{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,5]],"date-time":"2026-02-05T10:34:20Z","timestamp":1770287660677,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":82,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,6,27]],"date-time":"2020-06-27T00:00:00Z","timestamp":1593216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation of China","award":["61802168, 61972290"],"award-info":[{"award-number":["61802168, 61972290"]}]},{"name":"Natural Science Foundation of Jiangsu Province","award":["BK20191247"],"award-info":[{"award-number":["BK20191247"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,6,27]]},"DOI":"10.1145\/3377811.3380428","type":"proceedings-article","created":{"date-parts":[[2020,10,1]],"date-time":"2020-10-01T18:25:38Z","timestamp":1601576738000},"page":"1235-1247","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["SpecuSym"],"prefix":"10.1145","author":[{"given":"Shengjian","family":"Guo","sequence":"first","affiliation":[{"name":"Baidu Security"}]},{"given":"Yueqi","family":"Chen","sequence":"additional","affiliation":[{"name":"Penn State University"}]},{"given":"Peng","family":"Li","sequence":"additional","affiliation":[{"name":"Baidu Security"}]},{"given":"Yueqiang","family":"Cheng","sequence":"additional","affiliation":[{"name":"Baidu Security"}]},{"given":"Huibo","family":"Wang","sequence":"additional","affiliation":[{"name":"Baidu Security"}]},{"given":"Meng","family":"Wu","sequence":"additional","affiliation":[{"name":"Ant Financial Services Group"}]},{"given":"Zhiqiang","family":"Zuo","sequence":"additional","affiliation":[{"name":"Nanjing University"}]}],"member":"320","published-online":{"date-parts":[[2020,10]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"glibc-2.29.9000. https:\/\/www.gnu.org\/software\/libc\/."},{"key":"e_1_3_2_1_2_1","unstructured":"High Performance SSH\/SCP - HPN-SSH. https:\/\/www.psc.edu\/hpn-ssh."},{"key":"e_1_3_2_1_3_1","unstructured":"Libgcrypt-1.8.4. https:\/\/gnupg.org\/software\/libgcrypt\/index.html."},{"key":"e_1_3_2_1_4_1","unstructured":"LibTomCrypt. http:\/\/www.libtom.net\/LibTomCrypt\/."},{"key":"e_1_3_2_1_5_1","unstructured":"OpenSSL-1.1.1c. https:\/\/mta.openssl.org\/pipermail\/openssl-announce\/2019-May\/000153.html."},{"key":"e_1_3_2_1_6_1","unstructured":"spectre-attach. https:\/\/github.com\/Eugnis\/spectre-attack."},{"key":"e_1_3_2_1_7_1","unstructured":"Tegra. https:\/\/android.googlesource.com\/kernel\/tegra\/+\/android-8.1.0_r0.113\/crypto."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062378"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950362"},{"key":"e_1_3_2_1_10_1","volume-title":"Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018","author":"Bang Lucas","year":"2018","unstructured":"Lucas Bang, Nicol\u00e1s Rosner, and Tevfik Bultan. 2018. Online Synthesis of Adaptive Side-Channel Attacks Based On Noisy Observations. In 2018 IEEE European Symposium on Security and Privacy, EuroS&P 2018, London, United Kingdom, April 24-26, 2018. 307--322."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54792-8_8"},{"key":"e_1_3_2_1_12_1","volume-title":"Testing Cache Side-Channel Leakage. In 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops, ICST Workshops 2017","author":"Basu Tiyash","year":"2017","unstructured":"Tiyash Basu and Sudipta Chattopadhyay. 2017. Testing Cache Side-Channel Leakage. In 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops, ICST Workshops 2017, Tokyo, Japan, March 13-17, 2017. 51--60."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3195039"},{"key":"e_1_3_2_1_14_1","volume-title":"CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In IEEE Symposium on Security and Privacy.","author":"Brotzman Robert L.","unstructured":"Robert L. Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, and Mahmut T. Kandemir. 2019. CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation. In IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_1_15_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Bulck Jo Van","year":"2018","unstructured":"Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. 991--1008."},{"key":"e_1_3_2_1_16_1","volume-title":"Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks. In IEEE European Symposium on Security and Privacy, EuroS&P 2016","author":"Ashokkumar","year":"2016","unstructured":"Ashokkumar C., Ravi Prakash Giri, and Bernard L. Menezes. 2016. Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks. In IEEE European Symposium on Security and Privacy, EuroS&P 2016, Saarbr\u00fccken, Germany, March 21-24, 2016. 261--275."},{"key":"e_1_3_2_1_17_1","volume-title":"Engler","author":"Cadar Cristian","year":"2008","unstructured":"Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings. 209--224."},{"key":"e_1_3_2_1_18_1","volume-title":"TACAS 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS. 38--55","author":"Chattopadhyay Sudipta","year":"2017","unstructured":"Sudipta Chattopadhyay. 2017. Directed Automated Memory Performance Testing. In Tools and Algorithms for the Construction and Analysis of Systems - 23rd International Conference, TACAS 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS. 38--55."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3127041.3127044"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134058"},{"key":"e_1_3_2_1_21_1","volume-title":"12th International Conference, FASE 2009, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, York, UK, March 22-29, 2009. Proceedings. 425--439","author":"Chen Qichang","unstructured":"Qichang Chen, Liqiang Wang, Zijiang Yang, and Scott D. Stoller. 2009. HAVE: Detecting Atomicity Violations via Integrated Dynamic and Static Analysis. In Fundamental Approaches to Software Engineering, 12th International Conference, FASE 2009, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, York, UK, March 22-29, 2009. Proceedings. 425--439."},{"key":"e_1_3_2_1_22_1","volume-title":"13th International Conference, CC 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, March 29 - April 2, 2004, Proceedings. 57--72","author":"Chen Tong","year":"2004","unstructured":"Tong Chen, Jin Lin, Xiaoru Dai, Wei-Chung Hsu, and Pen-Chung Yew. 2004. Data Dependence Profiling for Speculative Optimizations. In Compiler Construction, 13th International Conference, CC 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, March 29 - April 2, 2004, Proceedings. 57--72."},{"key":"e_1_3_2_1_23_1","volume-title":"SAVIOR: Towards Bug-Driven Hybrid Testing. CoRR abs\/1906.07327","author":"Chen Yaohui","year":"2019","unstructured":"Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo, Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. 2019. SAVIOR: Towards Bug-Driven Hybrid Testing. CoRR abs\/1906.07327 (2019)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/800191.805647"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/512950.512973"},{"key":"e_1_3_2_1_26_1","volume-title":"This International Conference, CARDIS '98, Louvain-la-Neuve, Belgium, September 14-16, 1998, Proceedings. 167--182","author":"Dhem Jean-Fran\u00e7ois","year":"1998","unstructured":"Jean-Fran\u00e7ois Dhem, Fran\u00e7ois Koeune, Philippe-Alexandre Leroux, Patrick Mestr\u00e9, Jean-Jacques Quisquater, and Jean-Louis Willems. 1998. A Practical Implementation of the Timing Attack. In Smart Card Research and Applications, This International Conference, CARDIS '98, Louvain-la-Neuve, Belgium, September 14-16, 1998, Proceedings. 167--182."},{"key":"e_1_3_2_1_27_1","volume-title":"26th USENIX Security Symposium, USENIX Security 2017","author":"Disselkoen Craig","year":"2017","unstructured":"Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean M. Tullsen. 2017. Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX. In 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017. 51--67."},{"key":"e_1_3_2_1_28_1","volume-title":"Proceedings of the 22th USENIX Security Symposium","author":"Doychev Goran","year":"2013","unstructured":"Goran Doychev, Dominik Feld, Boris K\u00f6pf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In Proceedings of the 22th USENIX Security Symposium, Washington, DC, USA, August 14-16, 2013. 431--446."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062388"},{"key":"e_1_3_2_1_30_1","volume-title":"Balas","author":"Duddu Vasisht","year":"2018","unstructured":"Vasisht Duddu, Debasis Samanta, D. Vijay Rao, and Valentina E. Balas. 2018. Stealing Neural Networks via Timing Side Channels. CoRR abs\/1812.11720 (2018). arXiv:1812.11720 http:\/\/arxiv.org\/abs\/1812.11720"},{"key":"e_1_3_2_1_31_1","volume-title":"CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings. 114--130","author":"Eldib Hassan","year":"2014","unstructured":"Hassan Eldib and Chao Wang. 2014. Synthesis of Masking Countermeasures against Side Channel Attacks. In Computer Aided Verification - 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 18-22, 2014. Proceedings. 114--130."},{"key":"e_1_3_2_1_32_1","volume-title":"TACAS 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014. Proceedings. 62--77","author":"Eldib Hassan","year":"2014","unstructured":"Hassan Eldib, Chao Wang, and Patrick Schaumont. 2014. SMT-Based Verification of Software Countermeasures against Side-Channel Attacks. In Tools and Algorithms for the Construction and Analysis of Systems - 20th International Conference, TACAS 2014, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2014, Grenoble, France, April 5-13, 2014. Proceedings. 62--77."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2593069.2593193"},{"key":"e_1_3_2_1_34_1","volume-title":"CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part II. 343--363","author":"Eldib Hassan","year":"2016","unstructured":"Hassan Eldib, Meng Wu, and Chao Wang. 2016. Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits. In Computer Aided Verification - 28th International Conference, CAV 2016, Toronto, ON, Canada, July 17-23, 2016, Proceedings, Part II. 343--363."},{"key":"e_1_3_2_1_35_1","volume-title":"Spectector: Principled Detection of Speculative Information Flows. CoRR abs\/1812.08639","author":"Guarnieri Marco","year":"2018","unstructured":"Marco Guarnieri, Boris K\u00f6pf, Jos\u00e9 F. Morales, Jan Reineke, and Andr\u00e9s S\u00e1nchez. 2018. Spectector: Principled Detection of Speculative Information Flows. CoRR abs\/1812.08639 (2018). arXiv:1812.08639 http:\/\/arxiv.org\/abs\/1812.08639"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.22"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786841"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236028"},{"key":"e_1_3_2_1_39_1","volume-title":"Ciocarlie","author":"He Shaobo","year":"2019","unstructured":"Shaobo He, Michael Emmi, and Gabriela F. Ciocarlie. 2019. ct-fuzz: Fuzzing for Timing Leaks. CoRR abs\/1904.07280 (2019)."},{"key":"e_1_3_2_1_40_1","volume-title":"Ian Rackow, Kevin Kulda, Dana Dachman-Soled, and Tudor Dumitras.","author":"Hong Sanghyun","year":"2018","unstructured":"Sanghyun Hong, Michael Davinroy, Yigitcan Kaya, Stuart Nevans Locke, Ian Rackow, Kevin Kulda, Dana Dachman-Soled, and Tudor Dumitras. 2018. Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks. CoRR abs\/1810.03487 (2018). arXiv:1810.03487 http:\/\/arxiv.org\/abs\/1810.03487"},{"key":"e_1_3_2_1_41_1","volume-title":"Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints. CoRR abs\/1903.03916","author":"Hu Xing","year":"2019","unstructured":"Xing Hu, Ling Liang, Lei Deng, Shuangchen Li, Xinfeng Xie, Yu Ji, Yufei Ding, Chang Liu, Timothy Sherwood, and Yuan Xie. 2019. Neural Network Model Extraction Attacks in Edge Devices by Hearing Architectural Hints. CoRR abs\/1903.03916 (2019). arXiv:1903.03916 http:\/\/arxiv.org\/abs\/1903.03916"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.23"},{"key":"e_1_3_2_1_43_1","volume-title":"SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. CoRR abs\/1903.00446","author":"Islam Saad","year":"2019","unstructured":"Saad Islam, Ahmad Moghimi, Ida Bruhns, Moritz Krebbel, Berk G\u00fclmezoglu, Thomas Eisenbarth, and Berk Sunar. 2019. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks. CoRR abs\/1903.00446 (2019). arXiv:1903.00446 http:\/\/arxiv.org\/abs\/1903.00446"},{"key":"e_1_3_2_1_44_1","first-page":"511","article-title":"Speculative execution processor. (April 23 1996)","volume":"5","author":"Kimura Kozo","year":"1996","unstructured":"Kozo Kimura, Kosuki Yoshioka, and Tokuzo Kiyohara. 1996. Speculative execution processor. (April 23 1996). US Patent 5,511,172.","journal-title":"US Patent"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/360248.360252"},{"key":"e_1_3_2_1_46_1","volume-title":"Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)","author":"Kocher Paul","year":"2019","unstructured":"Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P'19)."},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-68697-5_9"},{"key":"e_1_3_2_1_48_1","volume-title":"LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In 2nd IEEE\/ACM International Symposium on Code Generation and Optimization","author":"Lattner Chris","year":"2004","unstructured":"Chris Lattner and Vikram S. Adve. 2004. LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation. In 2nd IEEE\/ACM International Symposium on Code Generation and Optimization, 20-24 March 2004, San Jose, CA, USA. 75--88."},{"key":"e_1_3_2_1_49_1","volume-title":"Pulse: A Dynamic Deadlock Detection Mechanism Using Speculative Execution. In Proceedings of the 2005 USENIX Annual Technical Conference","author":"Li Tong","year":"2005","unstructured":"Tong Li, Carla Schlatter Ellis, Alvin R. Lebeck, and Daniel J. Sorin. 2005. Pulse: A Dynamic Deadlock Detection Mechanism Using Speculative Execution. In Proceedings of the 2005 USENIX Annual Technical Conference, April 10-15, 2005, Anaheim, CA, USA. 31--44."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/775832.775953"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1023\/B:TIME.0000048933.15922.f9"},{"key":"e_1_3_2_1_52_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Lipp Moritz","year":"2018","unstructured":"Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. 973--990."},{"key":"e_1_3_2_1_53_1","volume-title":"POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. Lecture Notes in Computer Science","volume":"10204","author":"Maffei Matteo","year":"2017","unstructured":"Matteo Maffei and Mark Ryan (Eds.). 2017. Principles of Security and Trust - 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings. Lecture Notes in Computer Science, Vol. 10204. Springer."},{"key":"e_1_3_2_1_54_1","volume-title":"A survey of techniques for dynamic branch prediction. Concurrency and Computation: Practice and Experience 31, 1","author":"Mittal Sparsh","year":"2019","unstructured":"Sparsh Mittal. 2019. A survey of techniques for dynamic branch prediction. Concurrency and Computation: Practice and Experience 31, 1 (2019)."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.1997.645814"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/65985.65990"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC","author":"Nilizadeh Shirin","year":"2019","unstructured":"Shirin Nilizadeh, Yannic Noller, and Corina S. Pasareanu. 2019. DifFuzz: differential fuzzing for side-channel analysis. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25-31, 2019. 176--187."},{"key":"e_1_3_2_1_58_1","volume-title":"SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. CoRR abs\/1905.10311","author":"Oleksenko Oleksii","year":"2019","unstructured":"Oleksii Oleksenko, Bohdan Trach, Mark Silberstein, and Christof Fetzer. 2019. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface. CoRR abs\/1905.10311 (2019). arXiv:1905.10311 http:\/\/arxiv.org\/abs\/1905.10311"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.1999.809454"},{"key":"e_1_3_2_1_60_1","volume-title":"USA","author":"Osvik Dag Arne","year":"2006","unstructured":"Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings. 1--20."},{"key":"e_1_3_2_1_61_1","volume-title":"Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT. In IEEE 29th Computer Security Foundations Symposium, CSF 2016","author":"Pasareanu Corina S.","year":"2016","unstructured":"Corina S. Pasareanu, Quoc-Sang Phan, and Pasquale Malacaria. 2016. Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT. In IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27 - July 1, 2016. 387--400."},{"key":"e_1_3_2_1_62_1","volume-title":"ASE 2010, 25th IEEE\/ACM International Conference on Automated Software Engineering","author":"Corina","year":"2010","unstructured":"Corina S. Pasareanu and Neha Rungta. 2010. Symbolic PathFinder: symbolic execution of Java bytecode. In ASE 2010, 25th IEEE\/ACM International Conference on Automated Software Engineering, Antwerp, Belgium, September 20-24, 2010. 179--180."},{"key":"e_1_3_2_1_63_1","first-page":"401","article-title":"Synthesis of Adaptive Side-Channel Attacks","volume":"2017","author":"Phan Quoc-Sang","year":"2017","unstructured":"Quoc-Sang Phan, Lucas Bang, Corina S. Pasareanu, Pasquale Malacaria, and Tevfik Bultan. 2017. Synthesis of Adaptive Side-Channel Attacks. IACR Cryptology ePrint Archive 2017 (2017), 401.","journal-title":"IACR Cryptology ePrint Archive"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Prakash Prabhu Ganesan Ramalingam and Kapil Vaswani. 2010. Safe programmable speculative parallelism. In PLDI. 50--61.","DOI":"10.1145\/1809028.1806603"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/356683.356687"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/MICRO.1998.742775"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908092"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3240485"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.5555\/2724966.2725064"},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3090064.3090071"},{"key":"e_1_3_2_1_71_1","volume-title":"Tulika Mitra, and Abhik Roychoudhury.","author":"Wang Guanhua","year":"2019","unstructured":"Guanhua Wang, Sudipta Chattopadhyay, Arnab Kumar Biswas, Tulika Mitra, and Abhik Roychoudhury. 2019. KLEESPECTRE: Detecting Information Leakage through Speculative Cache Attacks via Symbolic Execution. CoRR abs\/1909.00647 (2019)."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338913"},{"key":"e_1_3_2_1_73_1","volume-title":"28th USENIX Security Symposium, USENIX Security 2019","author":"Wang Shuai","year":"2019","unstructured":"Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. 2019. Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation. In 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019. 657--674."},{"key":"e_1_3_2_1_74_1","volume-title":"CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Wang Shuai","year":"2017","unstructured":"Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. CacheD: Identifying Cache-Based Timing Channels in Production Software. In 26th USENIX Security Symposium (USENIX Security 17). 235--252."},{"key":"e_1_3_2_1_75_1","volume-title":"Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas F. Wenisch, and Yuval Yarom.","author":"Weisse Ofir","year":"2018","unstructured":"Ofir Weisse, Jo Van Bulck, Marina Minkin, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Raoul Strackx, Thomas F. Wenisch, and Yuval Yarom. 2018. Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution. Technical report (2018)."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274741"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213851"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314647"},{"key":"e_1_3_2_1_79_1","volume-title":"Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. CoRR abs\/1808.04761","author":"Yan Mengjia","year":"2018","unstructured":"Mengjia Yan, Christopher W. Fletcher, and Josep Torrellas. 2018. Cache Telepathy: Leveraging Shared Resource Attacks to Learn DNN Architectures. CoRR abs\/1808.04761 (2018). arXiv:1808.04761 http:\/\/arxiv.org\/abs\/1808.04761"},{"key":"e_1_3_2_1_80_1","volume-title":"Proceedings of the 23rd USENIX Security Symposium","author":"Yarom Yuval","year":"2014","unstructured":"Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014. 719--732."},{"key":"e_1_3_2_1_81_1","volume-title":"CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part II. 157--177","author":"Zhang Jun","year":"2018","unstructured":"Jun Zhang, Pengfei Gao, Fu Song, and Chao Wang. 2018. SCInfer: Refinement-Based Verification of Software Countermeasures Against Side-Channel Attacks. In Computer Aided Verification - 30th International Conference, CAV 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 14-17, 2018, Proceedings, Part II. 157--177."},{"key":"e_1_3_2_1_82_1","volume-title":"Speculative Symbolic Execution. In 23rd IEEE International Symposium on Software Reliability Engineering, ISSRE 2012","author":"Zhang Yufeng","year":"2012","unstructured":"Yufeng Zhang, Zhenbang Chen, and Ji Wang. 2012. Speculative Symbolic Execution. In 23rd IEEE International Symposium on Software Reliability Engineering, ISSRE 2012, Dallas, TX, USA, November 27-30, 2012. 101--110."}],"event":{"name":"ICSE '20: 42nd International Conference on Software Engineering","location":"Seoul South Korea","acronym":"ICSE '20","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","KIISE Korean Institute of Information Scientists and Engineers","IEEE CS"]},"container-title":["Proceedings of the ACM\/IEEE 42nd International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380428","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3377811.3380428","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:41:40Z","timestamp":1750200100000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3377811.3380428"}},"subtitle":["speculative symbolic execution for cache timing leak detection"],"short-title":[],"issued":{"date-parts":[[2020,6,27]]},"references-count":82,"alternative-id":["10.1145\/3377811.3380428","10.1145\/3377811"],"URL":"https:\/\/doi.org\/10.1145\/3377811.3380428","relation":{},"subject":[],"published":{"date-parts":[[2020,6,27]]},"assertion":[{"value":"2020-10-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}