Extended Bibliography
July 24, 2022 · View on GitHub
Literature Review
- Ahmad, A., Kim, K., Sarfaraz, M. I., and Lee, B. OBLIVIATE: A Data Oblivious File System for Intel SGX. In NDSS (2018).
- Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H. On Subnormal Floating Point and Abnormal Timing. In S&P (2015).
- Bhattacharyya, A., Sandulescu, A., Neugschwandtner, M., Sorniotti, A., Falsafi, B., Payer, M., and Kurmus, A. SMoTherSpectre: Exploiting Speculative Execution through Port Contention. In CCS (2019).
- Bosman, E., Razavi, K., Bos, H., and Giuffrida, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In S&P (2016).
- Brasser, F., Davi, L., Gens, D., Liebchen, C., and Sadeghi, A-R. CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In USENIX Security (2017).
- Briongos, S., Malagón, P., Moya, J., and Eisenbarth, T. RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks. In USENIX Security (2020).
- Cabrera Aldaya, A., Brumley, B. B., ul Hassan, S., Pereida García, C., and Tuveri, N. Port Contention for Fun and Profit. In S&P (2019).
- Canella, C., Genkin, D., Giner, L., Gruss, D., Lipp, M., Minkin, M., Moghimi, D., Piessens, F., Schwarz, M., Sunar, B., Van Bulck, J., and Yarom, Y.. Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS (2019).
- Canella, C., Van Bulck, J., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., and Gruss, D. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security (2019).
- Chen, G., Wang, W., Chen, T., Chen, S., Zhang, Y., Wang, X., Lai, T., and Lin, D. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In S&P (2018).
- Cohney, S., Kwong, A., Paz, S., Genkin, D., Heninger, N., Ronen, E., and Yarom, Y. Pseudorandom Black Swans: Cache Attacks on CTR_DRBG. In S&P (2020).
- Cojocar, L., Razavi, K., Giuffrida, C., Bos, H. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. In S&P (2019).
- Cojocar, L., Kim, J. S., Patel, M., Tsai, L., Saroiu, S., Wolman, A., and Mutlu, O. Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers. In S&P (2020).
- Crane, S., Homescu, A., Brunthaler, S., Larsen, P., and Franz, M. Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. In NDSS (2015).
- Diao, W., Liu, X., Li, Z., and Zhang, K. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In S&P (2016).
- Disselkoen, C., Kohlbrenner, D., Porter, L., and Tullsen, D. Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX. In USENIX Security (2017).
- Disselkoen, C., Jagadeesan, R., Jeffrey, A., and Riely, J. The Code That Never Ran: Modeling Attacks on Speculative Evaluation. In S&P (2019).
- Evtyushkin, D., and Ponomarev, D. Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations. In CCS (2016).
- Fan, S., Wang, W., and Cheng, Q. Attacking OpenSSL Implementation of ECDSA with a Few Signatures. In CCS (2016).
- Frigo, P., Giuffrida, C., Bos, H., and Razavi, K. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU.. In S&P (2018).
- Frigo, P., Vannacc, E., Hassan, H. van der Veen, V., Mutlu, O., Giuffrida, C., Bos, H., and Razavi, K. TRRespass: Exploiting the Many Sides of Target Row Refresh. In S&P (2020).
- Genkin, D., Valenta, L., and Yarom, Y. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519. In CCS (2017).
- Göktas, E., Razavi, K., Portokalidis, G., Bos, H., and Giuffrida, C. Speculative Probing: Hacking Blind in the Spectre Era. In CCS (2020).
- Gras, B., Razavi, K., Bosman, E., Bos, H., and Giuffrida, C. ASLR on the Line: Practical Cache Attacks on the MMU. In NDSS (2017).
- Gras, B., Razavi, K., Bos, H., and Giuffrida, C. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In USENIX Security (2018).
- Gras, B., Giuffrida, C., Kurth, M., Bos, H., and Razavi, K. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. In NDSS (2020).
- Green, M., Rodrigues-Lima, L., Zankl, A., Irazoqui, G., Heyszl, J., and Eisenbarth, T. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think. In USENIX Security (2017).
- Gruss, D., Spreitzer, R., and Mangard, S. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In USENIX Security (2015).
- Gruss, D., Maurice, C., Fogh, A., Lipp, M., and Mangard, S.. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In CCS (2016).
- Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security (2017).
- Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Schoechl, W., and Yarom, Y. Another Flip In The Wall of Rowhammer Defenses. In S&P (2018).
- Guanciale, R., Nemati, H., Baumann, C., and Dam, M. Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures. In S&P (2016).
- ul Hassan, S., Gridin, I., Delgado-Lozano, I. M., Pereida García, C., Chi-Domínguez, J-J, Cabrera Aldaya, A., and Brumley, B. B. Déjà Vu: Side-Channel Analysis of Mozilla's NSS. In CCS (2020).
- Irazoqui, G., Eisenbarth, T., and Sunar, B. S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing -- and its Application to AES. In S&P (2015).
- Islam, S., Moghimi, A., Bruhns, I., Krebbel, M., Gulmezoglu, B., Eisenbarth, T., and Sunar, B. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. In USENIX Security (2019).
- Jang, Y., Lee, S., and Kim, T. Breaking Kernel Address Space Layout Randomization with Intel TSX. In CCS (2016).
- Kenjar, Z., Frassetto, T., Gens, D., Franz, M., and Sadeghi, A.-R. V0LTpwn: Attacking x86 Processor Integrity from Software. In USENIX Security (2020).
- Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., and Yarom, Y. Spectre Attacks: Exploiting Speculative Execution. In S&P (2019)
- Kohlbrenner, D., and Shacham, H. Trusted Browsers for Uncertain Times. In USENIX Security (2016).
- Kohlbrenner, D., and Shacham, H. On the effectiveness of mitigations against floating-point timing channels. In USENIX Security (2017).
- Kurth, M., Gras, B., Andriesse, D., Giuffrida, C., Bos, H., and Razavi, K. NetCAT: Practical Cache Attacks for the Network. In S&P (2020).
- Kwong, A., Genkin, D., Gruss, D., and Yarom, Y. RAMBleed: Reading Bits in Memory Without Accessing Them In S&P (2020).
- Lee, J., Jang, J., Jang, Y., Kwak, N., Choi, Y., Choi, C., Kim, T., Peinado, M., and Kang, B. B. Hacking in Darkness: Return-oriented Programming against Secure Enclaves. In USENIX Security (2017).
- Lee, S., Shih, M.-W., Gera, P., Kim, T., Kim, H., and Peinado, M.. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security (2017).
- Li, M., Zhang, Y., and Lin, Z. Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization. In USENIX Security (2019).
- Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., and Mangard, S. ARMageddon: Cache Attacks on Mobile Devices. In USENIX Security (2016).
- Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. Meltdown: Reading Kernel Memory from User Space. In USENIX Security (2018).
- Liu, F., Yarom, Y., Ge, Q., Heiser, G., and Lee, R. B. Last-Level Cache Side-Channel Attacks are Practical. In S&P (2015).
- Luo, M., Myers, A. C., and Suh, G. E. Stealthy Tracking of Autonomous Vehicles with Cache Side Channels. In USENIX Security (2020).
- Maisuradze, G., and Rossow, C. ret2spec: Speculative Execution Using Return Stack Buffers. In CCS (2018).
- Maurice, C., Weber, M., Schwarz, M., Giner, L., Gruss, D., Boano, C. A., Romer, K., and Mangard, S. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud. In NDSS (2017).
- Moghimi, Daniel and Lipp, Moritz and Sunar, Berk and Schwarz, Michael. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis.. In USENIX Security (2020).
- Murdock, K., Oswald, D., Garcia, F. D., Van Bulck, J., Gruss, D., and Piessens, F. Plundervolt: Software-based Fault Injection Attacks against Intel SGX.. In S&P (2020).
- Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. In CCS (2015).
- Pereida García, C., Brumley, B. B., and Yarom, Y. "Make Sure DSA Signing Exponentiations Really are Constant-Time." In CCS (2016).
- Pereida García, C., and Brumley, B. B. Constant-Time Callees with Variable-Time Callers. In USENIX Security (2017).
- Pessl, P., Gruss, D., Maurice, C., Schwarz, M., and Mangard, S. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security (2016).
- Pessl, P., Bruinderink, L. G., and Yarom, Y. To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures. In CCS (2017).
- Qiu, P., Wang, D., Lyu, Y., and Qu, G. VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies. In CCS (2019).
- Rane, A., Lin, C., and Tiwari, M. Secure, Precise, and Fast Floating-Point Operations on x86 Processors. In USENIX Security (2016).
- Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., and Bos, H. Flip Feng Shui: Hammering a Needle in the Software Stack. In USENIX Security (2016).
- Ronen, E., Paterson, K. G., and Shamir, A. Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure. In CCS (2018).
- Ronen, E., Gillham, R., Genkin, D., Shamir, A., Wong, D., and Yarom, Y. The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. In S&P (2019).
- Ryan, K. Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone. In CCS (2019).
- Sanchez-Rola, I., Santos, I., and Balzarotti, D. Clock Around the Clock: Time-Based Device Fingerprinting. In CCS (2018).
- Schwarz, M., Lipp, M., and Gruss, D. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In NDSS (2018).
- Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C., Spreitzer, R., and Mangard, S. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In NDSS (2018).
- Schwarz, M., Lipp, M., Moghimi, D., Van Bulck, J., Stecklina, J., and Prescher, T., Gruss, D. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In CCS (2019).
- Schwarz, M., Lipp, M., Canella, C., Schilling, R., Kargl, F., and Gruss, D. ConTExT: A Generic Approach for Mitigating Spectre. In NDSS (2020).
- Shin, Y., Kim, H. C., Kwon, D., Jeong, J. H., and Hur, J.. Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage. In CCS (2018).
- Shusterman, A., Kang, L., Haskal, Y., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. Robust Website Fingerprinting Through the Cache Occupancy Channel. In USENIX Security (2019).
- Sullivan, D., Arias, O., Meade, T., and Jin, Y. Microarchitectural Minefields: 4K-aliasing Covert Channel and Multi-tenant Detection in IaaS Clouds. In NDSS (2018).
- Tang, A., Sethumadhavan, S., and Stolfo, S. CLK-SCREW: Exposing the Perils of Security-Oblivious Energy Management. In USENIX Security (2017).
- Tsai, S., Payer, M., and Zhang, Y. Pythia: Remote Oracles for the Masses. In USENIX Security (2019).
- Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security (2017).
- Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T. F., Yarom, Y., and Strackx, R. Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom with Transient Out-of-Order Execution. In USENIX Security (2018).
- Van Bulck, J., Piessens, F., and Strackx, R. Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic. In CCS (2018).
- Van Bulck, J., Oswald, D., Marin, E., Aldoseri, A. and Garcia, F., and Piessens, F. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In CCS (2019).
- Van Bulck, J., Moghimi, D., Schwarz, M., Lipp, M., Minkin, M., Genkin, D., Yuval, Y., Sunar, B., Gruss, D., and Piessens, F. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In S&P (2020).
- van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., and Giuffrida, C. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS (2016).
- Vanhoef, M., and Ronen, E. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. In S&P (2020).
- van Schaik, S., Giuffrida, C., Bos, H., Razavi, K. Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. In USENIX Security (2018).
- van Schaik, S., Milburn, A., Österlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., and Giuffrida, C. {RIDL}: Rogue In-flight Data Load. In S&P (2019).
- Varadarajan, V., Zhang, Y., Ristenpart, T., and Swift, M. A Placement Vulnerability Study in Multi-Tenant Public Clouds. In USENIX Security (2015).
- Vila, P., Köpf, B., and Morales, J. Theory and Practice of Finding Eviction Sets. In S&P (2019).
- Wampler, J., Martiny, I., and Wustrow, E. ExSpectre: Hiding Malware in Speculative Execution. In NDSS (2019).
- Wang, D., Neupane, A., Qian, Z., Abu-Ghazaleh, N., Krishnamurthy, S. V., Colbert, E. J. M., and Yu, P. Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries. In NDSS (2019).
- Wang, J., Sun, K., Lei, L., Wan, S., Wang, Y., and Jing, J. Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Environments. In CCS (2020).
- Wang, W., Chen, G., Pan, X., Zhang, Y., Wang, X., Bindschaedler, V., Tang, H., and Gunter, C. A. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In CCS (2017).
- Wang, Z., Wu, C., Zhang, Y., Tang, B., Yew, P.-C., Xie, M., Lai, Y., Kang, Y., Cheng, Y., and Shi, Z. SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization. In USENIX Security (2019).
- Weiser, S., Schrammel, D., Bodner, L., and Spreitzer, R. Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In USENIX Security (2020).
- Wilke, L., Wichelmann, J., Morbitzer, M., and Eisenbarth, T. SEVurity: No Security Without Integrity - Breaking Integrity-Free Memory Encryption with Minimal Assumptions. In S&P (2020).
- Xiao, Y., Zhang, X., Zhang, Y., and Teodorescu, R. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In USENIX Security (2016).
- Xiao, Y., Li, M., Chen, S., and Zhang, Y. Stacco: Differentially Analyzing Side-channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. In CCS (2017).
- Xiao, Y., Zhang, Y., and Teodorescu, R. SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In NDSS (2020).
- Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P (2015).
- Xu, Z., Wang, H., and Wu, Z. A Measurement Study on Co-residence Threat inside the Cloud. In USENIX Security (2015).
- Yan, M., Sprabery, R., Gopireddy, B., Fletcher, C., Campbell, R., and Torrellas, J. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. In S&P (2019).
- Yan, M., Fletcher, C. W., and Torrellas, J. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In USENIX Security (2020).
- Zhang, X., Xiao, Y., and Zhang, Y. Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices. In CCS (2016).
- Zhao, S., Zhang, Q., Qin, Y., Feng, W., and Feng, D. SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE. In CCS (2019).
- Zhou, Z., Reiter, M. K., and Zhang, Y. A Software Approach to Defeating Side Channels in Last-Level Caches. In CCS (2016).
Based on their content and any associated public source code, the papers were classified as follows:
- High-precision timers (95/102): 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 36, 37, 38, 39, 40, 41, 42, 44, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 93, 94, 95, 96, 98, 99, 100, 101, 102
- Cache-related building blocks (79/102): 1, 3, 4, 5, 6, 8, 9, 10, 11, 14, 16, 17, 19, 20, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 38, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 60, 61, 62, 63, 65, 66, 67, 68, 69, 70, 72, 74, 75, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 92, 94, 96, 98, 98, 99, 100, 101
- Transient-execution building blocks (43/102): 3, 5, 6, 7, 8, 9, 10, 13, 16, 21, 23, 25, 26, 28, 29, 30, 35, 36, 37, 38, 44, 46, 47, 48, 50, 52, 59, 63, 64, 67, 68, 69, 72, 76, 79, 82, 83, 85, 86, 90, 93, 95, 98
- Privileged building blocks (46/102): 1, 3, 5, 8, 9, 10, 11, 12, 13, 23, 27, 32, 33, 35, 37, 43, 44, 45, 46, 47, 52, 53, 59, 64, 67, 68, 69, 70, 73, 75, 76, 77, 78, 79, 80, 83, 88, 89, 90, 91, 92, 93, 94, 95, 96, 101
- PoC implementation in C/C++ and/or assembly (96/102): 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 100, 101, 102
- PoC implementation in JavaScript (18/102): 2, 4, 8, 20, 24, 35, 38, 39, 50, 54, 60, 62, 63, 65, 66, 71, 83, 85
Use of Existing Tooling
In addition to the papers cited below, the following papers from the literature review were also considered, as they used existing tooling to implement their PoCs: 8, 9, 16, 29, 33, 35, 38, 47, 52, 53, 68, 69, 71, 76, 77, 78, 79, 81, 83, 91, 101.
- Cabrera Aldaya, A., and Brumley, B. B. When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA. In CHES (2020).
- Cabrera Aldaya, A., Pereida García, C., and Brumley, B. B. From A to Z: Projective coordinates leakage in the wild. In CHES (2020).
- Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution. In EuroS&P (2019).
- Ge, Q., Yarom, Y., Li, F., Heiser, G. Your Processor Leaks Information - and There's Nothing You Can Do About It. arXiv:1612.04474v6 (2017).
- Gruss, D., Maurice, C., Wagner, K., Mangard, S.. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA (2016).
- Gyselinck, J., Van Bulck, J., Piessens, F., Strackx, R. Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution. In ESSoS (2018).
- Hong, S., Davinroy, M., Kaya, Y., Locke, S. N., Rackow, I., Kulda, K., Dachman-Soled, D., and Dumitraş, T. Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks. arXiv:1810.03487 (2018).
- Huo, T., Meng, X., Wang, W., Hao, C., Zhao, P., Zhai, J. and Li, M. Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX. In CHES (2020).
- Islam, Saad and Moghimi, Ahmad and Bruhns, Ida and Krebbel, Moritz and Gulmezoglu, Berk and Eisenbarth, Thomas and Sunar, Berk. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. In USENIX Security (2019).
- Kim, D., Jang, D., Park, M., Jeong, Y., Kim, J., Choi, S., and Kang, B. B. SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure. Computers & Security 82 (2019).
- Lipp, M., Hadžić, V., Schwarz, M., Perais, A., Maurice, C., and Gruss, D.}. Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors. In AsiaCCS (2020).
- Moghimi, D., Van Bulck, J., Heninger, N., Piessens, F., and Sunar, B. CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction. In USENIX Security (2020).
- Philippe-Jankovic, D., and Zia, T. A. Breaking VM Isolation - An In-Depth Look into the Cross VM Flush Reload Cache Timing Attack. In IJCSNS (2017).
- Puddu, I., Schneider, M., Haller, M., and Čapkun, S. Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. arXiv:2005.11516 (2020).
- Ragab, H., Milburn, A., Razavi, K., Bos, H., and Giuffrida, C. CROSSTALK: Speculative Data Leaks Across Cores Are Real. In S&P (2021).
- Sabbagh, M., Fei, Y., Wahl, T. and Ding, A. A. SCADET: A Side-Channel Attack Detection Tool for Tracking Prime+Probe. In ICCAD (2018).
- Taram, M., Tullsen, D., Venkat, A., Sayadi, H., Wang, H., P D S. M., and Homayoun, H. Fast and Efficient Deployment of Security Defenses via Context Sensitive Decoding. In GOMACTECH (2019).
- Wang, H., Sayadi, H., Rafatirad, S., Sasan, A., and Homayoun, H. SCARF: Detecting Side-Channel Attacks at Real-time using Low-level Hardware Features. In IOLTS (2020).
- Wang, H., Sayadi, H., Sasan, A., Rafatirad, S., Mohsenin, T., and Homayoun, H. Comprehensive Evaluation of Machine Learning Countermeasures for Detecting Microarchitectural Side-Channel Attacks. In GLSVLSI (2020).
- Weiser, S., Spreitzer, R., and Bodner, L. Single Trace Attack Against RSA Key Generation in Intel SGX SSL. In AsiaCCS (2018).