@article{systematic, author = {Claudio Canella and Jo Van Bulck and Michael Schwarz and Moritz Lipp and Benjamin von Berg and Philipp Ortner and Frank Piessens and Dmitry Evtyushkin and Daniel Gruss}, title = {A Systematic Evaluation of Transient Execution Attacks and Defenses}, type = {J}, journal = {CoRR}, volume = {abs/1811.05441}, year = {2018}, url = {http://arxiv.org/abs/1811.05441}, archivePrefix = {arXiv}, eprint = {1811.05441}, timestamp = {Sat, 24 Nov 2018 17:52:00 +0100}, biburl = {https://dblp.org/rec/bib/journals/corr/abs-1811-05441}, bibsource = {dblp computer science bibliography, https://dblp.org} } @ARTICLE{tomasulo, author={R. M. {Tomasulo}}, journal={IBM Journal of Research and Development}, title={An Efficient Algorithm for Exploiting Multiple Arithmetic Units}, year={1967}, volume={11}, number={1}, pages={25-33}, keywords={}, doi={10.1147/rd.111.0025}, ISSN={0018-8646}, month={Jan}, type={J}, } @article{btb, title={Branch prediction strategies and branch target buffer design}, author={Lee, Johnny KF and Smith, Alan Jay}, journal={Computer}, number={1}, pages={6--22}, year={1984}, publisher={IEEE}, type={J}, } @inproceedings{rsb, title={Branch history table prediction of moving target branches due to subroutine returns}, author={Kaeli, David R and Emma, Philip G}, booktitle={ACM SIGARCH Computer Architecture News}, volume={19}, number={3}, pages={34--42}, year={1991}, organization={Citeseer}, type={C}, } @inproceedings{smt, title={Simultaneous multithreading: Maximizing on-chip parallelism}, author={Tullsen, Dean M and Eggers, Susan J and Levy, Henry M}, booktitle={ACM SIGARCH computer architecture news}, volume={23}, number={2}, pages={392--403}, year={1995}, organization={ACM}, type={C}, } @article{preciseint, title={Implementing precise interrupts in pipelined processors}, author={Smith, James E. and Pleszkun, Andrew R.}, journal={IEEE Transactions on computers}, volume={37}, number={5}, pages={562--573}, year={1988}, publisher={IEEE}, type={J}, } @inproceedings{meltdown, author = {Moritz Lipp and Michael Schwarz and Daniel Gruss and Thomas Prescher and Werner Haas and Anders Fogh and Jann Horn and Stefan Mangard and Paul Kocher and Daniel Genkin and Yuval Yarom and Mike Hamburg}, title = {Meltdown: Reading Kernel Memory from User Space}, booktitle = {27th {USENIX} Security Symposium ({USENIX} Security 18)}, year = {2018}, type = {C}, } @inproceedings{spectre, author = {Paul Kocher and Jann Horn and Anders Fogh and Daniel Genkin and Daniel Gruss and Werner Haas and Mike Hamburg and Moritz Lipp and Stefan Mangard and Thomas Prescher and Michael Schwarz and Yuval Yarom}, title = {Spectre Attacks: Exploiting Speculative Execution}, booktitle = {40th IEEE Symposium on Security and Privacy (S\&P'19)}, year = {2019}, type = {C}, } @inproceedings{ret2libc, author = {Shacham, Hovav}, title = {The Geometry of Innocent Flesh on the Bone: Return-into-libc Without Function Calls (on the x86)}, booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security}, series = {CCS '07}, year = {2007}, isbn = {978-1-59593-703-2}, location = {Alexandria, Virginia, USA}, pages = {552--561}, numpages = {10}, url = {http://doi.acm.org/10.1145/1315245.1315313}, doi = {10.1145/1315245.1315313}, acmid = {1315313}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {instruction set, return-into-libc, turing completeness}, type = {C}, } @online{msvc, author = {Paul Kocher}, title = {Spectre Mitigations in Microsoft's C/C++ Compiler}, year = {2018}, month = Feb, url = {https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html}, type = {OL} } @online{intel-9900k, url = {https://www.anandtech.com/show/13659/analyzing-core-i9-9900k-performance-with-spectre-and-meltdown-hardware-mitigations}, year = {2018}, month = 12, author = {Ian Cutress}, title = {Analyzing Core i9-9900K Performance with Spectre and Meltdown Hardware Mitigations}, type = {OL} } @misc{meltdownprime, title={MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols}, author={Caroline Trippel and Daniel Lustig and Margaret Martonosi}, year={2018}, eprint={1802.03802}, archivePrefix={arXiv}, primaryClass={cs.CR}, type = {R}, } @inproceedings{foreshadow, author = {Van Bulck, Jo and Minkin, Marina and Weisse, Ofir and Genkin, Daniel and Kasikci, Baris and Piessens, Frank and Silberstein, Mark and Wenisch, Thomas F. and Yarom, Yuval and Strackx, Raoul}, title = {Foreshadow: Extracting the Keys to the {Intel SGX} Kingdom with Transient Out-of-Order Execution}, booktitle = {Proceedings of the 27th {USENIX} Security Symposium}, year = {2018}, month = Aug, publisher = {{USENIX} Association}, note= {See also technical report Foreshadow-NG~\supercite{foreshadowNG}}, type = {C}, } @article{foreshadowNG, title={{Foreshadow-NG}: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution}, author={Weisse, Ofir and Van Bulck, Jo and Minkin, Marina and Genkin, Daniel and Kasikci, Baris and Piessens, Frank and Silberstein, Mark and Strackx, Raoul and Wenisch, Thomas F. and Yarom, Yuval}, journal={Technical report}, year={2018}, note={See also {USENIX} Security paper Foreshadow~\cite{foreshadow}}, type = {R}, } @article{netspectre, author = {Michael Schwarz and Martin Schwarzl and Moritz Lipp and Daniel Gruss}, title = {NetSpectre: Read Arbitrary Memory over Network}, journal = {CoRR}, volume = {abs/1807.10535}, year = {2018}, url = {http://arxiv.org/abs/1807.10535}, archivePrefix = {arXiv}, eprint = {1807.10535}, timestamp = {Mon, 13 Aug 2018 16:46:22 +0200}, biburl = {https://dblp.org/rec/bib/journals/corr/abs-1807-10535}, bibsource = {dblp computer science bibliography, https://dblp.org}, type = {J}, } @article{sgxpectre, author = {Guoxing Chen and Sanchuan Chen and Yuan Xiao and Yinqian Zhang and Zhiqiang Lin and Ten H. Lai}, title = {SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution}, journal = {CoRR}, volume = {abs/1802.09085}, year = {2018}, url = {http://arxiv.org/abs/1802.09085}, archivePrefix = {arXiv}, eprint = {1802.09085}, timestamp = {Mon, 13 Aug 2018 16:48:38 +0200}, biburl = {https://dblp.org/rec/bib/journals/corr/abs-1802-09085}, bibsource = {dblp computer science bibliography, https://dblp.org}, type = {J}, } @online{sgx, url={https://software.intel.com/en-us/sgx}, title={Intel Software Guard Extensions (Intel SGX)}, type = {OL}, } @online{signal-sgx, url = {https://signal.org/blog/private-contact-discovery/}, title = {Technology preview: Private contact discovery for Signal}, year = {2017}, month = 9, type = {OL}, } @online{sawtooth, url = {https://sawtooth.hyperledger.org/docs/core/releases/latest/introduction.html}, title = {Sawtooth}, type = {OL}, } @online{mobilecoin, url = {https://www.mobilecoin.com/whitepaper-en.pdf}, title = {MobileCoin}, type = {OL}, } @online{intel-spec, title = {Intel 64 and IA-32 Architectures Software Developer Manuals}, url = {https://software.intel.com/en-us/articles/intel-sdm}, author = {Intel}, type = {OL}, } @online{l1tf, title={Deep Dive: Intel Analysis of L1 Terminal Fault}, url={https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-l1-terminal-fault}, year={2018}, type = {OL}, } @online{intel-spectre, title = {Intel Analysis of Speculative Execution Side Channels}, url = {https://software.intel.com/security-software-guidance/api-app/sites/default/files/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf}, author = {Intel}, year = {2018}, month = 7, version = {Revision 4.0}, type = {OL}, } @online{amd-spectre, title = {SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS}, url = {https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf}, author = {AMD}, year = {2018}, version = {Revision 7.10.18}, type = {OL}, } @inproceedings{branchscope, author = {Evtyushkin, Dmitry and Riley, Ryan and Abu-Ghazaleh, Nael CSE and ECE and Ponomarev, Dmitry}, title = {BranchScope: A New Side-Channel Attack on Directional Branch Predictor}, booktitle = {Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems}, series = {ASPLOS '18}, year = {2018}, isbn = {978-1-4503-4911-6}, location = {Williamsburg, VA, USA}, pages = {693--707}, numpages = {15}, url = {http://doi.acm.org/10.1145/3173162.3173204}, doi = {10.1145/3173162.3173204}, acmid = {3173204}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {SGX, attack, branch predictor, microarchitecture security, performance counters, side-channel, timing attacks}, type = {C}, } @inproceedings{flushreload, title={FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack}, author={Yarom, Yuval and Falkner, Katrina}, booktitle={23rd $\{$USENIX$\}$ Security Symposium ($\{$USENIX$\}$ Security 14)}, pages={719--732}, year={2014}, type = {C}, } @online{spec-store-bypass, title={speculative execution, variant 4: speculative store bypass}, author={Jann Horn}, url={https://bugs.chromium.org/p/project-zero/issues/detail?id=1528}, year={2018}, type = {OL}, } @online{store-load-forwarding, title={Store-to-Load Forwarding and Memory Disambiguation in x86 Processors}, author={Henry Wong}, year={2014}, url={http://blog.stuffedcow.net/2014/01/x86-memory-disambiguation/}, type={OL}, } @inproceedings{kaiser, title={Kaslr is dead: long live kaslr}, author={Gruss, Daniel and Lipp, Moritz and Schwarz, Michael and Fellner, Richard and Maurice, Cl{\'e}mentine and Mangard, Stefan}, booktitle={International Symposium on Engineering Secure Software and Systems}, pages={161--176}, year={2017}, organization={Springer}, type = {C}, } @online{retpoline, title = {Retpoline: a software construct for preventing branch-target-injection}, url = {https://support.google.com/faqs/answer/7625886}, author = {Paul Turner}, year = {2018}, type = {OL}, } @online{webkit, title = {What Spectre and Meltdown Mean For WebKit}, url = {https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/}, author = {Filip Pizlo}, year = {2018}, month = Jan, type = {OL}, } @inproceedings{js-timer, title={Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript}, author={Michael Schwarz and Cl{\'e}mentine Maurice and Daniel Gruss and Stefan Mangard}, booktitle={Financial Cryptography}, year={2017}, type={J}, } @misc{here-to-stay, title={Spectre is here to stay: An analysis of side-channels and speculative execution}, author={Ross Mcilroy and Jaroslav Sevcik and Tobias Tebbi and Ben L. Titzer and Toon Verwaest}, year={2019}, eprint={1902.05178}, archivePrefix={arXiv}, primaryClass={cs.PL}, type={R}, } @online{spec-load-hardening, title={Speculative Load Hardening}, author={Chandler Carruth}, year={2018}, month=Mar, url={https://releases.llvm.org/8.0.0/docs/SpeculativeLoadHardening.html}, type={OL}, } @misc{oo7, title={oo7: Low-overhead Defense against Spectre Attacks via Binary Analysis}, author={Guanhua Wang and Sudipta Chattopadhyay and Ivan Gotovchits and Tulika Mitra and Abhik Roychoudhury}, year={2018}, eprint={1807.05843}, archivePrefix={arXiv}, primaryClass={cs.CR}, type={R}, } @misc{spectector, title={SPECTECTOR: Principled Detection of Speculative Information Flows}, author={Marco Guarnieri and Boris Köpf and José F. Morales and Jan Reineke and Andrés Sánchez}, year={2018}, eprint={1812.08639}, archivePrefix={arXiv}, primaryClass={cs.CR}, type={R}, } @online{linux-spec, url={https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/speculation.txt}, year={2018}, type={OL}, } % looks like there's some useful references @article{safespec, author = {Khaled N. Khasawneh and Esmaeil Mohammadian Koruyeh and Chengyu Song and Dmitry Evtyushkin and Dmitry Ponomarev and Nael B. Abu{-}Ghazaleh}, title = {SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation}, journal = {CoRR}, volume = {abs/1806.05179}, year = {2018}, url = {http://arxiv.org/abs/1806.05179}, archivePrefix = {arXiv}, eprint = {1806.05179}, timestamp = {Mon, 13 Aug 2018 16:48:54 +0200}, biburl = {https://dblp.org/rec/bib/journals/corr/abs-1806-05179}, bibsource = {dblp computer science bibliography, https://dblp.org}, type={R}, } @INPROCEEDINGS{invisispec, author={M. {Yan} and J. {Choi} and D. {Skarlatos} and A. {Morrison} and C. {Fletcher} and J. {Torrellas}}, booktitle={2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)}, title={InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy}, year={2018}, volume={}, number={}, pages={428-441}, keywords={cache storage;cryptography;microprocessor chips;multiprocessing systems;parallel architectures;program compilers;speculative execution invisible;side channel attacks;speculative execution attacks;microarchitectural state;hardware speculation attacks;InvisiSpec blocks microarchitectural;multiprocessor data cache hierarchy;unsafe speculative loads;speculative buffer;futuristic attacks;Spectre attacks;execution slowdown;memory consistency;Hardware;Load modeling;Receivers;Coherence;Security;Monitoring;Transient analysis;hardware security;speculation;side channel;memory hierarchy}, doi={10.1109/MICRO.2018.00042}, ISSN={}, month=Oct, type={C} } @ARTICLE{cain-lapasti, author={H. W. {Cain} and M. H. {Lipasti}}, journal={IEEE Micro}, title={Memory ordering: a value-based approach}, year={2004}, volume={24}, number={6}, pages={110-117}, keywords={content-addressable storage;data integrity;data structures;instruction sets;memory architecture;reduced instruction set computing;storage management;memory ordering;value-based replay;load instructions;first-in-first-out buffer;heuristics filter;cache storage;content addressable memory;memory consistency;Insulation;Bandwidth;Hazards;Computer aided manufacturing;CADCAM;Scalability;Costs;Filters;Degradation;Computer aided instruction}, doi={10.1109/MM.2004.81}, ISSN={0272-1732}, month=11, type={C} } @INPROCEEDINGS{dawg, author={V. {Kiriansky} and I. {Lebedev} and S. {Amarasinghe} and S. {Devadas} and J. {Emer}}, booktitle={2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)}, title={DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors}, year={2018}, volume={}, number={}, pages={974-987}, keywords={cache storage;security of data;cache timing attacks;dynamically allocated way guard;Intels Cache Allocation Technology;memory caches;generic mechanism;cache state covert channel;entire attack surface;patch specific attacks;existing defense mechanisms;exfiltration channel;cache tag state;speculative processor architectures;channel attacks;speculative execution processors;cache subsystem;minimal modifications;service mechanisms;set associative structure;DAWG;Receivers;Program processors;Security;Transmitters;Metadata;Hardware;cache partitioning;side channel attacks;speculative execution}, doi={10.1109/MICRO.2018.00083}, ISSN={}, month=Oct, type={C} } @inproceedings{dift, title={Secure program execution via dynamic information flow tracking}, author={Suh, G Edward and Lee, Jae W and Zhang, David and Devadas, Srinivas}, booktitle={ACM Sigplan Notices}, volume={39}, number={11}, pages={85--96}, year={2004}, organization={ACM}, type={J}, } @inproceedings{raksha, author = {Dalton, Michael and Kannan, Hari and Kozyrakis, Christos}, title = {Raksha: A Flexible Information Flow Architecture for Software Security}, booktitle = {Proceedings of the 34th Annual International Symposium on Computer Architecture}, series = {ISCA '07}, year = {2007}, isbn = {978-1-59593-706-3}, location = {San Diego, California, USA}, pages = {482--493}, numpages = {12}, url = {http://doi.acm.org/10.1145/1250662.1250722}, doi = {10.1145/1250662.1250722}, acmid = {1250722}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {dynamic, semantic vulnerabilities, software security}, type={C}, } @inproceedings{context-sensitive-fencing, title={Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization}, author={Taram, Mohammadkazem and Venkat, Ashish and Tullsen, Dean}, booktitle={Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems}, year={2019}, type={C}, } @inproceedings{context-sensitive-decoding, title={Mobilizing the micro-ops: Exploiting context sensitive decoding for security and energy efficiency}, author={Taram, Mohammadkazem and Venkat, Ashish and Tullsen, Dean}, booktitle={2018 ACM/IEEE 45th Annual International Symposium on Computer Architecture (ISCA)}, pages={624--637}, year={2018}, organization={IEEE}, type={C}, } @article{csd-gomactech, title={Fast and Efficient Deployment of Security Defenses Via Context Sensitive Decoding}, author={Taram, Mohammadkazem and Tullsen, Dean and Venkat, Ashish and Homayoun, Houman and PD, Sai Manoj}, type={R}, } @article{spec-buffer-overflow, author = {Vladimir Kiriansky and Carl Waldspurger}, title = {Speculative Buffer Overflows: Attacks and Defenses}, journal = {CoRR}, volume = {abs/1807.03757}, year = {2018}, url = {http://arxiv.org/abs/1807.03757}, archivePrefix = {arXiv}, eprint = {1807.03757}, timestamp = {Mon, 13 Aug 2018 16:48:44 +0200}, biburl = {https://dblp.org/rec/bib/journals/corr/abs-1807-03757}, bibsource = {dblp computer science bibliography, https://dblp.org}, type={J}, } % https://www.usenix.org/conference/woot18/presentation/koruyeh @inproceedings{spectre-returns, title={Spectre returns! speculation attacks using the return stack buffer}, author={Koruyeh, Esmaeil Mohammadian and Khasawneh, Khaled N and Song, Chengyu and Abu-Ghazaleh, Nael}, booktitle={12th $\{$USENIX$\}$ Workshop on Offensive Technologies ($\{$WOOT$\}$ 18)}, year={2018}, type={J}, } @inproceedings{ret2spec, author = {Maisuradze, Giorgi and Rossow, Christian}, title = {Ret2Spec: Speculative Execution Using Return Stack Buffers}, booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security}, series = {CCS '18}, year = {2018}, isbn = {978-1-4503-5693-0}, location = {Toronto, Canada}, pages = {2109--2122}, numpages = {14}, url = {http://doi.acm.org/10.1145/3243734.3243761}, doi = {10.1145/3243734.3243761}, acmid = {3243761}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {hardware security, javascript, side channel attacks}, type={C}, } @article{lazyfp, author = {{Stecklina}, J. and {Prescher}, T.}, title = "{LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels}", journal = {ArXiv e-prints}, archivePrefix = "arXiv", eprint = {1806.07480}, primaryClass = "cs.OS", keywords = {Computer Science - Operating Systems, Computer Science - Hardware Architecture, Computer Science - Cryptography and Security}, year = 2018, month = jun, adsurl = {http://adsabs.harvard.edu/abs/2018arXiv180607480S}, adsnote = {Provided by the SAO/NASA Astrophysics Data System}, type={J}, } @inproceedings{Shen:2018:RCF:3243734.3278522, author = {Shen, Zhuojia and Zhou, Jie and Ojha, Divya and Criswell, John}, title = {Restricting Control Flow During Speculative Execution}, booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security}, series = {CCS '18}, year = {2018}, isbn = {978-1-4503-5693-0}, location = {Toronto, Canada}, pages = {2297--2299}, numpages = {3}, url = {http://doi.acm.org/10.1145/3243734.3278522}, doi = {10.1145/3243734.3278522}, acmid = {3278522}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {side-channel defenses, spectre attacks, speculative execution}, type={C}, } @article{spectrum, title={Spectrum: Classifying, Replicating and Mitigating Spectre Attacks on a Speculating RISC-V Microarchitecture}, author={Gonzalez, Abraham and Korpan, Ben and Younis, Ed and Zhao, Jerry}, type={R}, } @phdthesis{boom, Author = {Celio, Christopher}, Title = {A Highly Productive Implementation of an Out-of-Order Processor Generator}, School = {EECS Department, University of California, Berkeley}, Year = {2018}, Month = {Dec}, URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2018/EECS-2018-151.html}, Number = {UCB/EECS-2018-151}, Abstract = {General-purpose serial-thread performance gains have become more difficult for industry to realize due to the slowing down of process improvements. In this new regime of poor process scaling, continued performance improvement relies on a number of small-scale micro- architectural enhancements. However, software simulator-based models, which computer architecture research has largely relied upon, may not be well-suited for evaluating ideas at the necessary fidelity. To facilitate architecture research during this fallow period of Moore’s Law, we propose using processor simulators built from synthesizable processor designs. This thesis describes the design of a synthesizable, industry-competitive processor built on recent advancements in open-source hardware: we leverage the new open-source RISC-V instruction set architecture, the new Chisel hardware construction language, and the Rocket-chip processor generator. Our processor generator is called BOOM, and it designed for use in education, research, and industry. Like most contemporary high-performance cores, BOOM is superscalar (able to execute multiple instructions per cycle) and out-of-order (able to execute instructions as their dependencies are resolved and not restricted to their program order). The BOOM generator was implemented using the Chisel hardware construction language, allowing for the rapid implementation of parameterized designs. The Chisel description generates synthesizable implementations of BOOM that can target both FPGAs and ASIC tool-flows. The BOOM effort culminated in a test chip that was fabricated in the TSMC 28 nm HPM process (high performance mobile) using the foundry-provided standard-cell library and memory compiler. This thesis highlights two aspects of the BOOM design: its industry-competitive branch prediction and its configurable execution datapath. The remainder of the thesis discusses the BOOM tape-out, which was performed by two graduate students and demonstrated the ability to quickly adapt the design to the physical design issues that arose.}, type={D}, } @misc{oisa, author = {Jiyong Yu and Lucas Hsiung and Mohamad El Hajj and Christopher W. Fletcher}, title = {Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing}, howpublished = {Cryptology ePrint Archive, Report 2018/808}, year = {2018}, note = {\url{https://eprint.iacr.org/2018/808}}, type={J}, } @INPROCEEDINGS{conditional-speculation, author={P. {Li} and L. {Zhao} and R. {Hou} and L. {Zhang} and D. {Meng}}, booktitle={2019 IEEE International Symposium on High Performance Computer Architecture (HPCA)}, title={Conditional Speculation: An Effective Approach to Safeguard Out-of-Order Execution Against Spectre Attacks}, year={2019}, volume={}, number={}, pages={264-276}, keywords={cache storage;computer architecture;microprocessor chips;program diagnostics;security of data;trusted page buffer;cachehit based hazard filter;conditional speculation;spectre vulnerabilities;false security hazards;unsafe instructions;safe instructions;classic out-of-order pipeline;suspect speculation flags;security-dependent instructions;potential security risk;speculative memory instructions;security dependence;software transparent defense mechanism;security consideration;speculative execution;spectre attacks;out-of-order execution;Security;Hazards;Out of order;Microprocessors;Registers;Spectre vulnerabilities defense;Security dependence;Speculative execution side-channel vulnerabilities}, doi={10.1109/HPCA.2019.00043}, ISSN={2378-203X}, month=Feb, type={C} } @inproceedings{spectreguard, title={SpectreGuard : An Efficient Data-centric Defense Mechanism against Spectre Attacks}, author={Jacob Fustos and Farzad Farshchi and Heechul Yun}, year={2019}, booktitle = {Proceedings of the 56th Annual Design Automation Conference}, series = {DAC '19}, type={C}, } % looks useful... @INPROCEEDINGS{poisonivy, author={T. S. {Lehman} and A. D. {Hilton} and B. C. {Lee}}, booktitle={2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)}, title={PoisonIvy: Safe speculation for secure memory}, year={2016}, volume={}, number={}, pages={1-13}, keywords={cryptography;PoisonIvy;safe speculation;secure memory;encryption;integrity trees;physical attacks;integrity verification latency;address-based side-channels;memory intensive workloads;Radiation detectors;Program processors;Encryption;Toxicology;Metadata}, doi={10.1109/MICRO.2016.7783741}, ISSN={}, month=Oct, type={C}, } % related article @article{ge2018survey, title={A survey of microarchitectural timing attacks and countermeasures on contemporary hardware}, author={Ge, Qian and Yarom, Yuval and Cock, David and Heiser, Gernot}, journal={Journal of Cryptographic Engineering}, volume={8}, number={1}, pages={1--27}, year={2018}, publisher={Springer}, type={J}, } % about multiplier timing @inproceedings{andrysco2015subnormal, title={On subnormal floating point and abnormal timing}, author={Andrysco, Marc and Kohlbrenner, David and Mowery, Keaton and Jhala, Ranjit and Lerner, Sorin and Shacham, Hovav}, booktitle={2015 IEEE Symposium on Security and Privacy}, pages={623--639}, year={2015}, organization={IEEE}, type={C}, } % side channel @inproceedings{TimingAttack, author = {Kocher, Paul C.}, title = {Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems}, booktitle = {Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology}, series = {CRYPTO '96}, year = {1996}, isbn = {3-540-61512-1}, pages = {104--113}, numpages = {10}, url = {http://dl.acm.org/citation.cfm?id=646761.706156}, acmid = {706156}, publisher = {Springer-Verlag}, address = {London, UK, UK}, type={C}, } @book{MOP2010, author = {Mangard, Stefan and Oswald, Elisabeth and Popp, Thomas}, title = {Power Analysis Attacks: Revealing the Secrets of Smart Cards}, year = {2010}, edition = {1st}, publisher = {Springer Publishing Company, Incorporated}, type={M}, } @misc{EMpower, author = {Josyula R. Rao and Pankaj Rohatgi}, title = {EMpowering Side-Channel Attacks}, howpublished = {Cryptology ePrint Archive, Report 2001/037}, year = {2001}, note = {\url{https://eprint.iacr.org/2001/037}}, type={J}, } @inproceedings{hutter, title={The temperature side channel and heating fault attacks}, author={Hutter, Michael and Schmidt, J{\"o}rn-Marc}, booktitle={International Conference on Smart Card Research and Advanced Applications}, pages={219--235}, year={2013}, organization={Springer}, type={C}, } @inproceedings{acoustic, title={Acoustic Side-Channel Attacks on Printers.}, author={Backes, Michael and D{\"u}rmuth, Markus and Gerling, Sebastian and Pinkal, Manfred and Sporleder, Caroline}, booktitle={USENIX Security symposium}, pages={307--322}, year={2010}, type={C}, } @phdthesis{gruss, author = {Daniel Gruss}, title = {Software-based Microarchitectural Attacks}, school = {Graz University of Technology}, year = 2017, type={D}, } @article{gem5, title={The gem5 simulator}, author={Binkert, Nathan and Beckmann, Bradford and Black, Gabriel and Reinhardt, Steven K and Saidi, Ali and Basu, Arkaprava and Hestness, Joel and Hower, Derek R and Krishna, Tushar and Sardashti, Somayeh and others}, journal={ACM SIGARCH Computer Architecture News}, volume={39}, number={2}, pages={1--7}, year={2011}, publisher={ACM}, type={J}, } @article{m5, author = {Binkert, Nathan L. and Dreslinski, Ronald G. and Hsu, Lisa R. and Lim, Kevin T. and Saidi, Ali G. and Reinhardt, Steven K.}, title = {The M5 Simulator: Modeling Networked Systems}, journal = {IEEE Micro}, issue_date = {July 2006}, volume = {26}, number = {4}, month = jul, year = {2006}, issn = {0272-1732}, pages = {52--60}, numpages = {9}, url = {https://doi.org/10.1109/MM.2006.82}, doi = {10.1109/MM.2006.82}, acmid = {1159085}, publisher = {IEEE Computer Society Press}, address = {Los Alamitos, CA, USA}, keywords = {M5, M5, network I/O, TCP/IP, networked systems, TCP/IP, network I/O, networked systems}, type={J}, } @article{gems, author = {Martin, Milo M. K. and Sorin, Daniel J. and Beckmann, Bradford M. and Marty, Michael R. and Xu, Min and Alameldeen, Alaa R. and Moore, Kevin E. and Hill, Mark D. and Wood, David A.}, title = {Multifacet's General Execution-driven Multiprocessor Simulator (GEMS) Toolset}, journal = {SIGARCH Comput. Archit. News}, issue_date = {November 2005}, volume = {33}, number = {4}, month = nov, year = {2005}, issn = {0163-5964}, pages = {92--99}, numpages = {8}, url = {http://doi.acm.org/10.1145/1105734.1105747}, doi = {10.1145/1105734.1105747}, acmid = {1105747}, publisher = {ACM}, address = {New York, NY, USA}, type={J}, } @inproceedings{jump-over-aslr, title={Jump over ASLR: Attacking branch predictors to bypass ASLR}, author={Evtyushkin, Dmitry and Ponomarev, Dmitry and Abu-Ghazaleh, Nael}, booktitle={The 49th Annual IEEE/ACM International Symposium on Microarchitecture}, pages={40}, year={2016}, organization={IEEE Press}, type={J} } @article{zombie, title = {{ZombieLoad}: Cross-Privilege-Boundary Data Sampling}, author = {Schwarz, Michael and Lipp, Moritz and Moghimi, Daniel and Van Bulck, Jo and Stecklina, Julian and Prescher, Thomas and Gruss, Daniel}, journal = {arXiv:1905.05726}, year = {2019}, type={R}, } @inproceedings{ridl, title = {{RIDL}: Rogue In-flight Data Load}, booktitle = {S\&{P}}, author = {van Schaik, Stephan and Milburn, Alyssa and Österlund, Sebastian and Frigo, Pietro and Maisuradze, Giorgi and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano}, month = may, year = {2019}, type={C}, } @article{fallout, title={{Fallout}: Reading Kernel Writes From User Space}, author={Minkin, Marina and Moghimi, Daniel and Lipp, Moritz and Schwarz, Michael and Van Bulck, Jo, and Genkin, Daniel and Gruss, Daniel and Sunar, Berk and Piessens, Frank and Yarom, Yuval}, year={2019}, type={R}, } @online{gem5-tutorial, url={http://gem5.org/wiki/images/0/0e/ASPLOS2017_gem5_tutorial.pdf}, author = {Andreas Sandberg and Stephan Diestelhorst and William Wang}, year = {2017}, month = 4, type = {OL}, } @article{RemoteTA, title={Remote Timing Attacks Are Practical}, author={David Brumley and Dan Boneh}, journal={Computer Networks}, year={2003}, volume={48}, pages={701-716}, type = {J}, } @article{IntelCAT, title={Cache QoS: From concept to reality in the Intel® Xeon® processor E5-2600 v3 product family}, author={Andrew Herdrich and Edwin Verplanke and Priya Autee and Ramesh Illikkal and Chris Gianos and Ronak Singhal and Ravi R. Iyer}, journal={2016 IEEE International Symposium on High Performance Computer Architecture (HPCA)}, year={2016}, pages={657-668}, type={C}, } @online{mdsattack, title = {RIDL and Fallout: MDS attacks}, year = {2019}, type = {OL}, url = {https://mdsattacks.com/}, } % vim:ts=4:sw=4