{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T22:10:46Z","timestamp":1778191846154,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":60,"publisher":"ACM","content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765209","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:33:16Z","timestamp":1763854396000},"page":"3810-3824","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["H\n                    <scp>eracles<\/scp>\n                    : Chosen Plaintext Attack on AMD SEV-SNP"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-5151-7789","authenticated-orcid":false,"given":"Benedict","family":"Schl\u00fcter","sequence":"first","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0005-9701-8614","authenticated-orcid":false,"given":"Christoph","family":"Wech","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0415-2960","authenticated-orcid":false,"given":"Shweta","family":"Shinde","sequence":"additional","affiliation":[{"name":"ETH Zurich, Zurich, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Amazon. accessed 2025-09-10. AWS Nitro Enclaves - Create additional isolation to further protect highly sensitive data within EC2 instances. https:\/\/aws.amazon.com\/ec2\/nitro\/nitro-enclaves\/."},{"key":"e_1_3_2_1_2_1","unstructured":"AMD. 2017. SEV-ES. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-business-docs\/white-papers\/Protecting-VM-Register-State-with-SEV-ES.pdf."},{"key":"e_1_3_2_1_3_1","unstructured":"AMD. 2020. AMD SEV-SNP: Strengthening VM Isolation with Integrity protection and more. https:\/\/www.amd.com\/system\/files\/TechDocs\/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf."},{"key":"e_1_3_2_1_4_1","unstructured":"AMD. 2023a. AMD-ASPFW. https:\/\/github.com\/benschlueter\/AMD-ASPFW\/blob\/3ca6650dd35d878b3fcbe5c7f58b145eed042bbf\/."},{"key":"e_1_3_2_1_5_1","article-title":"AMD64 Architecture Programmer's Manual Volumes 1\u20135","volume":"4","author":"AMD.","year":"2023","unstructured":"AMD. 2023b. AMD64 Architecture Programmer's Manual Volumes 1\u20135, Rev. 4.08 (40332). https:\/\/docs.amd.com\/v\/u\/en-US\/40332-PUB_4.08.","journal-title":"Rev."},{"key":"e_1_3_2_1_6_1","unstructured":"AMD. 2023c. Tiered Memory Page Migration Operations Guide Rev 0.51 (58151). https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/specifications\/58151_0_51-PUB.pdf."},{"key":"e_1_3_2_1_7_1","first-page":"58","article-title":"SEV Secure Nested Paging Firmware ABI Specification","volume":"1","author":"AMD.","year":"2025","unstructured":"AMD. 2025. SEV Secure Nested Paging Firmware ABI Specification, Rev 1.58. https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/specifications\/56860.pdf.","journal-title":"Rev"},{"key":"e_1_3_2_1_8_1","article-title":"-09-10. AMD SEV","volume":"3","author":"AMD.","year":"2025","unstructured":"AMD. accessed 2025-09-10. AMD SEV, Rev. 3.24 (55766). https:\/\/www.amd.com\/content\/dam\/amd\/en\/documents\/epyc-technical-docs\/programmer-references\/55766_SEV-KM_API_Specification.pdf.","journal-title":"Rev."},{"key":"e_1_3_2_1_9_1","unstructured":"ARM. accessed 2025-09-10. Arm Confidential Compute Architecture (ARM-CCA). https:\/\/www.arm.com\/why-arm\/architecture\/security-features\/arm-confidential-compute-architecture."},{"key":"e_1_3_2_1_10_1","first-page":"3917","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Borrello Pietro","year":"2022","unstructured":"Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, and Michael Schwarz. 2022. \u00c6PIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 3917-3934. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/borrello"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.63"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484779"},{"key":"e_1_3_2_1_13_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 991textendash1008. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/bulck"},{"key":"e_1_3_2_1_14_1","first-page":"1041","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Bulck Jo Van","year":"2017","unstructured":"Jo Van Bulck, Nico Weichbrodt, R\u00fcdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1041-1056. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/van-bulck"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3676641.3716017"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484821"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00104"},{"key":"e_1_3_2_1_18_1","unstructured":"Duong and Juliano Rizzo. 2011. Here Come The XOR Ninjas Thai. https:\/\/api.semanticscholar.org\/CorpusID:50845005"},{"key":"e_1_3_2_1_19_1","volume-title":"CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP. In Network and Distributed System Security Symposium 2025: NDSS 2025.","author":"Gast Stefan","year":"2025","unstructured":"Stefan Gast, Hannes Weissteiner, Robin Leander Schr\u00f6der, and Daniel Gruss. 2025. CounterSEVeillance: Performance-Counter Attacks on AMD SEV-SNP. In Network and Distributed System Security Symposium 2025: NDSS 2025."},{"key":"e_1_3_2_1_20_1","unstructured":"Google. 2022. AMD Secure Processor for Confidential Computing. https:\/\/storage.googleapis.com\/gweb-uniblog-publish-prod\/documents\/AMD_GPZ-Technical_Report_FINAL_05_2022.pdf."},{"key":"e_1_3_2_1_21_1","unstructured":"Google. 2023. Intel Trust Domain Extensions (TDX) Security Review. https:\/\/services.google.com\/fh\/files\/misc\/intel_tdx_-_full_report_041423.pdf."},{"key":"e_1_3_2_1_22_1","unstructured":"Google. accessed 2025-09-10. Confidential Computing | Google Cloud. https:\/\/cloud.google.com\/confidential-computing."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCD.2018.00025"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3485832.3488011"},{"key":"e_1_3_2_1_25_1","volume-title":"Intel\u00ae 64 and IA-32 Architectures Optimization Reference Manual","unstructured":"Intel. 2024. Intel\u00ae 64 and IA-32 Architectures Optimization Reference Manual: Volume 1 (248966-048). https:\/\/www.intel.com\/content\/www\/us\/en\/content-details\/671488\/intel-64-and-ia-32-architectures-optimization-reference-manual-volume-1.html."},{"key":"e_1_3_2_1_26_1","unstructured":"Intel. accessed 2025-09-10 a. Intel Software Guard Extensions. https:\/\/software.intel.com\/content\/www\/us\/en\/develop\/topics\/software-guard-extensions.html."},{"key":"e_1_3_2_1_27_1","unstructured":"Intel. accessed 2025-09-10 b. Intel Trust Domain Extension Research and Assurance. https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/software-security-guidance\/technical-documentation\/tdx-security-research-and-assurance.html."},{"key":"e_1_3_2_1_28_1","unstructured":"Intel. accessed 2025-09-10 c. Intel Trust Domain Extensions (Intel TDX). https:\/\/www.intel.com\/content\/www\/us\/en\/developer\/articles\/technical\/intel-trust-domain-extensions.html."},{"key":"e_1_3_2_1_29_1","unstructured":"Ke Jiang Sen Deng Yinshuai Li Shuai Wang Tianwei Zhang and Yinqian Zhang. 2025. CipherGuard: Compiler-aided Mitigation against Ciphertext Side-channel Attacks. arXiv:2502.13401 [cs.CR] https:\/\/arxiv.org\/abs\/2502.13401"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378486"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833768"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3485253"},{"key":"e_1_3_2_1_33_1","first-page":"1257","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Li Mengyuan","year":"2019","unstructured":"Mengyuan Li, Yinqian Zhang, Zhiqiang Lin, and Yan Solihin. 2019. Exploiting Unprotected I\/O Operations in AMDtextquoterights Secure Encrypted Virtualization. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1257-1272. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_34_1","first-page":"717","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Li Mengyuan","year":"2021","unstructured":"Mengyuan Li, Yinqian Zhang, Huibo Wang, Kang Li, and Yueqiang Cheng. 2021b. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 717-732. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/li-mengyuan"},{"key":"e_1_3_2_1_35_1","unstructured":"LLVM. accessed 2025-09-10. LLVM MCA. https:\/\/llvm.org\/docs\/CommandGuide\/llvm-mca.html."},{"key":"e_1_3_2_1_36_1","unstructured":"Microsoft. accessed 2025-09-10. Azure confidential Cloud - Protect Data In Use | Microsoft Azure. https:\/\/azure.microsoft.com\/en-us\/solutions\/confidential-compute\/."},{"key":"e_1_3_2_1_37_1","unstructured":"Mongoose. accessed 2025-09-10. Mongoose. https:\/\/mongoose.ws\/."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3193111.3193112"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW53761.2021.00063"},{"key":"e_1_3_2_1_40_1","first-page":"663","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Puddu Ivan","year":"2021","unstructured":"Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan Capkun. 2021. Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 663-680. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/puddu"},{"key":"e_1_3_2_1_41_1","volume-title":"Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving. arXiv:2502.09139 [cs.CR] https:\/\/arxiv.org\/abs\/2502.09139","author":"P\u00e4tschke Anna","year":"2025","unstructured":"Anna P\u00e4tschke, Jan Wichelmann, and Thomas Eisenbarth. 2025. Zebrafix: Mitigating Memory-Centric Side-Channel Leakage via Interleaving. arXiv:2502.09139 [cs.CR] https:\/\/arxiv.org\/abs\/2502.09139"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433667.3433668"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30539-2_2"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3373376.3378462"},{"key":"e_1_3_2_1_45_1","first-page":"3459","volume-title":"Heckler: Breaking Confidential VMs with Malicious Interrupts. In 33rd USENIX Security Symposium (USENIX Security 24)","author":"Schl\u00fcter Benedict","year":"2024","unstructured":"Benedict Schl\u00fcter, Supraja Sridhara, Mark Kuhne, Andrin Bertschi, and Shweta Shinde. 2024. Heckler: Breaking Confidential VMs with Malicious Interrupts. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX Association, Philadelphia, PA, 3459-3476. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/schl\u00fcter"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3765233"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00262"},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3708821.3710838"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363206"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3152701.3152706"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243822"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45744-4_22"},{"key":"e_1_3_2_1_53_1","first-page":"6789","volume-title":"Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Wichelmann Jan","year":"2023","unstructured":"Jan Wichelmann, Anna P\u00e4tschke, Luca Wilke, and Thomas Eisenbarth. 2023. Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX Association, Anaheim, CA, 6789-6806. https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/wichelmann"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP54263.2024.00261"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00080"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.46586\/tches.v2024.i1.180-206"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.45"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690317"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00079"},{"key":"e_1_3_2_1_60_1","unstructured":"Ruiyi Zhang Lukas Gerlach Daniel Weber Lorenz Hetterich Youheng L\u00fc Andreas Kogler and Michael Schwarz. 2024. CacheWarp: Software-based Fault Injection using Selective State Reset. 1135-1151 pages. https:\/\/www.usenix.org\/conference\/usenixsecurity24\/presentation\/zhang-ruiyi"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765209","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T21:41:17Z","timestamp":1778190077000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765209"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":60,"alternative-id":["10.1145\/3719027.3765209","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765209","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}