{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,30]],"date-time":"2026-01-30T04:55:19Z","timestamp":1769748919296,"version":"3.49.0"},"reference-count":63,"publisher":"Association for Computing Machinery (ACM)","issue":"8","license":[{"start":{"date-parts":[[2024,11,23]],"date-time":"2024-11-23T00:00:00Z","timestamp":1732320000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Singapore Ministry of Education (MoE) Tier 3 grant \u201cAutomated Program Repair\u201d","award":["MOE-MOET32021-0001"],"award-info":[{"award-number":["MOE-MOET32021-0001"]}]},{"name":"NSF","award":["CNS-2230060"],"award-info":[{"award-number":["CNS-2230060"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2024,11,30]]},"abstract":"\n Side-channel vulnerability detection has gained prominence recently due to Spectre and Meltdown attacks. Techniques for side-channel detection range from fuzz testing to program analysis and program composition. Existing side-channel mitigation techniques repair the vulnerability at the IR\/binary level or use runtime monitoring solutions. In both cases, the source code itself is not modified, can evolve while keeping the vulnerability, and the developer would get no feedback on how to develop secure applications in the first place. Thus, these solutions do not help the developer understand the side-channel risks in her code and do not provide guidance to avoid code patterns with side-channel risks. In this article, we present\n Pendulum<\/jats:sc>\n , the first approach for automatically locating and repairing side-channel vulnerabilities in the source code, specifically for timing side channels. Our approach uses a quantitative estimation of found vulnerabilities to guide the fix localization, which goes hand-in-hand with a pattern-guided repair. Our evaluation shows that\n Pendulum<\/jats:sc>\n can repair a large number of side-channel vulnerabilities in real-world applications. Overall, our approach integrates vulnerability detection, quantization, localization, and repair into one unified process. This also enhances the possibility of our side-channel mitigation approach being adopted into programmingenvironments.\n <\/jats:p>","DOI":"10.1145\/3678169","type":"journal-article","created":{"date-parts":[[2024,7,16]],"date-time":"2024-07-16T13:37:01Z","timestamp":1721137021000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Timing Side-Channel Mitigation via Automated Program Repair"],"prefix":"10.1145","volume":"33","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-1080-4770","authenticated-orcid":false,"given":"Haifeng","family":"Ruan","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9318-8027","authenticated-orcid":false,"given":"Yannic","family":"Noller","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1375-3154","authenticated-orcid":false,"given":"Saeid","family":"Tizpaz-Niari","sequence":"additional","affiliation":[{"name":"University of Texas at El Paso, El Paso, TX, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4843-5391","authenticated-orcid":false,"given":"Sudipta","family":"Chattopadhyay","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7127-1137","authenticated-orcid":false,"given":"Abhik","family":"Roychoudhury","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2024,11,23]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"Chaima Abid Vahid Alizadeh Marouane Kessentini Thiago do Nascimento Ferreira and Danny Dig. 2020. 30 Years of Software Refactoring Research: A Systematic Literature Review. arXiv: 2007.02194. Retrieved from https:\/\/arxiv.org\/abs\/2007.02194"},{"key":"e_1_3_2_3_2","doi-asserted-by":"crossref","first-page":"1807","DOI":"10.1145\/3133956.3134078","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201917)","author":"Almeida Jos\u00e9 Bacelar","year":"2017","unstructured":"Jos\u00e9 Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Gr\u00e9goire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt, and Pierre-Yves Strub. 2017. Jasmin: High-Assurance and High-Speed Cryptography. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201917). ACM, New York, NY, 1807\u20131823. DOI: 10.1145\/3133956.3134078"},{"key":"e_1_3_2_4_2","first-page":"53","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Almeida Jose Bacelar","year":"2016","unstructured":"Jose Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Fran\u00e7ois Dupressoir, and Michael Emmi. 2016. Verifying Constant-Time Implementations. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, 53\u201370. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/almeida"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2011.10.008"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062378"},{"key":"e_1_3_2_7_2","first-page":"13","volume-title":"Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Virtual Event) (ESEC\/FSE \u201920)","author":"Badihi Sahar","year":"2020","unstructured":"Sahar Badihi, Faridah Akinotcho, Yi Li, and Julia Rubin. 2020. ARDiff: Scaling Program Equivalence Checking via Iterative Abstraction and Refinement of Common Code. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Virtual Event) (ESEC\/FSE \u201920). ACM, New York, NY, 13\u201324. DOI: 10.1145\/3368089.3409757"},{"key":"e_1_3_2_8_2","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1145\/2950290.2950362","volume-title":"Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE \u201916)","author":"Bang Lucas","year":"2016","unstructured":"Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. P\u0103s\u0103reanu, and Tevfik Bultan. 2016. String Analysis for Side Channels with Segmented Oracles. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE \u201916). ACM, New York, NY, 193\u2013204. DOI: 10.1145\/2950290.2950362"},{"key":"e_1_3_2_9_2","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1109\/CSF.2018.00031","volume-title":"31st IEEE Computer Security Foundations Symposium (CSF \u201918)","author":"Barthe Gilles","year":"2018","unstructured":"Gilles Barthe, Benjamin Gr\u00e9goire, and Vincent Laporte. 2018. Secure Compilation of Side-Channel Countermeasures: The Case of Cryptographic \u201cConstant-Time,\u201d In 31st IEEE Computer Security Foundations Symposium (CSF \u201918), 328\u2013343. DOI: 10.1109\/csf.2018.00031"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1718"},{"key":"e_1_3_2_11_2","unstructured":"Jan A. Bergstra and Alban Ponse. 2010. Short-Circuit Logic. arXiv:1010.3674. Retrieved from http:\/\/arxiv.org\/abs\/1010.3674"},{"key":"e_1_3_2_12_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-45102-1","volume-title":"Proceedings of 14th European Conference","volume":"1850","author":"Bertino Elisa","year":"2000","unstructured":"Elisa Bertino (Ed.). 2000. ECOOP 2000 - Object-Oriented Programming. In Proceedings of 14th European Conference, Lecture Notes in Computer Science, Vol. 1850. Springer, Berlin. DOI: 10.1007\/3-540-45102-1"},{"key":"e_1_3_2_13_2","first-page":"917","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Bond Barry","year":"2017","unstructured":"Barry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath Setty, and Laure Thompson. 2017. Vale: Verifying High-Performance Cryptographic Assembly Code. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, 917\u2013934. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/bond"},{"key":"e_1_3_2_14_2","doi-asserted-by":"crossref","first-page":"1207","DOI":"10.1109\/SP40000.2020.00007","volume-title":"2020 IEEE Symposium on Security and Privacy (SP \u201920)","author":"Brennan Tegan","year":"2020","unstructured":"Tegan Brennan, Nicol\u00e1s Rosner, and Tevfik Bultan. 2020. JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation. In 2020 IEEE Symposium on Security and Privacy (SP \u201920), 1207\u20131222. DOI: 10.1109\/sp40000.2020.00007"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2019.00022"},{"key":"e_1_3_2_16_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/978-3-642-23822-2_20","volume-title":"Proceedings of 6th European Symposium on Research in Computer Security (ESORICS \u201911)","volume":"6879","author":"Brumley Billy Bob","year":"2011","unstructured":"Billy Bob Brumley and Nicola Tuveri. 2011. Remote Timing Attacks Are Still Practical. In Proceedings of 6th European Symposium on Research in Computer Security (ESORICS \u201911). Vijay Atluri and Claudia D\u00edaz (Eds.), Lecture Notes in Computer Science, Vol. 6879, 355\u2013371. DOI: 10.1007\/978-3-642-23822-2_20"},{"key":"e_1_3_2_17_2","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1145\/3314221.3314605","volume-title":"Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019)","author":"Cauligi Sunjay","year":"2019","unstructured":"Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Gr\u00e9goire, Gilles Barthe, Ranjit Jhala, and Deian Stefan. 2019. FaCT: A DSL for Timing-Sensitive Computation. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2019). ACM, New York, NY, 174\u2013189. DOI: 10.1145\/3314221.3314605"},{"key":"e_1_3_2_18_2","series-title":"Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS \u201917)Lecture Notes in Computer Science","first-page":"38","volume-title":"23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS \u201917)","volume":"10206","author":"Chattopadhyay Sudipta","year":"2017","unstructured":"Sudipta Chattopadhyay. 2017. Directed Automated Memory Performance Testing. In 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS \u201917), Held as Part of the European Joint Conferences on Theory and Practice of Software (ETAPS \u201917), Proceedings, Part II. Axel Legay and Tiziana Margaria (Eds.), Lecture Notes in Computer Science, Vol. 10206, 38\u201355."},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","first-page":"875","DOI":"10.1145\/3133956.3134058","volume-title":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201917)","author":"Chen Jia","year":"2017","unstructured":"Jia Chen, Yu Feng, and Isil Dillig. 2017. Precise Detection of Side-Channel Vulnerabilities Using Quantitative Cartesian Hoare Logic. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201917). ACM, New York, NY, 875\u2013890. DOI: 10.1145\/3133956.3134058"},{"key":"e_1_3_2_20_2","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1109\/SP.2010.20","volume-title":"31st IEEE Symposium on Security and Privacy (S & P \u201910)","author":"Chen Shuo","year":"2010","unstructured":"Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. 2010. Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow. In 31st IEEE Symposium on Security and Privacy (S & P \u201910), 191\u2013206. DOI: 10.1109\/sp.2010.20"},{"key":"e_1_3_2_21_2","volume-title":"BoogiePL: A Typed Procedural Language for Checking Object-Oriented Programs","author":"Deline R.","year":"2005","unstructured":"R. Deline and K. Leino. 2005. BoogiePL: A Typed Procedural Language for Checking Object-Oriented Programs. Technical Report. Citeseer."},{"key":"e_1_3_2_22_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"170","DOI":"10.1007\/978-3-662-53413-7_9","volume-title":"International Static Analysis Symposium","volume":"9837","author":"Deng Chaoqiang","year":"2016","unstructured":"Chaoqiang Deng and Kedar S. Namjoshi. 2016. Securing a Compiler Transformation. In International Static Analysis Symposium, Lecture Notes in Computer Science, Vol. 9837, 170\u2013188. DOI: 10.1007\/978-3-662-53413-7_9"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1145\/2756550"},{"key":"e_1_3_2_24_2","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1145\/2642937.2642987","volume-title":"Proceedings of ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201914)","author":"Felsing Dennis","year":"2014","unstructured":"Dennis Felsing, Sarah Grebing, Vladimir Klebanov, Philipp R\u00fcmmer, and Mattias Ulbrich. 2014. Automating Regression Verification. In Proceedings of ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201914). Ivica Crnkovic, Marsha Chechik, and Paul Gr\u00fcnbacher (Eds.), 349\u2013360. DOI: 10.1145\/2642937.2642987"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2012.14"},{"issue":"3","key":"e_1_3_2_26_2","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1002\/stvr.1472","article-title":"Regression Verification: Proving the Equivalence of Similar Programs","volume":"23","author":"Godlin Benny","year":"2013","unstructured":"Benny Godlin and Ofer Strichman. 2013. Regression Verification: Proving the Equivalence of Similar Programs. Software Testing, Verification and Reliability 23, 3 (5 2013), 241\u2013258.","journal-title":"Software Testing, Verification and Reliability"},{"key":"e_1_3_2_27_2","first-page":"377","volume-title":"Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/SIGSOFT FSE 2018)","author":"Guo Shengjian","year":"2018","unstructured":"Shengjian Guo, Meng Wu, and Chao Wang. 2018. Adversarial Symbolic Execution for Detecting Concurrency-Related Cache Timing Leaks. In Proceedings of the 2018 ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/SIGSOFT FSE 2018). Gary T. Leavens, Alessandro Garcia, and Corina S. Pasareanu (Eds.), 377\u2013388. DOI: 10.1145\/3236024.3236028"},{"key":"e_1_3_2_28_2","doi-asserted-by":"crossref","first-page":"57","DOI":"10.1109\/RTSS.2006.12","volume-title":"Proceedings of the 27th IEEE Real-Time Systems Symposium (RTSS 2006)","author":"Gustafsson Jan","year":"2006","unstructured":"Jan Gustafsson, Andreas Ermedahl, Christer Sandberg, and Bj\u00f6rn Lisper. 2006. Automatic Derivation of Loop Bounds and Infeasible Paths for WCET Analysis Using Abstract Execution. In Proceedings of the 27th IEEE Real-Time Systems Symposium (RTSS 2006), 57\u201366. https:\/\/doi.org\/10.1109\/rtss.2006.12"},{"key":"e_1_3_2_29_2","first-page":"466","volume-title":"Proceedings of the 13th IEEE International Conference on Software Testing, Validation and Verification, (ICST \u201920)","author":"He Shaobo","year":"2020","unstructured":"Shaobo He, Michael Emmi, and Gabriela F. Ciocarlie. 2020. ct-fuzz: Fuzzing for Timing Leaks. In Proceedings of the 13th IEEE International Conference on Software Testing, Validation and Verification, (ICST \u201920), 466\u2013471. DOI: 10.1109\/icst46399.2020.00063"},{"key":"e_1_3_2_30_2","first-page":"2271","article-title":"FuzzGen: Automatic Fuzzer Generation","author":"Ispoglou Kyriakos","year":"2020","unstructured":"Kyriakos Ispoglou, Daniel Austin, Vishwath Mohan, and Mathias Payer. 2020. FuzzGen: Automatic Fuzzer Generation. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 2271\u20132287. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/ispoglou","journal-title":"29th USENIX Security Symposium (USENIX Security 20)"},{"key":"e_1_3_2_31_2","unstructured":"Sharjeel Khan Girish Mururu and Santosh Pande. 2020. A Compiler Assisted Scheduler for Detecting and Mitigating Cache-Based Side Channel Attacks. arXiv.org:2003.03850. Retrieved from https:\/\/arxiv.org\/abs\/2003.03850"},{"key":"e_1_3_2_32_2","first-page":"1","volume-title":"Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP \u201919)","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP \u201919), 1\u201319. DOI: 10.1109\/sp.2019.00002"},{"key":"e_1_3_2_33_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Proceedings of the 16th Annual International Cryptology Conference (CRYPTO 96)","volume":"1109","author":"Kocher Paul C.","year":"1996","unstructured":"Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems., In Proceedings of the 16th Annual International Cryptology Conference (CRYPTO 96), Neal Koblitz (Ed.), Lecture Notes in Computer Science, Vol. 1109, 104\u2013113. DOI: 10.1007\/3-540-68697-5_9"},{"key":"e_1_3_2_34_2","first-page":"286","volume-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS \u201907)","author":"K\u00f6pf Boris","year":"2007","unstructured":"Boris K\u00f6pf and David Basin. 2007. An Information-Theoretic Model for Adaptive Side-Channel Attacks. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS \u201907). ACM, New York, NY, USA, 286\u2013296. DOI: 10.1145\/1315245.1315282"},{"key":"e_1_3_2_35_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"564","DOI":"10.1007\/978-3-642-31424-7_40","volume-title":"Proceedings of the 24th International Conference on Computer Aided Verification (CAV \u201912)","volume":"7358","author":"K\u00f6pf Boris","year":"2012","unstructured":"Boris K\u00f6pf, Laurent Mauborgne, and Mart\u00edn Ochoa. 2012. Automatic Quantification of Cache Side-Channels. In Proceedings of the 24th International Conference on Computer Aided Verification (CAV \u201912), P. Madhusudan and Sanjit A. Seshia (Eds.), Lecture Notes in Computer Science, Vol. 7358, 564\u2013580. DOI: 10.1007\/978-3-642-31424-7_40"},{"key":"e_1_3_2_36_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"712","DOI":"10.1007\/978-3-642-31424-7_54","volume-title":"Proceedings of the 24th International Conference on Computer Aided Verification (CAV \u201912)","volume":"7358","author":"Lahiri Shuvendu K.","year":"2012","unstructured":"Shuvendu K. Lahiri, Chris Hawblitzel, Ming Kawaguchi, and Henrique Reb\u00ealo. 2012. SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs. In Proceedings of the 24th International Conference on Computer Aided Verification (CAV \u201912), P. Madhusudan and Sanjit A. Seshia (Eds.), Lecture Notes in Computer Science, Vol. 7358, 712\u2013717. DOI: 10.1007\/978-3-642-31424-7_54"},{"key":"e_1_3_2_37_2","unstructured":"Nate Lawson. 2009. Timing Attack in Google Keyczar Library. Retrieved from https:\/\/rdist.root.org\/2009\/05\/28\/timing-attack-in-google-keyczar-library\/"},{"key":"e_1_3_2_38_2","first-page":"1","volume-title":"36th IEEE\/ACM International Conference on Automated Software Engineering Workshops (ASEW \u201921)","author":"Lima Rui","year":"2021","unstructured":"Rui Lima, Jo\u00e3o F. Ferreira, and Alexandra Mendes. 2021. Automatic Repair of Java Code with Timing Side-Channel Vulnerabilities. In 36th IEEE\/ACM International Conference on Automated Software Engineering Workshops (ASEW \u201921), 1\u20138. DOI: 10.1109\/asew52652.2021.00014"},{"key":"e_1_3_2_39_2","first-page":"31","volume-title":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201919)","author":"Liu Kui","year":"2019","unstructured":"Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawend\u00e9 F. Bissyand\u00e9. 2019. TBar: Revisiting Template-Based Automated Program Repair. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201919). ACM, New York, NY, 31\u201342. DOI: 10.1145\/3293882.3330577"},{"key":"e_1_3_2_40_2","first-page":"645","volume-title":"37th IEEE\/ACM International Conference on Software Engineering (ICSE \u201915)","author":"McCarthy Tim","year":"2015","unstructured":"Tim McCarthy, Philipp R\u00fcmmer, and Martin Sch\u00e4f. 2015. Bixie: Finding and Understanding Inconsistent Code. In 37th IEEE\/ACM International Conference on Software Engineering (ICSE \u201915), 645\u2013648. DOI: 10.1109\/icse.2015.213"},{"key":"e_1_3_2_41_2","first-page":"1","volume-title":"Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201902)","author":"Milanova Ana","year":"2002","unstructured":"Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2002. Parameterized Object Sensitivity for Points-to and Side-Effect Analyses for Java. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201902). ACM, New York, NY, 1\u201311. DOI: 10.1145\/566172.566174"},{"key":"e_1_3_2_42_2","doi-asserted-by":"crossref","first-page":"441","DOI":"10.1145\/3238147.3238178","volume-title":"Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201918)","author":"Mora Federico","year":"2018","unstructured":"Federico Mora, Yi Li, Julia Rubin, and Marsha Chechik. 2018. Client-Specific Equivalence Checking. In Proceedings of the 33rd ACM\/IEEE International Conference on Automated Software Engineering (ASE \u201918). ACM, New York, NY, 441\u2013451. DOI: 10.1145\/3238147.3238178"},{"key":"e_1_3_2_43_2","first-page":"710","volume-title":"2017 IEEE Symposium on Security and Privacy (SP \u201917)","author":"Ngo Van Chan","year":"2017","unstructured":"Van Chan Ngo, Mario Dehesa-Azuara, Matthew Fredrikson, and Jan Hoffmann. 2017. Verifying and Synthesizing Constant-Resource Implementations with Types. In 2017 IEEE Symposium on Security and Privacy (SP \u201917), 710\u2013728. DOI: 10.1109\/sp.2017.53"},{"key":"e_1_3_2_44_2","first-page":"176","volume-title":"2019 International Conference on Software Engineering (ICSE \u201919)","author":"Nilizadeh Shirin","year":"2019","unstructured":"Shirin Nilizadeh, Yannic Noller, and Corina S. Pasareanu. 2019. DifFuzz: Differential Fuzzing for Side-Channel Analysis. In 2019 International Conference on Software Engineering (ICSE \u201919), 176\u2013187. DOI: 10.1109\/icse.2019.00034"},{"key":"e_1_3_2_45_2","doi-asserted-by":"crossref","first-page":"1273","DOI":"10.1145\/3377811.3380363","volume-title":"Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering (ICSE \u201920)","author":"Noller Yannic","year":"2020","unstructured":"Yannic Noller, Corina S. P\u0103s\u0103reanu, Marcel B\u00f6hme, Youcheng Sun, Hoang Lam Nguyen, and Lars Grunske. 2020. HyDiff: Hybrid Differential Software Analysis. In Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering (ICSE \u201920). ACM, New York, NY, 1273\u20131285. DOI: 10.1145\/3377811.3380363"},{"key":"e_1_3_2_46_2","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1145\/3460319.3464817","volume-title":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (Virtual) (ISSTA \u201921)","author":"Noller Yannic","year":"2021","unstructured":"Yannic Noller and Saeid Tizpaz-Niari. 2021. QFuzz: Quantitative Fuzzing for Side Channels. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (Virtual) (ISSTA \u201921). ACM, New York, NY, 257\u2013269. DOI: 10.1145\/3460319.3464817"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/csf.2016.34"},{"key":"e_1_3_2_48_2","first-page":"899","volume-title":"34th International Conference on Automated Software Engineering (ASE \u201919)","author":"Paulsen Brandon","year":"2019","unstructured":"Brandon Paulsen, Chungha Sung, Peter A. H. Peterson, and Chao Wang. 2019. Debreach: Mitigating Compression Side Channels via Static Analysis and Transformation. In 34th International Conference on Automated Software Engineering (ASE \u201919), 899\u2013911. DOI: 10.1109\/ase.2019.00088"},{"key":"e_1_3_2_49_2","first-page":"1","volume-title":"Proceedings of the ACM on Programming Languages","volume":"1","author":"Protzenko Jonathan","year":"2017","unstructured":"Jonathan Protzenko, Jean Karim Zinzindohou\u00e9, Aseem Rastogi, Tahina Ramananandro, Peng Wang, Santiago Zanella B\u00e9guelin, Antoine Delignat-Lavaud, Catalin Hritcu, Karthikeyan Bhargavan, C\u00e9dric Fournet, and Nikhil Swamy. 2017. Verified Low-Level Programming Embedded. In Proceedings of the ACM on Programming Languages 1, ICFP (2 2017), Article 17, 1\u201317. DOI: 10.1145\/3110261"},{"key":"e_1_3_2_50_2","first-page":"431","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, 431\u2013446. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/rane"},{"key":"e_1_3_2_51_2","first-page":"110","volume-title":"Proceedings of the 25th International Conference on Compiler Construction (CC \u201916)","author":"Rodrigues Bruno","year":"2016","unstructured":"Bruno Rodrigues, Fernando Magno Quint\u00e3o Pereira, and Diego F. Aranha. 2016. Sparse Representation of Implicit Flows with Applications to Side-Channel Detection. In Proceedings of the 25th International Conference on Compiler Construction (CC \u201916). ACM, New York, NY, 110\u2013120. DOI: 10.1145\/2892208.2892230"},{"key":"e_1_3_2_52_2","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1109\/ICSM.2004.1357793","volume-title":"Proceedings of the 20th IEEE International Conference on Software Maintenance (ICSM \u201904)","author":"Rountev Atanas","year":"2004","unstructured":"Atanas Rountev. 2004. Precise Identification of Side-Effect-Free Methods in Java. In Proceedings of the 20th IEEE International Conference on Software Maintenance (ICSM \u201904), 82\u201391. DOI: 10.1109\/icsm.2004.1357793"},{"key":"e_1_3_2_53_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1007\/978-3-540-30579-8_14","volume-title":"6th International Conference on Verification, Model Checking, and Abstract Interpretation, (VMCAI \u201905), Proceedings","volume":"3385","author":"Salcianu Alexandru","year":"2005","unstructured":"Alexandru Salcianu and Martin C. Rinard. 2005. Purity and Side Effect Analysis for Java Programs. In 6th International Conference on Verification, Model Checking, and Abstract Interpretation, (VMCAI \u201905), Proceedings, Radhia Cousot (Ed.), Lecture Notes in Computer Science, Vol. 3385, 199\u2013215. DOI: 10.1007\/978-3-540-30579-8_14"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/rtas.2016.7461326"},{"key":"e_1_3_2_55_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"288","DOI":"10.1007\/978-3-642-00596-1_21","volume-title":"12th International Conference on Foundations of Software Science and Computational Structures (FOSSACS \u201909), Held as Part of the Joint European Conferences on Theory and Practice of Software (ETAPS 2009), Proceedings","volume":"5504","author":"Smith Geoffrey","year":"2009","unstructured":"Geoffrey Smith. 2009. On the Foundations of Quantitative Information Flow. In 12th International Conference on Foundations of Software Science and Computational Structures (FOSSACS \u201909), Held as Part of the Joint European Conferences on Theory and Practice of Software (ETAPS 2009), Proceedings, Luca de Alfaro (Ed.), Lecture Notes in Computer Science, Vol. 5504, 288\u2013302. DOI: 10.1007\/978-3-642-00596-1_21"},{"key":"e_1_3_2_56_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"140","DOI":"10.1007\/978-3-030-25540-4_8","volume-title":"31st International Conference on Computer Aided Verification (CAV \u201919)","volume":"11561","author":"Tizpaz-Niari Saeid","year":"2019","unstructured":"Saeid Tizpaz-Niari, Pavol Cern\u00fd, and Ashutosh Trivedi. 2019. Quantitative Mitigation of Timing Side Channels. In 31st International Conference on Computer Aided Verification (CAV \u201919), Proceedings, Part I, Isil Dillig and Serdar Tasiran (Eds.), Lecture Notes in Computer Science, Vol. 11561, 140\u2013160. DOI: 10.1007\/978-3-030-25540-4_8"},{"key":"e_1_3_2_57_2","volume-title":"Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS \u201920)","author":"Tizpaz-Niari Saeid","year":"2020","unstructured":"Saeid Tizpaz-Niari, Pavol Cern\u00fd, and Ashutosh Trivedi. 2020. Data-Driven Debugging for Functional Side Channels. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS \u201920). DOI: 10.14722\/ndss.2020.24269"},{"key":"e_1_3_2_58_2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1007\/978-3-319-66706-5_20","volume-title":"Proceedings of the 24th International Static Analysis Symposium (SAS \u201917)","volume":"10422","author":"Trostanetski Anna","year":"2017","unstructured":"Anna Trostanetski, Orna Grumberg, and Daniel Kroening. 2017. Modular Demand-Driven Analysis of Semantic Difference for Program Versions. In Proceedings of the 24th International Static Analysis Symposium (SAS \u201917). Francesco Ranzato (Ed.), Lecture Notes in Computer Science, Vol. 10422, 405\u2013427. DOI: 10.1007\/978-3-319-66706-5_20"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2019.2953709"},{"key":"e_1_3_2_60_2","first-page":"590","volume-title":"Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE \u201919)","author":"Wang Jingbo","year":"2019","unstructured":"Jingbo Wang, Chungha Sung, and Chao Wang. 2019. Mitigating Power Side Channels during Compilation. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC\/FSE \u201919). ACM, New York, NY, 590\u2013601. DOI: 10.1145\/3338906.3338913"},{"key":"e_1_3_2_61_2","unstructured":"Shuai Wang Pei Wang Xiao Liu Danfeng Zhang and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association 235\u2013252. Retrieved from https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/wang-shuai"},{"key":"e_1_3_2_62_2","first-page":"15","volume-title":"Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201918)","author":"Wu Meng","year":"2018","unstructured":"Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang. 2018. Eliminating Timing Side-Channel Leaks Using Program Repair. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA \u201918). ACM, New York, NY, 15\u201326. DOI: 10.1145\/3213846.3213851"},{"key":"e_1_3_2_63_2","unstructured":"Michal Zalewski. 2017. American Fuzzy Lop. Retrieved from https:\/\/lcamtuf.coredump.cx\/afl\/"},{"key":"e_1_3_2_64_2","first-page":"318","volume-title":"Proceedings of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","author":"Zhang Mingrui","year":"2021","unstructured":"Mingrui Zhang, Jianzhong Liu, Fuchen Ma, Huafeng Zhang, and Yu Jiang. 2021. IntelliGen: Automatic Driver Synthesis for Fuzz Testing. In Proceedings of the 2021 IEEE\/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP), 318\u2013327. DOI: 10.1109\/icse-seip52600.2021.00041"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678169","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3678169","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:54:08Z","timestamp":1750287248000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3678169"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,23]]},"references-count":63,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2024,11,30]]}},"alternative-id":["10.1145\/3678169"],"URL":"https:\/\/doi.org\/10.1145\/3678169","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,23]]},"assertion":[{"value":"2023-02-15","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-06-19","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-11-23","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}