Extended Bibliography

July 24, 2022 · View on GitHub

Literature Review

  1. Ahmad, A., Kim, K., Sarfaraz, M. I., and Lee, B. OBLIVIATE: A Data Oblivious File System for Intel SGX. In NDSS (2018).
  2. Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H. On Subnormal Floating Point and Abnormal Timing. In S&P (2015).
  3. Bhattacharyya, A., Sandulescu, A., Neugschwandtner, M., Sorniotti, A., Falsafi, B., Payer, M., and Kurmus, A. SMoTherSpectre: Exploiting Speculative Execution through Port Contention. In CCS (2019).
  4. Bosman, E., Razavi, K., Bos, H., and Giuffrida, C. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. In S&P (2016).
  5. Brasser, F., Davi, L., Gens, D., Liebchen, C., and Sadeghi, A-R. CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory. In USENIX Security (2017).
  6. Briongos, S., Malagón, P., Moya, J., and Eisenbarth, T. RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks. In USENIX Security (2020).
  7. Cabrera Aldaya, A., Brumley, B. B., ul Hassan, S., Pereida García, C., and Tuveri, N. Port Contention for Fun and Profit. In S&P (2019).
  8. Canella, C., Genkin, D., Giner, L., Gruss, D., Lipp, M., Minkin, M., Moghimi, D., Piessens, F., Schwarz, M., Sunar, B., Van Bulck, J., and Yarom, Y.. Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS (2019).
  9. Canella, C., Van Bulck, J., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., and Gruss, D. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security (2019).
  10. Chen, G., Wang, W., Chen, T., Chen, S., Zhang, Y., Wang, X., Lai, T., and Lin, D. Racing in Hyperspace: Closing Hyper-Threading Side Channels on SGX with Contrived Data Races. In S&P (2018).
  11. Cohney, S., Kwong, A., Paz, S., Genkin, D., Heninger, N., Ronen, E., and Yarom, Y. Pseudorandom Black Swans: Cache Attacks on CTR_DRBG. In S&P (2020).
  12. Cojocar, L., Razavi, K., Giuffrida, C., Bos, H. Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. In S&P (2019).
  13. Cojocar, L., Kim, J. S., Patel, M., Tsai, L., Saroiu, S., Wolman, A., and Mutlu, O. Are We Susceptible to Rowhammer? An End-to-End Methodology for Cloud Providers. In S&P (2020).
  14. Crane, S., Homescu, A., Brunthaler, S., Larsen, P., and Franz, M. Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. In NDSS (2015).
  15. Diao, W., Liu, X., Li, Z., and Zhang, K. No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis. In S&P (2016).
  16. Disselkoen, C., Kohlbrenner, D., Porter, L., and Tullsen, D. Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX. In USENIX Security (2017).
  17. Disselkoen, C., Jagadeesan, R., Jeffrey, A., and Riely, J. The Code That Never Ran: Modeling Attacks on Speculative Evaluation. In S&P (2019).
  18. Evtyushkin, D., and Ponomarev, D. Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations. In CCS (2016).
  19. Fan, S., Wang, W., and Cheng, Q. Attacking OpenSSL Implementation of ECDSA with a Few Signatures. In CCS (2016).
  20. Frigo, P., Giuffrida, C., Bos, H., and Razavi, K. Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU.. In S&P (2018).
  21. Frigo, P., Vannacc, E., Hassan, H. van der Veen, V., Mutlu, O., Giuffrida, C., Bos, H., and Razavi, K. TRRespass: Exploiting the Many Sides of Target Row Refresh. In S&P (2020).
  22. Genkin, D., Valenta, L., and Yarom, Y. May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519. In CCS (2017).
  23. Göktas, E., Razavi, K., Portokalidis, G., Bos, H., and Giuffrida, C. Speculative Probing: Hacking Blind in the Spectre Era. In CCS (2020).
  24. Gras, B., Razavi, K., Bosman, E., Bos, H., and Giuffrida, C. ASLR on the Line: Practical Cache Attacks on the MMU. In NDSS (2017).
  25. Gras, B., Razavi, K., Bos, H., and Giuffrida, C. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In USENIX Security (2018).
  26. Gras, B., Giuffrida, C., Kurth, M., Bos, H., and Razavi, K. ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. In NDSS (2020).
  27. Green, M., Rodrigues-Lima, L., Zankl, A., Irazoqui, G., Heyszl, J., and Eisenbarth, T. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think. In USENIX Security (2017).
  28. Gruss, D., Spreitzer, R., and Mangard, S. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In USENIX Security (2015).
  29. Gruss, D., Maurice, C., Fogh, A., Lipp, M., and Mangard, S.. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In CCS (2016).
  30. Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., and Costa, M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In USENIX Security (2017).
  31. Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Schoechl, W., and Yarom, Y. Another Flip In The Wall of Rowhammer Defenses. In S&P (2018).
  32. Guanciale, R., Nemati, H., Baumann, C., and Dam, M. Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures. In S&P (2016).
  33. ul Hassan, S., Gridin, I., Delgado-Lozano, I. M., Pereida García, C., Chi-Domínguez, J-J, Cabrera Aldaya, A., and Brumley, B. B. Déjà Vu: Side-Channel Analysis of Mozilla's NSS. In CCS (2020).
  34. Irazoqui, G., Eisenbarth, T., and Sunar, B. S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing -- and its Application to AES. In S&P (2015).
  35. Islam, S., Moghimi, A., Bruhns, I., Krebbel, M., Gulmezoglu, B., Eisenbarth, T., and Sunar, B. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. In USENIX Security (2019).
  36. Jang, Y., Lee, S., and Kim, T. Breaking Kernel Address Space Layout Randomization with Intel TSX. In CCS (2016).
  37. Kenjar, Z., Frassetto, T., Gens, D., Franz, M., and Sadeghi, A.-R. V0LTpwn: Attacking x86 Processor Integrity from Software. In USENIX Security (2020).
  38. Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., and Yarom, Y. Spectre Attacks: Exploiting Speculative Execution. In S&P (2019)
  39. Kohlbrenner, D., and Shacham, H. Trusted Browsers for Uncertain Times. In USENIX Security (2016).
  40. Kohlbrenner, D., and Shacham, H. On the effectiveness of mitigations against floating-point timing channels. In USENIX Security (2017).
  41. Kurth, M., Gras, B., Andriesse, D., Giuffrida, C., Bos, H., and Razavi, K. NetCAT: Practical Cache Attacks for the Network. In S&P (2020).
  42. Kwong, A., Genkin, D., Gruss, D., and Yarom, Y. RAMBleed: Reading Bits in Memory Without Accessing Them In S&P (2020).
  43. Lee, J., Jang, J., Jang, Y., Kwak, N., Choi, Y., Choi, C., Kim, T., Peinado, M., and Kang, B. B. Hacking in Darkness: Return-oriented Programming against Secure Enclaves. In USENIX Security (2017).
  44. Lee, S., Shih, M.-W., Gera, P., Kim, T., Kim, H., and Peinado, M.. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In USENIX Security (2017).
  45. Li, M., Zhang, Y., and Lin, Z. Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization. In USENIX Security (2019).
  46. Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., and Mangard, S. ARMageddon: Cache Attacks on Mobile Devices. In USENIX Security (2016).
  47. Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. Meltdown: Reading Kernel Memory from User Space. In USENIX Security (2018).
  48. Liu, F., Yarom, Y., Ge, Q., Heiser, G., and Lee, R. B. Last-Level Cache Side-Channel Attacks are Practical. In S&P (2015).
  49. Luo, M., Myers, A. C., and Suh, G. E. Stealthy Tracking of Autonomous Vehicles with Cache Side Channels. In USENIX Security (2020).
  50. Maisuradze, G., and Rossow, C. ret2spec: Speculative Execution Using Return Stack Buffers. In CCS (2018).
  51. Maurice, C., Weber, M., Schwarz, M., Giner, L., Gruss, D., Boano, C. A., Romer, K., and Mangard, S. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud. In NDSS (2017).
  52. Moghimi, Daniel and Lipp, Moritz and Sunar, Berk and Schwarz, Michael. Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis.. In USENIX Security (2020).
  53. Murdock, K., Oswald, D., Garcia, F. D., Van Bulck, J., Gruss, D., and Piessens, F. Plundervolt: Software-based Fault Injection Attacks against Intel SGX.. In S&P (2020).
  54. Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications. In CCS (2015).
  55. Pereida García, C., Brumley, B. B., and Yarom, Y. "Make Sure DSA Signing Exponentiations Really are Constant-Time." In CCS (2016).
  56. Pereida García, C., and Brumley, B. B. Constant-Time Callees with Variable-Time Callers. In USENIX Security (2017).
  57. Pessl, P., Gruss, D., Maurice, C., Schwarz, M., and Mangard, S. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security (2016).
  58. Pessl, P., Bruinderink, L. G., and Yarom, Y. To BLISS-B or not to be - Attacking strongSwan's Implementation of Post-Quantum Signatures. In CCS (2017).
  59. Qiu, P., Wang, D., Lyu, Y., and Qu, G. VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies. In CCS (2019).
  60. Rane, A., Lin, C., and Tiwari, M. Secure, Precise, and Fast Floating-Point Operations on x86 Processors. In USENIX Security (2016).
  61. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., and Bos, H. Flip Feng Shui: Hammering a Needle in the Software Stack. In USENIX Security (2016).
  62. Ronen, E., Paterson, K. G., and Shamir, A. Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure. In CCS (2018).
  63. Ronen, E., Gillham, R., Genkin, D., Shamir, A., Wong, D., and Yarom, Y. The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations. In S&P (2019).
  64. Ryan, K. Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone. In CCS (2019).
  65. Sanchez-Rola, I., Santos, I., and Balzarotti, D. Clock Around the Clock: Time-Based Device Fingerprinting. In CCS (2018).
  66. Schwarz, M., Lipp, M., and Gruss, D. JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks. In NDSS (2018).
  67. Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C., Spreitzer, R., and Mangard, S. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In NDSS (2018).
  68. Schwarz, M., Lipp, M., Moghimi, D., Van Bulck, J., Stecklina, J., and Prescher, T., Gruss, D. ZombieLoad: Cross-Privilege-Boundary Data Sampling. In CCS (2019).
  69. Schwarz, M., Lipp, M., Canella, C., Schilling, R., Kargl, F., and Gruss, D. ConTExT: A Generic Approach for Mitigating Spectre. In NDSS (2020).
  70. Shin, Y., Kim, H. C., Kwon, D., Jeong, J. H., and Hur, J.. Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage. In CCS (2018).
  71. Shusterman, A., Kang, L., Haskal, Y., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. Robust Website Fingerprinting Through the Cache Occupancy Channel. In USENIX Security (2019).
  72. Sullivan, D., Arias, O., Meade, T., and Jin, Y. Microarchitectural Minefields: 4K-aliasing Covert Channel and Multi-tenant Detection in IaaS Clouds. In NDSS (2018).
  73. Tang, A., Sethumadhavan, S., and Stolfo, S. CLK-SCREW: Exposing the Perils of Security-Oblivious Energy Management. In USENIX Security (2017).
  74. Tsai, S., Payer, M., and Zhang, Y. Pythia: Remote Oracles for the Masses. In USENIX Security (2019).
  75. Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In USENIX Security (2017).
  76. Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T. F., Yarom, Y., and Strackx, R. Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom with Transient Out-of-Order Execution. In USENIX Security (2018).
  77. Van Bulck, J., Piessens, F., and Strackx, R. Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic. In CCS (2018).
  78. Van Bulck, J., Oswald, D., Marin, E., Aldoseri, A. and Garcia, F., and Piessens, F. A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes. In CCS (2019).
  79. Van Bulck, J., Moghimi, D., Schwarz, M., Lipp, M., Minkin, M., Genkin, D., Yuval, Y., Sunar, B., Gruss, D., and Piessens, F. LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection. In S&P (2020).
  80. van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., and Giuffrida, C. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. In CCS (2016).
  81. Vanhoef, M., and Ronen, E. Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd. In S&P (2020).
  82. van Schaik, S., Giuffrida, C., Bos, H., Razavi, K. Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. In USENIX Security (2018).
  83. van Schaik, S., Milburn, A., Österlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., and Giuffrida, C. {RIDL}: Rogue In-flight Data Load. In S&P (2019).
  84. Varadarajan, V., Zhang, Y., Ristenpart, T., and Swift, M. A Placement Vulnerability Study in Multi-Tenant Public Clouds. In USENIX Security (2015).
  85. Vila, P., Köpf, B., and Morales, J. Theory and Practice of Finding Eviction Sets. In S&P (2019).
  86. Wampler, J., Martiny, I., and Wustrow, E. ExSpectre: Hiding Malware in Speculative Execution. In NDSS (2019).
  87. Wang, D., Neupane, A., Qian, Z., Abu-Ghazaleh, N., Krishnamurthy, S. V., Colbert, E. J. M., and Yu, P. Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries. In NDSS (2019).
  88. Wang, J., Sun, K., Lei, L., Wan, S., Wang, Y., and Jing, J. Cache-in-the-Middle (CITM) Attacks: Manipulating Sensitive Data in Isolated Execution Environments. In CCS (2020).
  89. Wang, W., Chen, G., Pan, X., Zhang, Y., Wang, X., Bindschaedler, V., Tang, H., and Gunter, C. A. Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX. In CCS (2017).
  90. Wang, Z., Wu, C., Zhang, Y., Tang, B., Yew, P.-C., Xie, M., Lai, Y., Kang, Y., Cheng, Y., and Shi, Z. SafeHidden: An Efficient and Secure Information Hiding Technique Using Re-randomization. In USENIX Security (2019).
  91. Weiser, S., Schrammel, D., Bodner, L., and Spreitzer, R. Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations. In USENIX Security (2020).
  92. Wilke, L., Wichelmann, J., Morbitzer, M., and Eisenbarth, T. SEVurity: No Security Without Integrity - Breaking Integrity-Free Memory Encryption with Minimal Assumptions. In S&P (2020).
  93. Xiao, Y., Zhang, X., Zhang, Y., and Teodorescu, R. One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation. In USENIX Security (2016).
  94. Xiao, Y., Li, M., Chen, S., and Zhang, Y. Stacco: Differentially Analyzing Side-channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves. In CCS (2017).
  95. Xiao, Y., Zhang, Y., and Teodorescu, R. SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities. In NDSS (2020).
  96. Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P (2015).
  97. Xu, Z., Wang, H., and Wu, Z. A Measurement Study on Co-residence Threat inside the Cloud. In USENIX Security (2015).
  98. Yan, M., Sprabery, R., Gopireddy, B., Fletcher, C., Campbell, R., and Torrellas, J. Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World. In S&P (2019).
  99. Yan, M., Fletcher, C. W., and Torrellas, J. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. In USENIX Security (2020).
  100. Zhang, X., Xiao, Y., and Zhang, Y. Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices. In CCS (2016).
  101. Zhao, S., Zhang, Q., Qin, Y., Feng, W., and Feng, D. SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE. In CCS (2019).
  102. Zhou, Z., Reiter, M. K., and Zhang, Y. A Software Approach to Defeating Side Channels in Last-Level Caches. In CCS (2016).

Based on their content and any associated public source code, the papers were classified as follows:

  • High-precision timers (95/102): 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 34, 35, 36, 37, 38, 39, 40, 41, 42, 44, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 93, 94, 95, 96, 98, 99, 100, 101, 102
  • Cache-related building blocks (79/102): 1, 3, 4, 5, 6, 8, 9, 10, 11, 14, 16, 17, 19, 20, 22, 23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 38, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 53, 54, 55, 56, 57, 58, 60, 61, 62, 63, 65, 66, 67, 68, 69, 70, 72, 74, 75, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 92, 94, 96, 98, 98, 99, 100, 101
  • Transient-execution building blocks (43/102): 3, 5, 6, 7, 8, 9, 10, 13, 16, 21, 23, 25, 26, 28, 29, 30, 35, 36, 37, 38, 44, 46, 47, 48, 50, 52, 59, 63, 64, 67, 68, 69, 72, 76, 79, 82, 83, 85, 86, 90, 93, 95, 98
  • Privileged building blocks (46/102): 1, 3, 5, 8, 9, 10, 11, 12, 13, 23, 27, 32, 33, 35, 37, 43, 44, 45, 46, 47, 52, 53, 59, 64, 67, 68, 69, 70, 73, 75, 76, 77, 78, 79, 80, 83, 88, 89, 90, 91, 92, 93, 94, 95, 96, 101
  • PoC implementation in C/C++ and/or assembly (96/102): 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 98, 100, 101, 102
  • PoC implementation in JavaScript (18/102): 2, 4, 8, 20, 24, 35, 38, 39, 50, 54, 60, 62, 63, 65, 66, 71, 83, 85

Use of Existing Tooling

In addition to the papers cited below, the following papers from the literature review were also considered, as they used existing tooling to implement their PoCs: 8, 9, 16, 29, 33, 35, 38, 47, 52, 53, 68, 69, 71, 76, 77, 78, 79, 81, 83, 91, 101.

  1. Cabrera Aldaya, A., and Brumley, B. B. When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA. In CHES (2020).
  2. Cabrera Aldaya, A., Pereida García, C., and Brumley, B. B. From A to Z: Projective coordinates leakage in the wild. In CHES (2020).
  3. Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution. In EuroS&P (2019).
  4. Ge, Q., Yarom, Y., Li, F., Heiser, G. Your Processor Leaks Information - and There's Nothing You Can Do About It. arXiv:1612.04474v6 (2017).
  5. Gruss, D., Maurice, C., Wagner, K., Mangard, S.. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA (2016).
  6. Gyselinck, J., Van Bulck, J., Piessens, F., Strackx, R. Off-Limits: Abusing Legacy x86 Memory Segmentation to Spy on Enclaved Execution. In ESSoS (2018).
  7. Hong, S., Davinroy, M., Kaya, Y., Locke, S. N., Rackow, I., Kulda, K., Dachman-Soled, D., and Dumitraş, T. Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks. arXiv:1810.03487 (2018).
  8. Huo, T., Meng, X., Wang, W., Hao, C., Zhao, P., Zhai, J. and Li, M. Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against SGX. In CHES (2020).
  9. Islam, Saad and Moghimi, Ahmad and Bruhns, Ida and Krebbel, Moritz and Gulmezoglu, Berk and Eisenbarth, Thomas and Sunar, Berk. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. In USENIX Security (2019).
  10. Kim, D., Jang, D., Park, M., Jeong, Y., Kim, J., Choi, S., and Kang, B. B. SGX-LEGO: Fine-grained SGX controlled-channel attack and its countermeasure. Computers & Security 82 (2019).
  11. Lipp, M., Hadžić, V., Schwarz, M., Perais, A., Maurice, C., and Gruss, D.}. Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors. In AsiaCCS (2020).
  12. Moghimi, D., Van Bulck, J., Heninger, N., Piessens, F., and Sunar, B. CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction. In USENIX Security (2020).
  13. Philippe-Jankovic, D., and Zia, T. A. Breaking VM Isolation - An In-Depth Look into the Cross VM Flush Reload Cache Timing Attack. In IJCSNS (2017).
  14. Puddu, I., Schneider, M., Haller, M., and Čapkun, S. Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. arXiv:2005.11516 (2020).
  15. Ragab, H., Milburn, A., Razavi, K., Bos, H., and Giuffrida, C. CROSSTALK: Speculative Data Leaks Across Cores Are Real. In S&P (2021).
  16. Sabbagh, M., Fei, Y., Wahl, T. and Ding, A. A. SCADET: A Side-Channel Attack Detection Tool for Tracking Prime+Probe. In ICCAD (2018).
  17. Taram, M., Tullsen, D., Venkat, A., Sayadi, H., Wang, H., P D S. M., and Homayoun, H. Fast and Efficient Deployment of Security Defenses via Context Sensitive Decoding. In GOMACTECH (2019).
  18. Wang, H., Sayadi, H., Rafatirad, S., Sasan, A., and Homayoun, H. SCARF: Detecting Side-Channel Attacks at Real-time using Low-level Hardware Features. In IOLTS (2020).
  19. Wang, H., Sayadi, H., Sasan, A., Rafatirad, S., Mohsenin, T., and Homayoun, H. Comprehensive Evaluation of Machine Learning Countermeasures for Detecting Microarchitectural Side-Channel Attacks. In GLSVLSI (2020).
  20. Weiser, S., Spreitzer, R., and Bodner, L. Single Trace Attack Against RSA Key Generation in Intel SGX SSL. In AsiaCCS (2018).