{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:05:58Z","timestamp":1750309558693,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T00:00:00Z","timestamp":1745280000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2321444,2409005,2220345"],"award-info":[{"award-number":["2321444,2409005,2220345"]}],"id":[{"id":"10.13039\/https:\/\/doi.org\/10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,4,28]]},"DOI":"10.1145\/3696410.3714693","type":"proceedings-article","created":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T22:57:28Z","timestamp":1745362648000},"page":"4562-4571","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["WaSCR: A WebAssembly Instruction-Timing Side Channel Repairer"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-4929-1478","authenticated-orcid":false,"given":"Liyan","family":"Huang","sequence":"first","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-4088-1592","authenticated-orcid":false,"given":"Junzhou","family":"He","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-4684-3943","authenticated-orcid":false,"given":"Chao","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1175-4409","authenticated-orcid":false,"given":"Weihang","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. Emscripten: a complete open source LLVM-based compiler toolchain for WebAssembly. https:\/\/emscripten.org"},{"key":"e_1_3_2_1_2_1","unstructured":"2024. WasmEdge Runtime. https:\/\/github.com\/WasmEdge\/WasmEdge. Accessed: 2024--10-07."},{"volume-title":"Accessed","year":"2024","key":"e_1_3_2_1_3_1","unstructured":"Adservio. 2024. Memory Safety in WebAssembly. https:\/\/www.adservio.fr\/post\/memory-safety-in-webassembly. Accessed: August 31, 2024."},{"key":"e_1_3_2_1_4_1","unstructured":"Bytecode Alliance. 2024. Wasmtime - A fast and secure runtime for WebAssembly. https:\/\/github.com\/bytecodealliance\/wasmtime. Accessed: 2024-09--30."},{"key":"e_1_3_2_1_5_1","volume-title":"Verifying Constant-Time Implementations. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Almeida Jose Bacelar","year":"2016","unstructured":"Jose Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Fran\u00e7ois Dupressoir, and Michael Emmi. 2016. Verifying Constant-Time Implementations. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 53--70. https:\/\/www.usenix.org\/conference\/usenixsecurity16\/technical-sessions\/presentation\/almeida"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560689"},{"key":"e_1_3_2_1_7_1","unstructured":"Lars Ole Andersen. 1994. Program analysis and specialization for the C programming language. (1994)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2011.10.008"},{"key":"e_1_3_2_1_9_1","volume-title":"Structure-Sensitive Points-To Analysis for C and C. In Sensors Applications Symposium. https:\/\/api.semanticscholar.org\/CorpusID:16346939","author":"Balatsouras George","year":"2016","unstructured":"George Balatsouras and Yannis Smaragdakis. 2016. Structure-Sensitive Points-To Analysis for C and C. In Sensors Applications Symposium. https:\/\/api.semanticscholar.org\/CorpusID:16346939"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660283"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2024716.2024718"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484583"},{"key":"e_1_3_2_1_13_1","volume-title":"Remote Timing Attacks Are Practical. In 12th USENIX Security Symposium (USENIX Security 03)","author":"Brumley David","year":"2003","unstructured":"David Brumley and Dan Boneh. 2003. Remote Timing Attacks Are Practical. In 12th USENIX Security Symposium (USENIX Security 03). USENIX Association, Washington, D.C. https:\/\/www.usenix.org\/conference\/12th-usenix-security-symposium\/remote-timing-attacks-are-practical"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/madweb.2021.23004"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"Luwei Cai Fu Song and Taolue Chen. 2024. Towards Efficient Verification of Constant-Time Cryptographic Implementations. arXiv:2402.13506 [cs.CR] https:\/\/arxiv.org\/abs\/2402.13506","DOI":"10.1145\/3643772"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.20"},{"key":"e_1_3_2_1_17_1","unstructured":"WebAssembly Community. 2023. Constant-Time Proposal Overview. https:\/\/github.com\/WebAssembly\/constant-time\/blob\/main\/proposals\/constant-time\/Overview.md Accessed: 2024-08--15."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.19"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3563037"},{"key":"e_1_3_2_1_20_1","unstructured":"Craig Disselkoen Sunjay Cauligi Dean Tullsen and Deian Stefan. 2020. Finding and eliminating timing side-channels in crypto code with pitchfork. In TECHCON."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/24039.24041"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Antoine Geimer Math\u00e9o Vergnolle Fr\u00e9d\u00e9ric Recoules Lesly-Ann Daniel S\u00e9bastien Bardin and Cl\u00e9mentine Maurice. 2023. A Systematic Evaluation of Automated Tools for Side-Channel Vulnerabilities Detection in Cryptographic Libraries. arXiv:2310.08153 [cs.CR] https:\/\/arxiv.org\/abs\/2310.08153","DOI":"10.1145\/3576915.3623112"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93387-0_5"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140587.3062363"},{"key":"e_1_3_2_1_25_1","unstructured":"Shaobo He Michael Emmi and Gabriela Ciocarlie. 2019. ct-fuzz: Fuzzing for Timing Leaks. arXiv:1904.07280 [cs.SE] https:\/\/arxiv.org\/abs\/1904.07280"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450138"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CLOUD55607.2022.00077"},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20)","author":"Lehmann Daniel","year":"2020","unstructured":"Daniel Lehmann, Johannes Kinder, and Michael Pradel. 2020. Everything old is new again: binary security of webassembly. In Proceedings of the 29th USENIX Conference on Security Symposium (SEC'20). USENIX Association, USA, Article 13, 18 pages."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"e_1_3_2_1_30_1","volume-title":"Botan: Crypto and TLS for Modern C. https:\/\/github.com\/randombit\/botan. Accessed","author":"Lloyd Jack","year":"2023","unstructured":"Jack Lloyd and the Botan contributors. 2023. Botan: Crypto and TLS for Modern C. https:\/\/github.com\/randombit\/botan. Accessed: October 6, 2023."},{"key":"e_1_3_2_1_31_1","unstructured":"Jason Lowe-Power Abdul Mutaal Ahmad Ayaz Akram Mohammad Alian Rico Amslinger Matteo Andreozzi Adri\u00e0 Armejach Nils Asmussen Brad Beckmann Srikant Bharadwaj Gabe Black Gedare Bloom Bobby R. Bruce Daniel Rodrigues Carvalho Jeronimo Castrillon Lizhong Chen Nicolas Derumigny Stephan Diestelhorst Wendy Elsasser Carlos Escuin Marjan Fariborz Amin Farmahini-Farahani Pouya Fotouhi Ryan Gambord Jayneel Gandhi Dibakar Gope Thomas Grass Anthony Gutierrez Bagus Hanindhito Andreas Hansson Swapnil Haria Austin Harris Timothy Hayes Adrian Herrera Matthew Horsnell Syed Ali Raza Jafri Radhika Jagtap Hanhwi Jang Reiley Jeyapaul Timothy M. Jones Matthias Jung Subash Kannoth Hamidreza Khaleghzadeh Yuetsu Kodama Tushar Krishna Tommaso Marinelli Christian Menard Andrea Mondelli Miquel Moreto Tiago M\u00fcck Omar Naji Krishnendra Nathella Hoa Nguyen Nikos Nikoleris Lena E. Olson Marc Orr Binh Pham Pablo Prieto Trivikram Reddy Alec Roelke Mahyar Samani Andreas Sandberg Javier Setoain Boris Shingarov Matthew D. Sinclair Tuan Ta Rahul Thakur Giacomo Travaglini Michael Upton Nilay Vaish Ilias Vougioukas William Wang Zhengrong Wang Norbert Wehn Christian Weis David A. Wood Hongil Yoon and \u00c9der F. Zulian. 2020. The gem5 Simulator: Version 20.0. arXiv:2007.03152 [cs.AR] https:\/\/arxiv.org\/abs\/2007.03152"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_33_1","unstructured":"Judy McConnell. 2019. WebAssembly support now shipping in all major browsers. https:\/\/blog.mozilla.org\/blog\/2017\/11\/13\/webassembly-inbrowsers\/. Accessed: 2024-08--27."},{"volume-title":"The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks","author":"Molnar David","key":"e_1_3_2_1_34_1","unstructured":"David Molnar, Matt Piotrowski, David Schultz, and David Wagner. 2005. The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks. USENIX Association, Baltimore, MD."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2381913.2381917"},{"key":"e_1_3_2_1_36_1","volume-title":"Swivel: Hardening WebAssembly against Spectre. arXiv:2102.12730 [cs.CR]","author":"Narayan Shravan","year":"2021","unstructured":"Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan. 2021. Swivel: Hardening WebAssembly against Spectre. arXiv:2102.12730 [cs.CR]"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00034"},{"key":"e_1_3_2_1_38_1","unstructured":"OpenAI. 2021. ChatGPT: OpenAI's Conversational AI. https:\/\/openai.com\/chatgpt Accessed: 2024-02--27."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1290520.1290524"},{"key":"e_1_3_2_1_40_1","volume-title":"24th USENIX Security Symposium (USENIX Security 15)","author":"Rane Ashay","year":"2015","unstructured":"Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, Washington, D.C., 431--446. https:\/\/www.usenix.org\/conference\/usenixsecurity15\/technical-sessions\/presentation\/rane"},{"key":"e_1_3_2_1_41_1","unstructured":"Oscar Reparaz Josep Balasch and Ingrid Verbauwhede. 2016. Dude is my code constant time? Cryptology ePrint Archive Paper 2016\/1123. https:\/\/eprint.iacr.org\/2016\/1123 https:\/\/eprint.iacr.org\/2016\/1123."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/2892208.2892230"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3488932.3517411"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678776"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3543507.3583235"},{"key":"e_1_3_2_1_46_1","unstructured":"Bruce Schneier. 2007. Applied cryptography: protocols algorithms and source code in C. john wiley & sons."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3594736"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO51591.2021.9370305"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_1_50_1","unstructured":"The Chromium Project. 2024. V8 JavaScript Engine. https:\/\/v8.dev. Accessed: 2024-08--19."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev51306.2021.00029"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2017.2729549"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3434330"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290390"},{"key":"e_1_3_2_1_55_1","unstructured":"WebAssembly Community. [n. d.]. Security Considerations for WebAssembly. https:\/\/webassembly.org\/docs\/security\/."},{"key":"e_1_3_2_1_56_1","unstructured":"WebAssembly Community. 2022. Discussion on WASI-Crypto's API design. https:\/\/github.com\/WebAssembly\/wasi-crypto\/issues\/21. Accessed: 2023-09--25."},{"key":"e_1_3_2_1_57_1","volume-title":"WABT: The WebAssembly Binary Toolkit. https:\/\/github.com\/WebAssembly\/wabt. Accessed: 2024-03--28.","author":"Community WebAssembly","year":"2024","unstructured":"WebAssembly Community. 2024. WABT: The WebAssembly Binary Toolkit. https:\/\/github.com\/WebAssembly\/wabt. Accessed: 2024-03--28."},{"key":"e_1_3_2_1_58_1","unstructured":"WebAssembly Community Group. 2024. WebAssembly Specification. https:\/\/webassembly.github.io\/spec\/core\/intro\/introduction.html. Accessed: 2024-08--31."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213851"}],"event":{"name":"WWW '25: The ACM Web Conference 2025","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"],"location":"Sydney NSW Australia","acronym":"WWW '25"},"container-title":["Proceedings of the ACM on Web Conference 2025"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714693","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3696410.3714693","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:18:57Z","timestamp":1750295937000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3696410.3714693"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,22]]},"references-count":59,"alternative-id":["10.1145\/3696410.3714693","10.1145\/3696410"],"URL":"https:\/\/doi.org\/10.1145\/3696410.3714693","relation":{},"subject":[],"published":{"date-parts":[[2025,4,22]]},"assertion":[{"value":"2025-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}