","relation":{},"subject":[],"published":{"date-parts":[[2025,8,6]]},"assertion":[{"value":"2025-08-06","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}