{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:30:07Z","timestamp":1766449807256,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":81,"publisher":"ACM","funder":[{"DOI":"10.13039\/100006785","name":"Google","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006785","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765061","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:37:25Z","timestamp":1763854645000},"page":"2564-2578","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["<scp>ExfilState:<\/scp>\n                    Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-8029-0621","authenticated-orcid":false,"given":"Fabian","family":"Thomas","sequence":"first","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-5349-1820","authenticated-orcid":false,"given":"Michael","family":"Torres","sequence":"additional","affiliation":[{"name":"Google LLC, Mountain View, California, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3123-5916","authenticated-orcid":false,"given":"Daniel","family":"Moghimi","sequence":"additional","affiliation":[{"name":"Google LLC, Mountain View, California, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6744-3410","authenticated-orcid":false,"given":"Michael","family":"Schwarz","sequence":"additional","affiliation":[{"name":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"ARM. 2018. Arm Cortex-A76 Core Technical Reference Manual."},{"key":"e_1_3_2_1_2_1","unstructured":"ARM. 2018. ARMv8-A synchronization primitives."},{"key":"e_1_3_2_1_3_1","unstructured":"ARM. 2023. Arm Architecture Reference Manual for A-profile architecture."},{"key":"e_1_3_2_1_4_1","unstructured":"ARM Limited. 2018. ARM A64 Instruction Set Architecture."},{"key":"e_1_3_2_1_5_1","unstructured":"Daniel J. Bernstein. 2005. Cache-Timing Attacks on AES."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"crossref","unstructured":"Atri Bhattacharyya Alexandra Sandulescu Matthias Neugschwandtner Alessandro Sorniotti Babak Falsafi Mathias Payer and Anil Kurmus. 2019. SMoTher- Spectre: exploiting speculative execution through port contention. In CCS.","DOI":"10.1145\/3319535.3363194"},{"key":"e_1_3_2_1_7_1","unstructured":"Pietro Borrello Andreas Kogler Martin Schwarzl Moritz Lipp Daniel Gruss and Michael Schwarz. 2022. \u00c6PIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. In USENIX Security."},{"key":"e_1_3_2_1_8_1","unstructured":"Ernie Brickell Gary Graunke Michael Neve and Jean-Pierre Seifert. 2006. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. Cryptology ePrint Archive Report 2006\/052 (2006)."},{"key":"e_1_3_2_1_9_1","volume-title":"Michael Schwarz, Moritz Lipp, Benjamin von","author":"Canella Claudio","year":"2019","unstructured":"Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, and Daniel Gruss. 2019. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security. Extended classification tree and PoCs at https:\/\/transient.fail\/.."},{"key":"e_1_3_2_1_10_1","volume-title":"BETA: Automated Blackbox Exploration for Timing Attacks in Processors. arXiv:2410.16648","author":"Chen Congcong","year":"2024","unstructured":"Congcong Chen, Jinhua Cui, and Jiliang Zhang. 2024. BETA: Automated Blackbox Exploration for Timing Attacks in Processors. arXiv:2410.16648 (2024)."},{"key":"e_1_3_2_1_11_1","volume-title":"USENIX Security Symposium.","author":"Dai Miles","year":"2022","unstructured":"Miles Dai, Riccardo Paccagnella, Miguel Gomez-Garcia, John McCalpin, and Mengjia Yan. 2022. Don't Mesh Around: Side-Channel Attacks and Mitigations on Mesh Interconnects. In USENIX Security Symposium."},{"key":"e_1_3_2_1_12_1","volume-title":"Conjunct: Learning inductive invariants to prove unbounded instruction safety against microarchitectural timing attacks. In S&P.","author":"Dinesh Sushant","year":"2024","unstructured":"Sushant Dinesh, Madhusudan Parthasarathy, and Christopher W Fletcher. 2024. Conjunct: Learning inductive invariants to prove unbounded instruction safety against microarchitectural timing attacks. In S&P."},{"key":"e_1_3_2_1_13_1","volume-title":"USENIX Security Symposium.","author":"Disselkoen Craig","year":"2017","unstructured":"Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen. 2017. PrimeAbort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX. In USENIX Security Symposium."},{"key":"e_1_3_2_1_14_1","volume-title":"Breaking the x86 ISA. Black Hat US","author":"Domas Christopher","year":"2017","unstructured":"Christopher Domas. 2017. Breaking the x86 ISA. Black Hat US (2017)."},{"key":"e_1_3_2_1_15_1","unstructured":"Josh Eads Tavis Ormandy Matteo Rizzo Kristoffer Janke and Eduardo Vela Nava. 2025. Zen and the Art of Microcode Hacking."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"crossref","unstructured":"Dmitry Evtyushkin Thomas Benjamin Jesse Elwell Jeffrey A Eitel Angelo Sapello and Abhrajit Ghosh. 2021. Computing with time: Microarchitectural weird machines. In ASPLOS.","DOI":"10.1145\/3445814.3446729"},{"key":"e_1_3_2_1_17_1","unstructured":"Anders Fogh. 2016. Covert Shotgun: automatically finding SMT covert channels. https:\/\/cyber.wtf\/2016\/09\/27\/covert-shotgun\/"},{"key":"e_1_3_2_1_18_1","volume-title":"A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering","author":"Ge Qian","year":"2016","unstructured":"Qian Ge, Yuval Yarom, David Cock, and Gernot Heiser. 2016. A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering (2016)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Lukas Gerlach Simon Schwarz Nicolas Faro\u00df and Michael Schwarz. 2024. Efficient and Generic Microarchitectural Hash-Function Recovery. In S&P.","DOI":"10.1109\/SP54263.2024.00028"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Ben Gras Cristiano Giuffrida Michael Kurth Herbert Bos and Kaveh Razavi. 2020. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. In NDSS.","DOI":"10.14722\/ndss.2020.23018"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Daniel Gruss Cl\u00e9mentine Maurice Klaus Wagner and Stefan Mangard. 2016. FlushFlush: A Fast and Stealthy Cache Attack. In DIMVA.","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"e_1_3_2_1_22_1","unstructured":"Daniel Gruss Felix Schuster Olya Ohrimenko Istvan Haller Julian Lettner and Manuel Costa. 2017. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security."},{"key":"e_1_3_2_1_23_1","volume-title":"FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning. arXiv:1907.03651","author":"Gulmezoglu Berk","year":"2019","unstructured":"Berk Gulmezoglu, Ahmad Moghimi, Thomas Eisenbarth, and Berk Sunar. 2019. FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning. arXiv:1907.03651 (2019)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Lorenz Hetterich and Michael Schwarz. 2022. Branch Different - Spectre Attacks on Apple Silicon. In DIMVA.","DOI":"10.1007\/978-3-031-09484-2_7"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"crossref","unstructured":"Lorenz Hetterich Fabian Thomas Lukas Gerlach Ruiyi Zhang Nils Bernsdorf Eduard Ebert and Michael Schwarz. 2025. ShadowLoad: Injecting State into Hardware Prefetchers. In ASPLOS.","DOI":"10.1145\/3676641.3716020"},{"key":"e_1_3_2_1_26_1","unstructured":"Jana Hofmann Emanuele Vannacci C\u00e9dric Fournet Boris K\u00f6pf and Oleksii Oleksenko. 2023. Speculation at Fault: Modeling and Testing Microarchitectural Leakage of CPU Exceptions. In USENIX Security."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Gal Horowitz Eyal Ronen and Yuval Yarom. 2024. Spec-o-Scope: Cache Probing at Cache Speed. In ACM CCS.","DOI":"10.1145\/3658644.3690313"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"Yao Hsiao Nikos Nikoleris Artem Khyzha Dominic P Mulligan Gustavo Petri Christopher W Fletcher and Caroline Trippel. 2024. RTL2MPATH: Multi- PATH Synthesis with Applications to Hardware Security Verification. In MICRO.","DOI":"10.1109\/MICRO61859.2024.00045"},{"key":"e_1_3_2_1_29_1","volume-title":"Reducing Timing Channels with Fuzzy Time. Journal of Computer Security","author":"Wei-Ming Hu.","year":"1992","unstructured":"Wei-Ming Hu. 1992. Reducing Timing Channels with Fuzzy Time. Journal of Computer Security (1992)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSD.2015.56"},{"key":"e_1_3_2_1_31_1","unstructured":"Dougall Johnson. 2021. Apple Firestorm\/Icestorm CPU microarchitecture docs. https:\/\/github.com\/dougallj\/applecpu"},{"key":"e_1_3_2_1_32_1","volume-title":"The Gates of Time: Improving Cache Attacks with Transient Execution. In USENIX Security Symposium.","author":"Katzman Daniel","year":"2023","unstructured":"Daniel Katzman, William Kosasih, Chitchanok Chuengsatiansup, Eyal Ronen, and Yuval Yarom. 2023. The Gates of Time: Improving Cache Attacks with Transient Execution. In USENIX Security Symposium."},{"key":"e_1_3_2_1_33_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In S&P.","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss,Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In S&P."},{"key":"e_1_3_2_1_34_1","unstructured":"Andreas Kogler Jonas Juffinger Lukas Giner Lukas Gerlach Martin Schwarzl Michael Schwarz Daniel Gruss and Stefan Mangard. 2023. CollidePower: Leaking Inaccessible Data with Software-based Power Side Channels. In USENIX Security."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"William Kosasih Yusi Feng Chitchanok Chuengsatiansup Yuval Yarom and Ziyuan Zhu. 2024. SoK: Can We Really Detect Cache Side-Channel Attacks by Monitoring Performance Counters?. In AsiaCCS.","DOI":"10.1145\/3634737.3637649"},{"volume-title":"Hardware design verification: simulation and formal methodbased approaches","author":"Lam William K","key":"e_1_3_2_1_36_1","unstructured":"William K Lam. 2008. Hardware design verification: simulation and formal methodbased approaches. Prentice Hall PTR."},{"key":"e_1_3_2_1_37_1","unstructured":"Moritz Lipp Daniel Gruss and Michael Schwarz. 2022. AMD Prefetch Attacks through Power and Time. In USENIX Security."},{"key":"e_1_3_2_1_38_1","volume-title":"ARMageddon: Cache Attacks on Mobile Devices. In USENIX Security Symposium.","author":"Lipp Moritz","year":"2016","unstructured":"Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Cl\u00e9mentine Maurice, and Stefan Mangard. 2016. ARMageddon: Cache Attacks on Mobile Devices. In USENIX Security Symposium."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"G. Maisuradze and C. Rossow. 2018. ret2spec: Speculative Execution Using Return Stack Buffers. In CCS.","DOI":"10.1145\/3243734.3243761"},{"key":"e_1_3_2_1_40_1","volume-title":"Spectre is here to stay: An analysis of side-channels and speculative execution. arXiv:1902.05178","author":"Mcilroy Ross","year":"2019","unstructured":"Ross Mcilroy, Jaroslav Sevcik, Tobias Tebbi, Ben L Titzer, and Toon Verwaest. 2019. Spectre is here to stay: An analysis of side-channels and speculative execution. arXiv:1902.05178 (2019)."},{"key":"e_1_3_2_1_41_1","unstructured":"William M McKeeman. 1998. Differential testing for software. (1998)."},{"key":"e_1_3_2_1_42_1","unstructured":"Memory Ordering [n. d.]. Intel 64 Architecture Memory Ordering White Paper."},{"key":"e_1_3_2_1_43_1","volume-title":"USENIX Security Symposium.","author":"Moghimi Daniel","year":"2020","unstructured":"Daniel Moghimi, Moritz Lipp, Berk Sunar, and Michael Schwarz. 2020. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis. In USENIX Security Symposium."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3503222.3507729"},{"key":"e_1_3_2_1_45_1","unstructured":"Tavis Ormandy. 2023. Reptar. https:\/\/lock.cmpxchg8b.com\/reptar.html"},{"key":"e_1_3_2_1_46_1","unstructured":"Tavis Ormandy. 2023. Zenbleed. https:\/\/lock.cmpxchg8b.com\/zenbleed.html"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"crossref","unstructured":"Dag Arne Osvik Adi Shamir and Eran Tromer. 2006. Cache Attacks and Countermeasures: the Case of AES. In CT-RSA.","DOI":"10.1007\/11605805_1"},{"key":"e_1_3_2_1_48_1","unstructured":"Colin Percival. 2005. Cache Missing for Fun and Profit. In BSDCan."},{"key":"e_1_3_2_1_49_1","volume-title":"DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security.","author":"Pessl Peter","year":"2016","unstructured":"Peter Pessl, Daniel Gruss, Cl\u00e9mentine Maurice, Michael Schwarz, and Stefan Mangard. 2016. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security."},{"key":"e_1_3_2_1_50_1","unstructured":"Thomas Pornin. 2022. Why Constant-Time Crypto? https:\/\/www.bearssl.org\/ constanttime.html"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"crossref","unstructured":"Antoon Purnal Marton Bognar Frank Piessens and Ingrid Verbauwhede. 2023. ShowTime: Amplifying arbitrary CPU timing side channels. In AsiaCCS.","DOI":"10.1145\/3579856.3590332"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"crossref","unstructured":"Antoon Purnal Furkan Turan and Ingrid Verbauwhede. 2021. PrimeScope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks. In CCS.","DOI":"10.1145\/3460120.3484816"},{"key":"e_1_3_2_1_53_1","unstructured":"Pengfei Qiu Qiang Gao DongshengWang Yongqiang Lyu ChunluWang Chang Liu Rihui Sun and Gang Qu. 2023. PMU-Leaker: Performance monitor unit-based realization of cache side-channel attacks. In ASP-DAC."},{"key":"e_1_3_2_1_54_1","volume-title":"SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification. In NDSS.","author":"Sang Fan","year":"2024","unstructured":"Fan Sang, Jaehyuk Lee, Xiaokuan Zhang, Meng Xu, Scott Constable, Yuan Xiao, Michael Steiner, Mona Vij, and Taesoo Kim. 2024. SENSE: Enhancing Microarchitectural Awareness for TEEs via Subscription-Based Notification. In NDSS."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"Till Schl\u00fcter Amit Choudhari Lorenz Hetterich Leon Trampert Hamed Nemati Ahmad Ibrahim Michael Schwarz Christian Rossow and Nils Ole Tippenhauer. 2023. FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers. In CCS.","DOI":"10.1145\/3576915.3623124"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"Michael Schwarz Moritz Lipp Daniel Gruss SamuelWeiser Cl\u00e9mentine Maurice Raphael Spreitzer and Stefan Mangard. 2018. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In NDSS.","DOI":"10.14722\/ndss.2018.23027"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Michael Schwarz Cl\u00e9mentine Maurice Daniel Gruss and Stefan Mangard. 2017. Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript. In FC.","DOI":"10.1007\/978-3-319-70972-7_13"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"crossref","unstructured":"Martin Schwarzl Pietro Borrello Andreas Kogler Kenton Varda Thomas Schuster Daniel Gruss and Michael Schwarz. 2022. Robust and Scalable Process Isolation against Spectre in the Cloud. In ESORICS.","DOI":"10.1007\/978-3-031-17146-8_9"},{"key":"e_1_3_2_1_59_1","volume-title":"Silifuzz: Fuzzing cpus by proxy. arXiv:2110.11519","author":"Serebryany Kostya","year":"2021","unstructured":"Kostya Serebryany, Maxim Lifantsev, Konstantin Shtoyk, Doug Kwan, and Peter Hochschild. 2021. Silifuzz: Fuzzing cpus by proxy. arXiv:2110.11519 (2021)."},{"key":"e_1_3_2_1_60_1","volume-title":"Cascade: CPU Fuzzing via Intricate Program Generation. In USENIX Security.","author":"Solt Flavien","year":"2024","unstructured":"Flavien Solt, Katharina Ceesay-Seitz, and Kaveh Razavi. 2024. Cascade: CPU Fuzzing via Intricate Program Generation. In USENIX Security."},{"key":"e_1_3_2_1_61_1","unstructured":"Stephen R\u00f6ttger and Artur Janc. 2021. A Spectre proof-of-concept for a Spectreproof web. https:\/\/security.googleblog.com\/2021\/03\/a-spectre-proof-of-conceptfor-spectre.html"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"Fredrik Strupe and Rakesh Kumar. 2020. Uncovering hidden instructions in Armv8-A implementations. In HASP.","DOI":"10.1145\/3458903.3458906"},{"key":"e_1_3_2_1_63_1","volume-title":"Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, and Michael Schwarz.","author":"Thomas Fabian","year":"2025","unstructured":"Fabian Thomas, Eric Garc\u00eda Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, and Michael Schwarz. 2025. RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs. In CCS."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.5555\/2724966.2725064"},{"key":"e_1_3_2_1_65_1","volume-title":"Telling Your Secrets Without Page Faults: Stealthy Page Table- Based Attacks on Enclaved Execution. In USENIX Security Symposium.","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets Without Page Faults: Stealthy Page Table- Based Attacks on Enclaved Execution. In USENIX Security Symposium."},{"key":"e_1_3_2_1_66_1","volume-title":"USENIX Security Symposium.","author":"Schaik Stephan Van","year":"2018","unstructured":"Stephan Van Schaik, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi. 2018. Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. In USENIX Security Symposium."},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/3065913.3065918"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"crossref","unstructured":"Pepe Vila Boris K\u00f6pf and Jose Morales. 2019. Theory and Practice of Finding Eviction Sets. In S&P.","DOI":"10.1109\/SP.2019.00042"},{"key":"e_1_3_2_1_69_1","volume-title":"Hovav Shacham, Christopher W Fletcher, and David Kohlbrenner.","author":"Wang Yingchen","year":"2022","unstructured":"Yingchen Wang, Riccardo Paccagnella, Elizabeth Tang He, Hovav Shacham, Christopher W Fletcher, and David Kohlbrenner. 2022. Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86. In USENIX Security."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"crossref","unstructured":"Zilong Wang Gideon Mohr Klaus von Gleissenthall Jan Reineke and Marco Guarnieri. 2023. Specification and verification of side-channel security for opensource processors via leakage contracts. In CCS.","DOI":"10.1145\/3576915.3623192"},{"key":"e_1_3_2_1_71_1","volume-title":"Osiris: Automated Discovery of Microarchitectural Side Channels. In USENIX Security.","author":"Weber Daniel","year":"2021","unstructured":"Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, and Christian Rossow. 2021. Osiris: Automated Discovery of Microarchitectural Side Channels. In USENIX Security."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"crossref","unstructured":"Daniel Weber Leonard Niemann Lukas Gerlach Jan Reineke and Michael Schwarz. 2024. No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks. In ACSAC.","DOI":"10.1109\/ACSAC63791.2024.00042"},{"key":"e_1_3_2_1_73_1","volume-title":"Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS.","author":"Thomas Fabian","year":"2023","unstructured":"DanielWeber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, and Michael Schwarz. 2023. Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS."},{"key":"e_1_3_2_1_74_1","unstructured":"Wikichip. 2012. Cortex-A53 - Microarchitectures - ARM. https:\/\/en.wikichip.org\/wiki\/arm_holdings\/microarchitectures\/cortex-a53"},{"key":"e_1_3_2_1_75_1","unstructured":"Wikichip. 2021. Neoverse V1 - Microarchitectures - ARM. https:\/\/en.wikichip.org\/wiki\/arm_holdings\/microarchitectures\/neoverse_v1"},{"key":"e_1_3_2_1_76_1","unstructured":"Yuanzhong Xu Weidong Cui and Marcus Peinado. 2015. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P."},{"key":"e_1_3_2_1_77_1","volume-title":"USENIX Security Symposium.","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FlushReload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium."},{"key":"e_1_3_2_1_78_1","unstructured":"Jiyong Yu Aishani Dutta Trent Jaeger David Kohlbrenner and Christopher W Fletcher. 2023. Synchronization Storage Channels (2): Timer-less Cache Side-Channel Attacks on the Apple M1 via Hardware Synchronization Instructions. In USENIX Security."},{"key":"e_1_3_2_1_79_1","unstructured":"Ruiyi Zhang Lukas Gerlach Daniel Weber Lorenz Hetterich Youheng L\u00fc Andreas Kogler and Michael Schwarz. 2024. CacheWarp: Software-based Fault Injection using Selective State Reset. In USENIX Security."},{"key":"e_1_3_2_1_80_1","unstructured":"Ruiyi Zhang Taehyun Kim Daniel Weber and Michael Schwarz. 2023. (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In USENIX Security."},{"key":"e_1_3_2_1_81_1","volume-title":"BunnyHop: Exploiting the Instruction Prefetcher. In USENIX Security Symposium.","author":"Zhang Zhiyuan","year":"2023","unstructured":"Zhiyuan Zhang, Mingtian Tao, Sioli O'Connell, Chitchanok Chuengsatiansup, Daniel Genkin, and Yuval Yarom. 2023. BunnyHop: Exploiting the Instruction Prefetcher. In USENIX Security Symposium."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765061","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:23:14Z","timestamp":1766442194000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765061"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":81,"alternative-id":["10.1145\/3719027.3765061","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765061","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}