├── .gitignore ├── LICENSE.txt ├── Makefile ├── README.md ├── mascab-peripheral.bib ├── mascab-scratchpad.bib ├── mascab.bib ├── mascab.pdf ├── mascab.tax └── mascab.tex /.gitignore: -------------------------------------------------------------------------------- 1 | *.aux 2 | *.bbl 3 | *.bcf 4 | *.blg 5 | *.log 6 | *.out 7 | *.toc 8 | *.xml 9 | 10 | mascab.todo 11 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Attribution-ShareAlike 4.0 International 2 | 3 | ======================================================================= 4 | 5 | Creative Commons Corporation ("Creative Commons") is not a law firm and 6 | does not provide legal services or legal advice. Distribution of 7 | Creative Commons public licenses does not create a lawyer-client or 8 | other relationship. Creative Commons makes its licenses and related 9 | information available on an "as-is" basis. Creative Commons gives no 10 | warranties regarding its licenses, any material licensed under their 11 | terms and conditions, or any related information. Creative Commons 12 | disclaims all liability for damages resulting from their use to the 13 | fullest extent possible. 14 | 15 | Using Creative Commons Public Licenses 16 | 17 | Creative Commons public licenses provide a standard set of terms and 18 | conditions that creators and other rights holders may use to share 19 | original works of authorship and other material subject to copyright 20 | and certain other rights specified in the public license below. The 21 | following considerations are for informational purposes only, are not 22 | exhaustive, and do not form part of our licenses. 23 | 24 | Considerations for licensors: Our public licenses are 25 | intended for use by those authorized to give the public 26 | permission to use material in ways otherwise restricted by 27 | copyright and certain other rights. Our licenses are 28 | irrevocable. Licensors should read and understand the terms 29 | and conditions of the license they choose before applying it. 30 | Licensors should also secure all rights necessary before 31 | applying our licenses so that the public can reuse the 32 | material as expected. Licensors should clearly mark any 33 | material not subject to the license. This includes other CC- 34 | licensed material, or material used under an exception or 35 | limitation to copyright. More considerations for licensors: 36 | wiki.creativecommons.org/Considerations_for_licensors 37 | 38 | Considerations for the public: By using one of our public 39 | licenses, a licensor grants the public permission to use the 40 | licensed material under specified terms and conditions. If 41 | the licensor's permission is not necessary for any reason--for 42 | example, because of any applicable exception or limitation to 43 | copyright--then that use is not regulated by the license. Our 44 | licenses grant only permissions under copyright and certain 45 | other rights that a licensor has authority to grant. Use of 46 | the licensed material may still be restricted for other 47 | reasons, including because others have copyright or other 48 | rights in the material. A licensor may make special requests, 49 | such as asking that all changes be marked or described. 50 | Although not required by our licenses, you are encouraged to 51 | respect those requests where reasonable. More_considerations 52 | for the public: 53 | wiki.creativecommons.org/Considerations_for_licensees 54 | 55 | ======================================================================= 56 | 57 | Creative Commons Attribution-ShareAlike 4.0 International Public 58 | License 59 | 60 | By exercising the Licensed Rights (defined below), You accept and agree 61 | to be bound by the terms and conditions of this Creative Commons 62 | Attribution-ShareAlike 4.0 International Public License ("Public 63 | License"). To the extent this Public License may be interpreted as a 64 | contract, You are granted the Licensed Rights in consideration of Your 65 | acceptance of these terms and conditions, and the Licensor grants You 66 | such rights in consideration of benefits the Licensor receives from 67 | making the Licensed Material available under these terms and 68 | conditions. 69 | 70 | 71 | Section 1 -- Definitions. 72 | 73 | a. Adapted Material means material subject to Copyright and Similar 74 | Rights that is derived from or based upon the Licensed Material 75 | and in which the Licensed Material is translated, altered, 76 | arranged, transformed, or otherwise modified in a manner requiring 77 | permission under the Copyright and Similar Rights held by the 78 | Licensor. For purposes of this Public License, where the Licensed 79 | Material is a musical work, performance, or sound recording, 80 | Adapted Material is always produced where the Licensed Material is 81 | synched in timed relation with a moving image. 82 | 83 | b. Adapter's License means the license You apply to Your Copyright 84 | and Similar Rights in Your contributions to Adapted Material in 85 | accordance with the terms and conditions of this Public License. 86 | 87 | c. BY-SA Compatible License means a license listed at 88 | creativecommons.org/compatiblelicenses, approved by Creative 89 | Commons as essentially the equivalent of this Public License. 90 | 91 | d. Copyright and Similar Rights means copyright and/or similar rights 92 | closely related to copyright including, without limitation, 93 | performance, broadcast, sound recording, and Sui Generis Database 94 | Rights, without regard to how the rights are labeled or 95 | categorized. For purposes of this Public License, the rights 96 | specified in Section 2(b)(1)-(2) are not Copyright and Similar 97 | Rights. 98 | 99 | e. Effective Technological Measures means those measures that, in the 100 | absence of proper authority, may not be circumvented under laws 101 | fulfilling obligations under Article 11 of the WIPO Copyright 102 | Treaty adopted on December 20, 1996, and/or similar international 103 | agreements. 104 | 105 | f. Exceptions and Limitations means fair use, fair dealing, and/or 106 | any other exception or limitation to Copyright and Similar Rights 107 | that applies to Your use of the Licensed Material. 108 | 109 | g. License Elements means the license attributes listed in the name 110 | of a Creative Commons Public License. The License Elements of this 111 | Public License are Attribution and ShareAlike. 112 | 113 | h. Licensed Material means the artistic or literary work, database, 114 | or other material to which the Licensor applied this Public 115 | License. 116 | 117 | i. Licensed Rights means the rights granted to You subject to the 118 | terms and conditions of this Public License, which are limited to 119 | all Copyright and Similar Rights that apply to Your use of the 120 | Licensed Material and that the Licensor has authority to license. 121 | 122 | j. Licensor means the individual(s) or entity(ies) granting rights 123 | under this Public License. 124 | 125 | k. Share means to provide material to the public by any means or 126 | process that requires permission under the Licensed Rights, such 127 | as reproduction, public display, public performance, distribution, 128 | dissemination, communication, or importation, and to make material 129 | available to the public including in ways that members of the 130 | public may access the material from a place and at a time 131 | individually chosen by them. 132 | 133 | l. Sui Generis Database Rights means rights other than copyright 134 | resulting from Directive 96/9/EC of the European Parliament and of 135 | the Council of 11 March 1996 on the legal protection of databases, 136 | as amended and/or succeeded, as well as other essentially 137 | equivalent rights anywhere in the world. 138 | 139 | m. You means the individual or entity exercising the Licensed Rights 140 | under this Public License. Your has a corresponding meaning. 141 | 142 | 143 | Section 2 -- Scope. 144 | 145 | a. License grant. 146 | 147 | 1. Subject to the terms and conditions of this Public License, 148 | the Licensor hereby grants You a worldwide, royalty-free, 149 | non-sublicensable, non-exclusive, irrevocable license to 150 | exercise the Licensed Rights in the Licensed Material to: 151 | 152 | a. reproduce and Share the Licensed Material, in whole or 153 | in part; and 154 | 155 | b. produce, reproduce, and Share Adapted Material. 156 | 157 | 2. Exceptions and Limitations. For the avoidance of doubt, where 158 | Exceptions and Limitations apply to Your use, this Public 159 | License does not apply, and You do not need to comply with 160 | its terms and conditions. 161 | 162 | 3. Term. The term of this Public License is specified in Section 163 | 6(a). 164 | 165 | 4. Media and formats; technical modifications allowed. The 166 | Licensor authorizes You to exercise the Licensed Rights in 167 | all media and formats whether now known or hereafter created, 168 | and to make technical modifications necessary to do so. The 169 | Licensor waives and/or agrees not to assert any right or 170 | authority to forbid You from making technical modifications 171 | necessary to exercise the Licensed Rights, including 172 | technical modifications necessary to circumvent Effective 173 | Technological Measures. For purposes of this Public License, 174 | simply making modifications authorized by this Section 2(a) 175 | (4) never produces Adapted Material. 176 | 177 | 5. Downstream recipients. 178 | 179 | a. Offer from the Licensor -- Licensed Material. Every 180 | recipient of the Licensed Material automatically 181 | receives an offer from the Licensor to exercise the 182 | Licensed Rights under the terms and conditions of this 183 | Public License. 184 | 185 | b. Additional offer from the Licensor -- Adapted Material. 186 | Every recipient of Adapted Material from You 187 | automatically receives an offer from the Licensor to 188 | exercise the Licensed Rights in the Adapted Material 189 | under the conditions of the Adapter's License You apply. 190 | 191 | c. No downstream restrictions. You may not offer or impose 192 | any additional or different terms or conditions on, or 193 | apply any Effective Technological Measures to, the 194 | Licensed Material if doing so restricts exercise of the 195 | Licensed Rights by any recipient of the Licensed 196 | Material. 197 | 198 | 6. No endorsement. Nothing in this Public License constitutes or 199 | may be construed as permission to assert or imply that You 200 | are, or that Your use of the Licensed Material is, connected 201 | with, or sponsored, endorsed, or granted official status by, 202 | the Licensor or others designated to receive attribution as 203 | provided in Section 3(a)(1)(A)(i). 204 | 205 | b. Other rights. 206 | 207 | 1. Moral rights, such as the right of integrity, are not 208 | licensed under this Public License, nor are publicity, 209 | privacy, and/or other similar personality rights; however, to 210 | the extent possible, the Licensor waives and/or agrees not to 211 | assert any such rights held by the Licensor to the limited 212 | extent necessary to allow You to exercise the Licensed 213 | Rights, but not otherwise. 214 | 215 | 2. Patent and trademark rights are not licensed under this 216 | Public License. 217 | 218 | 3. To the extent possible, the Licensor waives any right to 219 | collect royalties from You for the exercise of the Licensed 220 | Rights, whether directly or through a collecting society 221 | under any voluntary or waivable statutory or compulsory 222 | licensing scheme. In all other cases the Licensor expressly 223 | reserves any right to collect such royalties. 224 | 225 | 226 | Section 3 -- License Conditions. 227 | 228 | Your exercise of the Licensed Rights is expressly made subject to the 229 | following conditions. 230 | 231 | a. Attribution. 232 | 233 | 1. If You Share the Licensed Material (including in modified 234 | form), You must: 235 | 236 | a. retain the following if it is supplied by the Licensor 237 | with the Licensed Material: 238 | 239 | i. identification of the creator(s) of the Licensed 240 | Material and any others designated to receive 241 | attribution, in any reasonable manner requested by 242 | the Licensor (including by pseudonym if 243 | designated); 244 | 245 | ii. a copyright notice; 246 | 247 | iii. a notice that refers to this Public License; 248 | 249 | iv. a notice that refers to the disclaimer of 250 | warranties; 251 | 252 | v. a URI or hyperlink to the Licensed Material to the 253 | extent reasonably practicable; 254 | 255 | b. indicate if You modified the Licensed Material and 256 | retain an indication of any previous modifications; and 257 | 258 | c. indicate the Licensed Material is licensed under this 259 | Public License, and include the text of, or the URI or 260 | hyperlink to, this Public License. 261 | 262 | 2. You may satisfy the conditions in Section 3(a)(1) in any 263 | reasonable manner based on the medium, means, and context in 264 | which You Share the Licensed Material. For example, it may be 265 | reasonable to satisfy the conditions by providing a URI or 266 | hyperlink to a resource that includes the required 267 | information. 268 | 269 | 3. If requested by the Licensor, You must remove any of the 270 | information required by Section 3(a)(1)(A) to the extent 271 | reasonably practicable. 272 | 273 | b. ShareAlike. 274 | 275 | In addition to the conditions in Section 3(a), if You Share 276 | Adapted Material You produce, the following conditions also apply. 277 | 278 | 1. The Adapter's License You apply must be a Creative Commons 279 | license with the same License Elements, this version or 280 | later, or a BY-SA Compatible License. 281 | 282 | 2. You must include the text of, or the URI or hyperlink to, the 283 | Adapter's License You apply. You may satisfy this condition 284 | in any reasonable manner based on the medium, means, and 285 | context in which You Share Adapted Material. 286 | 287 | 3. You may not offer or impose any additional or different terms 288 | or conditions on, or apply any Effective Technological 289 | Measures to, Adapted Material that restrict exercise of the 290 | rights granted under the Adapter's License You apply. 291 | 292 | 293 | Section 4 -- Sui Generis Database Rights. 294 | 295 | Where the Licensed Rights include Sui Generis Database Rights that 296 | apply to Your use of the Licensed Material: 297 | 298 | a. for the avoidance of doubt, Section 2(a)(1) grants You the right 299 | to extract, reuse, reproduce, and Share all or a substantial 300 | portion of the contents of the database; 301 | 302 | b. if You include all or a substantial portion of the database 303 | contents in a database in which You have Sui Generis Database 304 | Rights, then the database in which You have Sui Generis Database 305 | Rights (but not its individual contents) is Adapted Material, 306 | 307 | including for purposes of Section 3(b); and 308 | c. You must comply with the conditions in Section 3(a) if You Share 309 | all or a substantial portion of the contents of the database. 310 | 311 | For the avoidance of doubt, this Section 4 supplements and does not 312 | replace Your obligations under this Public License where the Licensed 313 | Rights include other Copyright and Similar Rights. 314 | 315 | 316 | Section 5 -- Disclaimer of Warranties and Limitation of Liability. 317 | 318 | a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE 319 | EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS 320 | AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF 321 | ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, 322 | IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, 323 | WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR 324 | PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, 325 | ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT 326 | KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT 327 | ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. 328 | 329 | b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE 330 | TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, 331 | NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, 332 | INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, 333 | COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR 334 | USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN 335 | ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR 336 | DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR 337 | IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. 338 | 339 | c. The disclaimer of warranties and limitation of liability provided 340 | above shall be interpreted in a manner that, to the extent 341 | possible, most closely approximates an absolute disclaimer and 342 | waiver of all liability. 343 | 344 | 345 | Section 6 -- Term and Termination. 346 | 347 | a. This Public License applies for the term of the Copyright and 348 | Similar Rights licensed here. However, if You fail to comply with 349 | this Public License, then Your rights under this Public License 350 | terminate automatically. 351 | 352 | b. Where Your right to use the Licensed Material has terminated under 353 | Section 6(a), it reinstates: 354 | 355 | 1. automatically as of the date the violation is cured, provided 356 | it is cured within 30 days of Your discovery of the 357 | violation; or 358 | 359 | 2. upon express reinstatement by the Licensor. 360 | 361 | For the avoidance of doubt, this Section 6(b) does not affect any 362 | right the Licensor may have to seek remedies for Your violations 363 | of this Public License. 364 | 365 | c. For the avoidance of doubt, the Licensor may also offer the 366 | Licensed Material under separate terms or conditions or stop 367 | distributing the Licensed Material at any time; however, doing so 368 | will not terminate this Public License. 369 | 370 | d. Sections 1, 5, 6, 7, and 8 survive termination of this Public 371 | License. 372 | 373 | 374 | Section 7 -- Other Terms and Conditions. 375 | 376 | a. The Licensor shall not be bound by any additional or different 377 | terms or conditions communicated by You unless expressly agreed. 378 | 379 | b. Any arrangements, understandings, or agreements regarding the 380 | Licensed Material not stated herein are separate from and 381 | independent of the terms and conditions of this Public License. 382 | 383 | 384 | Section 8 -- Interpretation. 385 | 386 | a. For the avoidance of doubt, this Public License does not, and 387 | shall not be interpreted to, reduce, limit, restrict, or impose 388 | conditions on any use of the Licensed Material that could lawfully 389 | be made without permission under this Public License. 390 | 391 | b. To the extent possible, if any provision of this Public License is 392 | deemed unenforceable, it shall be automatically reformed to the 393 | minimum extent necessary to make it enforceable. If the provision 394 | cannot be reformed, it shall be severed from this Public License 395 | without affecting the enforceability of the remaining terms and 396 | conditions. 397 | 398 | c. No term or condition of this Public License will be waived and no 399 | failure to comply consented to unless expressly agreed to by the 400 | Licensor. 401 | 402 | d. Nothing in this Public License constitutes or may be interpreted 403 | as a limitation upon, or waiver of, any privileges and immunities 404 | that apply to the Licensor or You, including from the legal 405 | processes of any jurisdiction or authority. 406 | 407 | 408 | ======================================================================= 409 | 410 | Creative Commons is not a party to its public licenses. 411 | Notwithstanding, Creative Commons may elect to apply one of its public 412 | licenses to material it publishes and in those instances will be 413 | considered the "Licensor." Except for the limited purpose of indicating 414 | that material is shared under a Creative Commons public license or as 415 | otherwise permitted by the Creative Commons policies published at 416 | creativecommons.org/policies, Creative Commons does not authorize the 417 | use of the trademark "Creative Commons" or any other trademark or logo 418 | of Creative Commons without its prior written consent including, 419 | without limitation, in connection with any unauthorized modifications 420 | to any of its public licenses or any other arrangements, 421 | understandings, or agreements concerning use of licensed material. For 422 | the avoidance of doubt, this paragraph does not form part of the public 423 | licenses. 424 | 425 | Creative Commons may be contacted at creativecommons.org. 426 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | mascab.pdf : $(wildcard *.bib) mascab.tex 2 | @pdflatex mascab 3 | @biber mascab 4 | @pdflatex mascab 5 | @biber mascab 6 | @pdflatex mascab 7 | 8 | mascab.tax : $(wildcard *.bib) 9 | @grep -H STRING ${?} > ${@} 10 | 11 | all : mascab.pdf mascab.tax 12 | 13 | clean : 14 | @rm -f *.aux *.bbl *.bcf *.blg *.log *.out *.toc *.xml 15 | 16 | spotless : clean 17 | @rm -f *.pdf *.tax 18 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # MASCAB: a Micro-Architectural Side-Channel Attack Bibliography 2 | 3 | 4 | 5 | ## Introduction 6 | 7 | Cryptography is a fast-moving field, which is enormously exciting but also 8 | quite challenging: resources such as the 9 | [IACR eprint archive](http://eprint.iacr.org/) 10 | and 11 | [CryptoBib](http://cryptobib.di.ens.fr) 12 | help, but even *keeping track* of new results in certain sub-fields can be 13 | difficult, let alone then making useful *contributions*. The sub-field of 14 | micro-architectural side-channel attacks is an example of this, in part as 15 | the result of it bridging multiple disciplines (e.g., cryptography and 16 | computer architecture). 17 | 18 | I've found this particularly challenging (and so frustrating) over say the 19 | last 5 years; the volume of papers has expanded rapidly, but the time I'd 20 | normally allocate to reading them has been eroded by other commitments (as 21 | evidenced by a pile of printed papers gathering dust on my desk). In the 22 | end, I decided to tackle this problem by progressively 23 | a) collating papers I *could* read, 24 | then 25 | b) reading them one-by-one, but in no particular order, and attempting to 26 | summarise their contribution (and so organise the sub-field as a whole 27 | in my head). 28 | MASCAB is the result: after starting to advise MSc and PhD students on how 29 | to navigate the sub-field, it seems likely to be of use to others as well. 30 | 31 | - By definition this is an ongoing project; I'd welcome updates, e.g., raw 32 | BiBTeX entries or pointers to missing papers. 33 | 34 | - If you want to make reference to 35 | MASCAB 36 | (e.g., in the acknowledgements of a paper or report), it'd be *really* 37 | helpful if you'd use the following standard BiBTeX entry 38 | 39 | ``` 40 | @misc{mascab, 41 | author = {D. Page}, 42 | title = {{MASCAB}: a {M}icro-{A}rchitectural {S}ide-{C}hannel {A}ttack {B}ibliography}, 43 | url = {http://www.github.com/danpage/mascab} 44 | } 45 | ``` 46 | 47 | since this will maximise the cases where it's picked up by automated 48 | citation indexes. 49 | 50 | - Partly motivated by 51 | [Meltdown](http://meltdownattack.com) 52 | and 53 | [Spectre](http://spectreattack.com), 54 | there are now various alternative to MASCAB that you might prefer; for 55 | example 56 | [here](http://www.peerlyst.com/posts/a-collection-of-links-to-pdfs-of-papers-on-micro-architectural-side-channel-attacks-sorted-by-date-paul-harvey) 57 | or 58 | [here](http://github.com/MattPD/cpplinks/blob/master/comparch.micro.channels.md). 59 | 60 | 61 | 62 | ## Content 63 | 64 | - Although I attempted to summarise (some) papers, this is was initially 65 | intended for my use: at the moment this isn't meant to be a standalone 66 | survey, mainly because there are already good examples elsewhere, see, 67 | e.g., [1,2]. 68 | 69 | - The content is intended to be factual and, obviously, correct; anything 70 | other than that, including any inaccuracies, are simply human error. I 71 | do get things wrong sometimes (in fact, quite often), but *definitely* 72 | don't mean to judge or criticise anything, for example. 73 | 74 | - So it is easier to manage, The content is organised into the following 75 | files: 76 | 77 | - `mascab.bib` 78 | is the main BiBTeX bibliography database, 79 | - `mascab.tex` 80 | is a LaTeX file that compiles (e.g., via the `Makefile` provided) 81 | the content into a readable (or at least printable) document, 82 | - `mascab-scratchpad.bib`, 83 | is a BiBTeX bibliography database of entries that aren't yet 84 | included in `masca.bib` but should be, 85 | - `mascab-peripheral.bib` 86 | is a BiBTeX bibliography database of entries that are at the 87 | periphery of what *should* be included in `masca.bib` but are worth 88 | hanging on to either way (e.g., because they *could* be included in 89 | the future, or just add context). 90 | 91 | - The `Makefile` included has one target: 92 | `mascab.pdf` 93 | is a PDF generated from `mascab.tex`. 94 | Note that up to a point, keywords and taxonomy are just an (evolving) 95 | mechanism to manage content. As example, cases such as 96 | 97 | - where a paper makes multiple contributions (e.g., includes both an 98 | attack strategy *and* a countermeasure, or an attack strategy *and* 99 | a concrete application of it to something), 100 | or 101 | - where a paper could be applied within the context of either covert 102 | *or* side-channels 103 | 104 | aren't that well served. 105 | 106 | - Modelled on 107 | [CryptoBib](http://cryptobib.di.ens.fr), 108 | each database attempts to follow some formatting rules: 109 | 110 | - the format of entry keys is 111 | 112 | `MASCAB:[:][:a-z]` 113 | 114 | i.e., 115 | 1) a domain separator, 116 | 2) an author key, 117 | 3) a two-digit publication year (if dated), 118 | 4) an optional character to resolve any conflicts, 119 | with separating colons where appropriate, 120 | 121 | - the format of author keys depends on the number of authors, namely 122 | 123 | Authors | Format | Example | 124 | :---------: | :------------------------------------------------: | :------------------------------------------------------------------------------: | 125 | 1 | full (ASCII'ised) last name, | "W.M. Hu" => `Hu` | 126 | 2 or 3 | first 3 characters of each (ASCII'ised) last name, | "O. Ac\i{}i\c{c}mez and \c{C}.K. Ko\c{c}" => `AciKoc` | 127 | 4 or more | first 1 character of each (ASCII'ised) last name, | "Y. Wang and A. Ferraiuolo and D. Zhang and A.C. Myers and E.G. Suh" => `WFZMS` | 128 | 129 | although one caveat relates to named resource (e.g., software) where 130 | it makes more sense to use the resource name than the author name. 131 | 132 | 133 | 134 | ## References 135 | 136 | 1. J. Szefer. 137 | [Survey of Microarchitectural Side and Covert Channels, Attacks, and Defences](http://eprint.iacr.org/2016/479). 138 | Cryptology ePrint Archive, Report 2016/479. 2016. 139 | 140 | 2. Q. Ge, Y. Yarom, D. Cock and G. Heiser. 141 | [A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware](http://eprint.iacr.org/2016/613). 142 | Cryptology ePrint Archive, Report 2016/613. 2016. 143 | 144 | 145 | -------------------------------------------------------------------------------- /mascab-peripheral.bib: -------------------------------------------------------------------------------- 1 | % Copyright (C) 2018 Daniel Page 2 | % 3 | % Use of this source code is restricted per the CC BY-SA license, a copy of 4 | % which can be found via http://creativecommons.org (and should be included 5 | % as LICENSE.txt within the associated archive or repository). 6 | 7 | % ============================================================================= 8 | @STRING{KEYWORDS={class=peripheral,topic=cache/security}} 9 | 10 | @inproceedings{MASCAB:Inoue:06, 11 | keywords = KEYWORDS, 12 | author = {K. Inoue}, 13 | title = {Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache}, 14 | booktitle = {IEEE International Conference on Electronics, Circuits and Systems (ICECS)}, 15 | pages = {1093--1096}, 16 | year = {2006}, 17 | addendum = { 18 | This paper is peripheral at best, in the sense it details a cache design 19 | intended to prevent buffer overflow attacks; the idea is quite involved, 20 | but basically uses the cache as a redundant, hardware-backed stack which 21 | can detect manipulation of return addresses. The peripheral connection 22 | to cache-based attacks stems from the inclusion of a mechanism for cache 23 | line locking: each line can be controlled st. eviction is prevented. 24 | } 25 | } 26 | 27 | % ----------------------------------------------------------------------------- 28 | @STRING{KEYWORDS={class=peripheral,topic=cache/power}} 29 | 30 | @article{MASCAB:SubJonTop:13, 31 | keywords = KEYWORDS, 32 | author = {K.T. Sundararajan and T.M. Jones and N.P. Topham}, 33 | title = {The Smart Cache: An Energy-Efficient Cache Architecture Through Dynamic Adaptation}, 34 | journal = {International Journal of Parallel Programming}, 35 | volume = {41}, 36 | number = {2}, 37 | pages = {305--330}, 38 | year = {2013} 39 | } 40 | 41 | @inproceedings{MASCAB:KFBM:02, 42 | keywords = KEYWORDS, 43 | author = {N.S. Kim and K. Flautner and D. Blaauw and T.N. Mudge}, 44 | title = {Drowsy Instruction Caches: Leakage Power Reduction using Dynamic Voltage Scaling and Cache Sub-bank Prediction}, 45 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 46 | pages = {219--230}, 47 | year = {2002} 48 | } 49 | 50 | @inproceedings{MASCAB:KKMBM:02, 51 | keywords = KEYWORDS, 52 | author = {K. Flautner and N.S. Kim and S. Martin and D. Blaauw and T.N. Mudge}, 53 | title = {Drowsy Caches: Simple Techniques for Reducing Leakage Power}, 54 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 55 | pages = {148--157}, 56 | year = {2002} 57 | } 58 | 59 | @inproceedings{MASCAB:KaxHuMar:01, 60 | keywords = KEYWORDS, 61 | author = {S. Kaxiras and Z. Hu and M. Martonosi}, 62 | title = {Cache decay: exploiting generational behavior to reduce cache leakage power}, 63 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 64 | pages = {240--251}, 65 | year = {2001} 66 | } 67 | 68 | @inproceedings{MASCAB:PYFRV:00, 69 | keywords = KEYWORDS, 70 | author = {M. Powell and S.-H. Yang and B. Falsafi and K. Roy and T. N. Vijaykumar}, 71 | title = {{Gated-Vdd}: A circuit technique to reduce leakage in deep-submicron cache memories}, 72 | booktitle = {International Symposium on Low Power Electronics and Design}, 73 | pages = {90--95}, 74 | year = {2000} 75 | } 76 | 77 | % ----------------------------------------------------------------------------- 78 | @STRING{KEYWORDS={class=peripheral,topic=cache/partition}} 79 | 80 | @inproceedings{MASCAB:SanKoz:11, 81 | keywords = KEYWORDS, 82 | author = {D. Sanchez and C. Kozyrakis}, 83 | title = {Vantage: Scalable and efficient fine-grain cache partitioning}, 84 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 85 | pages = {57--68}, 86 | year = {2011} 87 | } 88 | 89 | @inproceedings{MASCAB:RacPat:03, 90 | keywords = KEYWORDS, 91 | author = {P. Racunas and Y.N. Patt}, 92 | title = {Partitioned First-level Cache Design for Clustered Microarchitectures}, 93 | booktitle = {International Conference on Supercomputing (ICS)}, 94 | pages = {22--31}, 95 | year = {2003} 96 | } 97 | 98 | @inproceedings{MASCAB:PetOra:01, 99 | keywords = KEYWORDS, 100 | author = {P. Petrov and A. Orailoglu}, 101 | title = {Towards effective embedded processors in codesigns: customizable partitioned caches}, 102 | booktitle = {Hardware/Software Codesign (CODES)}, 103 | pages = {79--84}, 104 | year = {2001} 105 | } 106 | 107 | @inproceedings{MASCAB:KVKSIG:01, 108 | keywords = KEYWORDS, 109 | author = {S. Kim and N. Vijaykrishnan and M. Kandemir and A. Sivasubramaniam and M.J. Irwin and E. Geethanjali}, 110 | title = {Power-aware Partitioned Cache Architectures}, 111 | booktitle = {International Symposium on Low Power Electronics and Design (ISLPED)}, 112 | pages = {64--67}, 113 | year = {2001} 114 | } 115 | 116 | @inproceedings{MASCAB:RanAdvJou:00, 117 | keywords = KEYWORDS, 118 | author = {P. Ranganathan and S. Adve and N.P. Jouppi}, 119 | title = {Reconfigurable Caches and Their Application to Media Processing}, 120 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 121 | pages = {214--224}, 122 | year = {2000}, 123 | } 124 | 125 | @inproceedings{MASCAB:GonAliVal:95, 126 | keywords = KEYWORDS, 127 | author = {A. Gonz\'{a}lez and C. Aliagas and M. Valero}, 128 | title = {A Data Cache with Multiple Caching Strategies Tuned to Different Types of Locality}, 129 | booktitle = {International Conference on Supercomputing (ICS)}, 130 | pages = {338--347}, 131 | year = {1995} 132 | } 133 | 134 | @inproceedings{MASCAB:JuaRoyNav:95, 135 | keywords = KEYWORDS, 136 | author = {T. Juan and D. Royo and J.J. Navarro}, 137 | title = {Dynamic Cache Splitting}, 138 | booktitle = {International Confernce of the Chilean Computational Society}, 139 | year = {1995} 140 | } 141 | 142 | % ============================================================================= 143 | @STRING{KEYWORDS={class=peripheral,topic=attack/rowhammer}} 144 | 145 | @inproceedings{MASCAB:VFLGMVBRG:16, 146 | keywords = KEYWORDS, 147 | author = {V. van der Veen and Y. Fratantonio and M. Lindorfer and D. Gruss and C. Maurice and G. Vigna and H. Bos and K. Razavi and C. Giuffrida}, 148 | title = {Drammer: Deterministic Rowhammer Attacks on Mobile Platforms}, 149 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 150 | pages = {1675--1689}, 151 | year = {2016} 152 | } 153 | 154 | @inproceedings{MASCAB:QiaSea:16, 155 | keywords = KEYWORDS, 156 | author = {R. Qiao and M. Seaborn}, 157 | title = {A new approach for rowhammer attacks}, 158 | booktitle = {Hardware Oriented Security and Trust (HOST)}, 159 | pages = {161--166}, 160 | year = {2016} 161 | } 162 | 163 | @inproceedings{MASCAB:BhaMuk:16, 164 | keywords = KEYWORDS, 165 | author = {S. Bhattacharya and D. Mukhopadhyay}, 166 | title = {Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis}, 167 | booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, 168 | publisher = {Springer-Verlag}, 169 | series = {LNCS 9813}, 170 | pages = {602--624}, 171 | year = {2016} 172 | } 173 | 174 | @article{MASCAB:BDGLS:16, 175 | keywords = KEYWORDS, 176 | author = {F.F. Brasser and L. Davi and D. Gens and C. Liebchen and A.-R. Sadeghi}, 177 | title = {{CAn't Touch This}: Practical and Generic Software-only Defenses Against Rowhammer Attacks}, 178 | journal = {CoRR}, 179 | volume = {abs/1611.08396}, 180 | year = {2016}, 181 | url = {http://arxiv.org/abs/1611.08396} 182 | } 183 | 184 | @article{MASCAB:GruMauMan:15, 185 | keywords = KEYWORDS, 186 | author = {D. Gruss and C. Maurice and S. Mangard}, 187 | title = {Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript}, 188 | journal = {CoRR}, 189 | volume = {abs/1507.06955}, 190 | year = {2015}, 191 | url = {http://arxiv.org/abs/1507.06955} 192 | } 193 | 194 | @inproceedings{MASCAB:KDKFLLWLM:14, 195 | keywords = KEYWORDS, 196 | author = {Y. Kim and R. Daly and J. Kim and C. Fallin and J.H. Lee and D. Lee and C. Wilkerson and K. Lai and O. Mutlu}, 197 | title = {Flipping bits in memory without accessing them: An experimental study of {DRAM} disturbance errors}, 198 | booktitle = {International Symposium on Computer architecuture (ISCA)}, 199 | pages = {361--372}, 200 | year = {2014} 201 | } 202 | 203 | % ----------------------------------------------------------------------------- 204 | @STRING{KEYWORDS={class=peripheral,topic=attack/aslr}} 205 | 206 | @inproceedings{MASCAB:JanLeeKim:16, 207 | keywords = KEYWORDS, 208 | author = {Y. Jang and S. Lee and T. Kim}, 209 | title = {Breaking Kernel Address Space Layout Randomization with {Intel} {TSX}}, 210 | booktitle = {Conference on Computer and Communications Security (CCS)}, 211 | pages = {380--392}, 212 | year = {2016} 213 | } 214 | 215 | % ----------------------------------------------------------------------------- 216 | @STRING{KEYWORDS={class=peripheral,topic=attack/debug}} 217 | 218 | @article{MASCAB:HuaMis:17, 219 | keywords = KEYWORDS, 220 | author = {Y. Huang and P. Mishra}, 221 | title = {Trace Buffer Attack on the AES Cipher}, 222 | journal = {Journal of Hardware and Systems Security}, 223 | publisher = {Springer-Verlag}, 224 | volume = {1}, 225 | issue = {1}, 226 | pages = {68--84}, 227 | year = {2017}, 228 | addendum = { 229 | See also~\cite{MASCAB:HuaChaMis:15}. 230 | The ARM trace buffer is essentially an on-chip test and debug mechanism: 231 | one can configure it to capture a subset of signals for some period, and 232 | then export the result for analysis. In a sense, this yields a problem 233 | of the same style as scan-chain based attacks, namely a tension between 234 | the needs of observability and security. 235 | } 236 | } 237 | 238 | @inproceedings{MASCAB:HuaChaMis:15, 239 | keywords = KEYWORDS, 240 | author = {Y. Huang and A. Chattopadhyay and P. Mishra}, 241 | title = {Trace Buffer Attack: Security versus observability study in post-silicon debug}, 242 | booktitle = {Very Large Scale Integration (VLSI-SoC)}, 243 | pages = {355--360}, 244 | year = {2015} 245 | } 246 | 247 | % ----------------------------------------------------------------------------- 248 | @STRING{KEYWORDS={class=peripheral,topic=attack/degrade}} 249 | 250 | @inproceedings{MASCAB:TsaEtsFei:07, 251 | keywords = KEYWORDS, 252 | author = {D. Tsafrir and Y. Etsion and D.G. Feitelson}, 253 | title = {Secretly Monopolizing the {CPU} Without Superuser Privileges}, 254 | booktitle = {USENIX Security Symposium}, 255 | pages = {17:1--17:18}, 256 | year = {2007} 257 | } 258 | 259 | % ----------------------------------------------------------------------------- 260 | @STRING{KEYWORDS={class=peripheral,topic=attack/recover}} 261 | 262 | @inproceedings{MASCAB:PoeSib:15, 263 | keywords = KEYWORDS, 264 | author = {B. Poettering and D.L. Sibborn}, 265 | title = {Cold Boot Attacks in the Discrete Logarithm Setting}, 266 | booktitle = {Topics in Cryptology (CT-RSA)}, 267 | publisher = {Springer-Verlag}, 268 | series = {LNCS 9048}, 269 | pages = {449--465}, 270 | year = {2015} 271 | } 272 | 273 | @inproceedings{MASCAB:PatPolSib:12, 274 | keywords = KEYWORDS, 275 | author = {K.G. Paterson and A. Polychroniadou and D.L. Sibborn}, 276 | title = {A Coding-Theoretic Approach to Recovering Noisy {RSA} Keys}, 277 | booktitle = {Advances in Cryptology (ASIACRYPT)}, 278 | publisher = {Springer-Verlag}, 279 | series = {LNCS 7658}, 280 | pages = {386--403}, 281 | year = {2012} 282 | } 283 | 284 | @inproceedings{MASCAB:HenSha:09, 285 | keywords = KEYWORDS, 286 | author = {N. Heninger and H. Shacham}, 287 | title = {Reconstructing {RSA} Private Keys from Random Key Bits}, 288 | booktitle = {Advances in Cryptology (CRYPTO)}, 289 | publisher = {Springer-Verlag}, 290 | series = {LNCS 5677}, 291 | pages = {1--17}, 292 | year = {2009} 293 | } 294 | 295 | @inproceedings{MASCAB:Walter:03, 296 | keywords = KEYWORDS, 297 | author = {C.D. Walter}, 298 | title = {Longer Keys May Facilitate Side Channel Attacks}, 299 | booktitle = {Selected Areas in Cryptography (SAC)}, 300 | publisher = {Springer-Verlag}, 301 | series = {LNCS 3006}, 302 | pages = {42--57}, 303 | year = {2003} 304 | } 305 | 306 | % ----------------------------------------------------------------------------- 307 | @STRING{KEYWORDS={class=peripheral,topic=attack/paradigm}} 308 | 309 | @inproceedings{MASCAB:GBHP:16, 310 | keywords = KEYWORDS, 311 | author = {S. Ghandali and G.T. Becker and D. Holcomb and C. Paar}, 312 | title = {A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks}, 313 | booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, 314 | publisher = {Springer-Verlag}, 315 | series = {LNCS 9813}, 316 | pages = {625--647}, 317 | year = {2016} 318 | } 319 | 320 | @inproceedings{MASCAB:RNRDBS:15, 321 | keywords = KEYWORDS, 322 | author = {L. Rivi\'{e}re and Z. Najm and P. Rauzy and J.-L. Danger and J. Bringer and L. Sauvage}, 323 | title = {High precision fault injections on the instruction cache of {ARMv7-M} architectures}, 324 | booktitle = {IEEE International Symposium on Hardware Oriented Security and Trust (HOST)}, 325 | pages = {62--67}, 326 | year = {2015} 327 | } 328 | 329 | @inproceedings{MASCAB:GruGhi:02, 330 | keywords = KEYWORDS, 331 | author = {D. Grunwald and S. Ghiasi}, 332 | title = {Microarchitectural Denial of Service: Insuring Microarchitectural Fairness}, 333 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 334 | pages = {409--418}, 335 | year = {2002} 336 | } 337 | 338 | @inproceedings{MASCAB:TanSetSto:17, 339 | keywords = KEYWORDS, 340 | author = {A. Tang and S. Sethumadhavan and S. Stolfo}, 341 | title = {{CLKSCREW}: Exposing the Perils of Security-Oblivious Energy Management}, 342 | booktitle = {USENIX Security Symposium}, 343 | pages = {1057--1074}, 344 | year = {2017}, 345 | addendum = { 346 | Dynamic Frequency and Voltage Scaling (DVFS) is a mechanism to manage the 347 | energy consumption of, for example, processor cores; the idea is the core 348 | voltage level and/or clock frequency can be dynamically controlled, which 349 | allows them to be reduced during periods of relative inactivy in order to 350 | reduce energy consumption. 351 | 352 | On ARM-based platforms using Android, DVFS is managed by the kernel. The 353 | paper shows that {\em if} a malicious kernel driver can gain control over 354 | DVFS, this abilility can be leverage to drive the core beyond the stated 355 | operational limits; the result is fault(s) during execution, which can be 356 | capitalised upon per traditional fault attacks (e.g., based on clock or 357 | power glitching: in essence, this is a software-defined fault vs. a fault 358 | injected by physical means). 359 | } 360 | } 361 | 362 | % ============================================================================= 363 | @STRING{KEYWORDS={class=peripheral,topic=verify}} 364 | 365 | @inproceedings{MASCAB:ABBDE:16, 366 | keywords = KEYWORDS, 367 | author = {J.B. Almeida and M. Barbosa and G. Barthe and F. Dupressoir and M. Emmi}, 368 | title = {Verifying Constant-Time Implementations}, 369 | booktitle = {USENIX Security Symposium}, 370 | pages = {53--70}, 371 | year = {2016} 372 | } 373 | 374 | @inproceedings{MASCAB:CGMH:14, 375 | keywords = KEYWORDS, 376 | author = {D. Cock and Q. Ge and T. Murray and G. Heiser}, 377 | title = {The last mile: An empirical study of some timing channels on {seL4}}, 378 | booktitle = {Computer and Communications Security (CCS)}, 379 | pages = {570--581}, 380 | year = {2014}, 381 | addendum = { 382 | Although this paper is interesting for other reasons, a (subtle) point to 383 | note is use of the (information theory based) channel matrix to visualise 384 | timing channels: points in the matrix (visualised as a heat map) capture 385 | the probability of observing each output symbol, given transmission of an 386 | input symbol. 387 | } 388 | } 389 | 390 | @inproceedings{MASCAB:MMBGBSLGK:13, 391 | keywords = KEYWORDS, 392 | author = {T. Murray and D. Matichuk and M. Brassil and P. Gammie and T. Bourke and S. Seefried and C. Lewis and X. Gao and G. Klein}, 393 | title = {{seL4}: from general purpose to a proof of information flow enforcement}, 394 | booktitle = {IEEE Symposium on Security \& Privicy (S\&P)}, 395 | pages = {415--429}, 396 | year = {2013} 397 | } 398 | 399 | @inproceedings{MASCAB:KEHACDEEKNSTW:09, 400 | author = {G. Klein and K. Elphinstone and G. Heiser and J. Andronick and D. Cock and P. Derrin and D. Elkaduwe and K. Engelhardt and R. Kolanski and M. Norrish and T. Sewell and H. Tuch and S. Winwood}, 401 | title = {{seL4}: Formal Verification of an {OS} Kernel}, 402 | booktitle = {ACM Symposium on Operating Systems Principles (SOSP)}, 403 | pages = {207--220}, 404 | year = {2009} 405 | } 406 | 407 | % ============================================================================= 408 | @STRING{KEYWORDS={class=peripheral,topic=misc}} 409 | 410 | @inproceedings{MASCAB:AraThu:07, 411 | keywords = KEYWORDS, 412 | author = {S. Aravamuthan and V.R. Thumparthy}, 413 | title = {A Parallelization of {ECDSA} Resistant to Simple Power Analysis Attacks}, 414 | booktitle = {Communication Systems Software and Middleware (COMSWARE)}, 415 | pages = {1--7}, 416 | year = {2007} 417 | } 418 | 419 | @article{MASCAB:PieLomVil:16, 420 | keywords = KEYWORDS, 421 | author = {R. Di Pietro and F. Lombardi and A. Villani}, 422 | title = {{CUDA} Leaks: A Detailed Hack for {CUDA} and a (Partial) Fix}, 423 | journal = {ACM Transactions on Embedded Computing Systems (TECS)}, 424 | volume = {15}, 425 | number = {1}, 426 | pages = {15:1--15:25}, 427 | year = {2016}, 428 | addendum = { 429 | This paper is included mainly to highlight the fact it is {\em not} 430 | about information leakage in the sense of side-channel attacks: the 431 | leakage here is (arguably) closer aligned with the concept of data 432 | remnants, stemming from inadequate access controlled to various GPU 433 | memory structures (by hardware and/or driver infrastructure). 434 | } 435 | } 436 | 437 | @inproceedings{MASCAB:DKLMQW:98, 438 | keywords = KEYWORDS, 439 | author = {J.-F. Dhem and F. Koeune and P.-A. Leroux and P. Mestr\'{e} and J.-J. Quisquater and J.-L. Willems}, 440 | title = {A Practical Implementation of the Timing Attack}, 441 | booktitle = {Smart Card Research and Advanced Applications (CARDIS)}, 442 | publisher = {Springer-Verlag}, 443 | series = {LNCS 1820}, 444 | pages = {167--182}, 445 | year = {1998} 446 | } 447 | 448 | @unpublished{MASCAB:CosDev:16, 449 | keywords = KEYWORDS, 450 | author = {V. Costan and S. Devadas}, 451 | title = {Intel {SGX} Explained}, 452 | howpublished = {Cryptology ePrint Archive, Report 2016/086}, 453 | year = {2016}, 454 | url = {http://eprint.iacr.org/2016/086} 455 | } 456 | 457 | @inproceedings{MASCAB:MulDewFre:10, 458 | keywords = KEYWORDS, 459 | author = {T. M\"{u}ller and A. Dewald and F.C. Freiling}, 460 | title = {{AESSE}: A Cold-boot Resistant Implementation of {AES}}, 461 | booktitle = {European Workshop on System Security (EUROSEC)}, 462 | pages = {42--47}, 463 | year = {2010} 464 | } 465 | 466 | % ============================================================================= 467 | -------------------------------------------------------------------------------- /mascab-scratchpad.bib: -------------------------------------------------------------------------------- 1 | % Copyright (C) 2018 Daniel Page 2 | % 3 | % Use of this source code is restricted per the CC BY-SA license, a copy of 4 | % which can be found via http://creativecommons.org (and should be included 5 | % as LICENSE.txt within the associated archive or repository). 6 | 7 | % ============================================================================= 8 | @STRING{KEYWORDS={class=misc/history}} 9 | 10 | @inproceedings{MASCAB:Trostle:98, 11 | author = {J.T. Trostle}, 12 | title = {Timing Attacks Against Trusted Path}, 13 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 14 | pages = {125--134}, 15 | year = {1998} 16 | } 17 | 18 | @techreport{MASCAB:Gligor:93, 19 | author = {V. Gligor}, 20 | title = {A Guide to Understanding Covert Channel Analysis of Trusted Systems}, 21 | institute = {Naval Coastal Systems Center}, 22 | number = {ADA276418}, 23 | year = {1993}, 24 | url = {http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA276418} 25 | } 26 | 27 | @inproceedings{MASCAB:Hu:92, 28 | author = {W.M. Hu}, 29 | title = {Lattice Scheduling and Covert Channels}, 30 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 31 | pages = {52--61}, 32 | year = {1992} 33 | } 34 | 35 | @article{MASCAB:Kemmerer:83, 36 | author = {R.A. Kemmerer}, 37 | title = {Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels}, 38 | journal = {ACM Transactions on Computer Systems}, 39 | volume = {1}, 40 | number = {3}, 41 | pages = {256--277}, 42 | year = {1983} 43 | } 44 | 45 | @inproceedings{MASCAB:Wray:91, 46 | author = {J.C. Wray}, 47 | title = {An analysis of covert timing channels}, 48 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 49 | pages = {2--7}, 50 | year = {1991} 51 | } 52 | 53 | @inproceedings{MASCAB:KarWra:91, 54 | author = {P.A. Karger and J.C. Wray}, 55 | title = {Storage channels in disk arm optimization}, 56 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 57 | pages = {52--61}, 58 | year = {1991} 59 | } 60 | 61 | @inproceedings{MASCAB:GolLinCud:84, 62 | author = {B.D. Gold and R.R. Linde and P.F. Cudney}, 63 | title = {{KVM/370} in Retrospect}, 64 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 65 | pages = {13--23}, 66 | year = {1984} 67 | } 68 | 69 | @inproceedings{MASCAB:SGLS:77, 70 | author = {M. Schaefer and B. Gold and R. Linde and J. Scheid}, 71 | title = {Program confinement in {KVM/370}}, 72 | booktitle = {Proceedings of the ACM Annual Conference}, 73 | pages = {404--410}, 74 | year = {1977} 75 | } 76 | 77 | @unpublished{MASCAB:V:76, 78 | author = {T. van Vleck}, 79 | title = {Timing Channels}, 80 | url = {http://www.multicians.org/timing-chn.html}, 81 | year = {1976} 82 | } 83 | 84 | % ============================================================================= 85 | @STRING{KEYWORDS={class=channel/covert,topic=neg}} 86 | 87 | @inproceedings{MASCAB:EvtPon:16, 88 | author = {D. Evtyushkin and D. Ponomarev}, 89 | title = {Covert Channels Through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations}, 90 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 91 | pages = {843--857}, 92 | year = {2016} 93 | } 94 | 95 | @inproceedings{MASCAB:EvtPonAbu:15, 96 | author = {D. Evtyushkin and D. Ponomarev and N. Abu-Ghazaleh}, 97 | title = {Covert Channels Through Branch Predictors: A Feasibility Study}, 98 | booktitle = {Hardware and Architectural Support for Security and Privacy (HASP)}, 99 | pages = {5:1--5:8}, 100 | year = {2015} 101 | } 102 | 103 | @inproceedings{MASCAB:MNHF:15, 104 | author = {C. Maurice and C. Neumann and O. Heen and A. Francillon}, 105 | title = {{C5}: Cross-Cores Cache Covert Channel}, 106 | booktitle = {Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)}, 107 | publisher = {Springer-Verlag}, 108 | series = {LNCS 9148}, 109 | pages = {46--64}, 110 | year = {2015} 111 | } 112 | 113 | @inproceedings{MASCAB:XXHW:12, 114 | author = {J. Xiao and Z. Xu and H. Huang and H. Wang}, 115 | title = {A covert channel construction in a virtualized environment}, 116 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 117 | pages = {1040--1042}, 118 | year = {2012} 119 | } 120 | 121 | @inproceedings{MASCAB:WuXuWan:12, 122 | author = {Z. Wu and Z. Xu and H. Wang}, 123 | title = {Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud}, 124 | booktitle = {USENIX Security Symposium}, 125 | pages = {159--173}, 126 | year = {2012} 127 | } 128 | 129 | @inproceedings{MASCAB:LGASSK:09, 130 | author = {Y. Liu and D. Ghosal and F. Armknecht and A.-R. Sadeghi and S. Schulz and S. Katzenbeisser}, 131 | title = {Hide and Seek in Time: Robust Covert Timing Channels}, 132 | booktitle = {European Conference on Research in Computer Security (ESORICS)}, 133 | pages = {120--135}, 134 | year = {2009} 135 | } 136 | 137 | % ----------------------------------------------------------------------------- 138 | @STRING{KEYWORDS={class=channel/covert,topic=pos}} 139 | 140 | @article{MASCAB:EvtPonAbu:16:b, 141 | author = {D. Evtyushkin and D. Ponomarev and N. Abu-Ghazaleh}, 142 | title = {Understanding and Mitigating Covert Channels Through Branch Predictors}, 143 | journal = {ACM Transactions on Architecture and Code Optimisation (TACO)}, 144 | volume = {13}, 145 | number = {1}, 146 | pages = {10:1--10:23}, 147 | year = {2016} 148 | } 149 | 150 | @inproceedings{MASCAB:CheVen:14, 151 | author = {J. Chen and G. Venkataramani}, 152 | title = {{CC-Hunter}: Uncovering Covert Timing Channels on Shared Processor Hardware}, 153 | booktitle = {IEEE/ACM International Symposium on Microarchitecture (MICRO)}, 154 | pages = {216--228}, 155 | year = {2014}, 156 | } 157 | 158 | @inproceedings{MASCAB:CMXHPSZ:14, 159 | author = {A. Chen and W.B. Moore and H. Xiao and A. Haeberlen and L.T.X. Phan and M. Sherr and W. Zhou}, 160 | title = {Detecting Covert Timing Channels with Time-deterministic Replay}, 161 | booktitle = {USENIX Conference on Operating Systems Design and Implementation (OSDI)}, 162 | pages = {541--554}, 163 | year = {2014} 164 | } 165 | 166 | @inproceedings{MASCAB:AHFG:10, 167 | author = {A. Aviram and S. Hu and B. Ford and R. Gummadi}, 168 | title = {Determinating Timing Channels in Compute Clouds}, 169 | booktitle = {ACM Workshop on Cloud Computing Security Workshop (CCSW)}, 170 | pages = {103--108}, 171 | year = {2010} 172 | } 173 | 174 | @inproceedings{MASCAB:GiaWan:07, 175 | author = {S. Gianvecchio and H. Wang}, 176 | title = {Detecting Covert Timing Channels: An Entropy-based Approach}, 177 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 178 | pages = {307--316}, 179 | year = {2007} 180 | } 181 | 182 | @techreport{MASCAB:Gray:94, 183 | author = {J.W. Gray}, 184 | title = {Countermeasures and tradeoffs for a class of covert timing channels}, 185 | intitute = {Hong Kong University of Science and Technology}, 186 | number = {1783.1-25}, 187 | date = {1994}, 188 | url = {http://hdl.handle.net/1783.1/25} 189 | } 190 | 191 | % ----------------------------------------------------------------------------- 192 | @STRING{KEYWORDS={class=channel/covert,topic=alt}} 193 | 194 | @inproceedings{MASCAB:MWSGGBRM:17, 195 | author = {C. Maurice and M. Weber and M. Schwarz and L. Giner and D. Gruss and C.A. Boano and K. Romer and S. Mangard}, 196 | title = {Hello from the Other Side: {SSH} over Robust Cache Covert Channels in the Cloud}, 197 | booktitle = {Network and Distributed System Security Symposium (NDSS)}, 198 | year = {2017} 199 | } 200 | 201 | % ============================================================================= 202 | @STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=dcache}} 203 | 204 | @inproceedings{MASCAB:IraEisSun:16:a, 205 | author = {G. Irazoqui and T. Eisenbarth and B. Sunar}, 206 | title = {Cross Processor Cache Attacks}, 207 | booktitle = {ACM Symposium on Information, Computer and Communications Security (AsiaCCS)}, 208 | pages = {353--364}, 209 | year = {2016} 210 | } 211 | 212 | @inproceedings{MASCAB:PGMSM:16, 213 | author = {P. Pessl and D. Gruss and C. Maurice and M. Schwarz and S. Mangard}, 214 | title = {{DRAMA}: Exploiting {DRAM} Addressing for Cross-{CPU} Attacks}, 215 | booktitle = {USENIX Security Symposium}, 216 | pages = {565--581}, 217 | year = {2016} 218 | } 219 | 220 | @inproceedings{MASCAB:KAPJ:16, 221 | author = {M. Kayaalp and N. Abu-Ghazaleh and D. Ponomarev and A. Jaleel}, 222 | title = {A high-resolution side-channel attack on last-level cache}, 223 | booktitle = {Design Automation Conference (DAC)}, 224 | pages = {72:1--72:6}, 225 | year = {2016} 226 | } 227 | 228 | @inproceedings{MASCAB:IGIES:16, 229 | author = {M.S. Inci and B. G\"{u}lmezoglu and G. Irazoqui and T. Eisenbarth and B. Sunar}, 230 | title = {Cache Attacks Enable Bulk Key Recovery on the Cloud}, 231 | booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, 232 | publisher = {Springer-Verlag}, 233 | series = {LNCS 9813}, 234 | pages = {368--388}, 235 | year = {2016} 236 | } 237 | 238 | @inproceedings{MASCAB:AshGirMen:16, 239 | author = {C. Ashokkumar and R. P. Giri and B. Menezes}, 240 | title = {Highly Efficient Algorithms for {AES} Key Retrieval in Cache Access Attacks}, 241 | booktitle = {IEEE European Symposium on Security \& Privacy (EuroS\&P)}, 242 | pages = {261--275}, 243 | year = {2016} 244 | } 245 | 246 | @inproceedings{MASCAB:GNBD:16, 247 | author = {R. Guanciale and H. Nemati and C. Baumann and M. Dam}, 248 | title = {Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures}, 249 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 250 | pages = {38--55}, 251 | year = {2016} 252 | } 253 | 254 | @inproceedings{MASCAB:LYGHL:15, 255 | author = {F. Liu and Y. Yarom and Q. Ge and G. Heiser and R.B. Lee}, 256 | title = {Last-Level Cache Side-Channel Attacks are Practical}, 257 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 258 | pages = {605--622}, 259 | year = {2015} 260 | } 261 | 262 | @inproceedings{MASCAB:IraEisSun:15, 263 | author = {G. Irazoqui and T. Eisenbarth and B. Sunar}, 264 | title = {{S\$A}: A Shared Cache Attack That Works across Cores and Defies {VM} Sandboxing -- and Its Application to {AES}}, 265 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 266 | pages = {591--604}, 267 | year = {2015} 268 | } 269 | 270 | @inproceedings{MASCAB:PolSmaYar:15, 271 | author = {J. van de Pol and N.P. Smart and Y. Yarom}, 272 | title = {Just a Little Bit More}, 273 | booktitle = {Topics in Cryptology (CT-RSA)}, 274 | publisher = {Springer-Verlag}, 275 | series = {LNCS 9048}, 276 | pages = {3--21}, 277 | year = {2015} 278 | } 279 | 280 | @inproceedings{MASCAB:GIIES:15, 281 | author = {B. G\"{u}lmezoglu and M.S. Inci and G. Irazoqui and T. Eisenbarth and B. Sunar}, 282 | title = {A Faster and More Realistic {\sc Flush+Reload} Attack on {AES}}, 283 | booktitle = {Constructive Side-Channel Analysis and Secure Design (COSADE)}, 284 | publisher = {Springer-Verlag}, 285 | series = {LNCS 9064}, 286 | pages = {111--126}, 287 | year = {2015} 288 | } 289 | 290 | @inproceedings{MASCAB:OKSK:15, 291 | author = {Y. Oren and V.P. Kemerlis and S. Sethumadhavan and A.D. Keromytis}, 292 | title = {The Spy in the Sandbox: Practical Cache Attacks in {JavaScript} and Their Implications}, 293 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 294 | pages = {1406--1418}, 295 | year = {2015} 296 | } 297 | 298 | @inproceedings{MASCAB:IIES:15:a, 299 | author = {G. Irazoqui and M.S. Inci and T. Eisenbarth and B. Sunar}, 300 | title = {Lucky 13 Strikes Back}, 301 | booktitle = {ACM Symposium on Information, Computer and Communications Security (AsiaCCS)}, 302 | pages = {85--96}, 303 | year = {2015} 304 | } 305 | 306 | @inproceedings{MASCAB:ZJRR:14, 307 | author = {Y. Zhang and A. Juels and M.K. Reiter and T. Ristenpart}, 308 | title = {Cross-Tenant Side-Channel Attacks in {PaaS} Clouds}, 309 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 310 | pages = {990--1003}, 311 | year = {2014}, 312 | } 313 | 314 | @inproceedings{MASCAB:SFKD:14, 315 | author = {V. Saraswat and D. Feldman and D.F. Kune and S. Das}, 316 | title = {Remote Cache-timing Attacks Against {AES}}, 317 | booktitle = {Cryptography and Security in Computing Systems (CS2)}, 318 | pages = {45--48}, 319 | year = {2014} 320 | } 321 | 322 | @inproceedings{MASCAB:IIES:14, 323 | author = {G. Irazoqui and M.S. Inci and T. Eisenbarth and B. Sunar}, 324 | title = {Wait a Minute! A fast, Cross-{VM} Attack on {AES}}, 325 | booktitle = {Recent Advances in Intrusion Detection (RAID)}, 326 | publisher = {Springer-Verlag}, 327 | series = {LNCS 8688}, 328 | pages = {299--319}, 329 | year = {2014} 330 | } 331 | 332 | @inproceedings{MASCAB:SprGer:14, 333 | author = {R. Spreitzer and B. G\'{e}rard}, 334 | title = {Towards More Practical Time-Driven Cache Attacks}, 335 | booktitle = {Workshop on Information Security Theory and Practice (WISTP)}, 336 | publisher = {Springer-Verlag}, 337 | series = {LNCS 8501}, 338 | pages = {24--39}, 339 | year = {2014} 340 | } 341 | 342 | @inproceedings{MASCAB:WWAS:14, 343 | author = {M. Wei{\ss} and B. Weggenmann and M. August and G. Sigl}, 344 | title = {On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems}, 345 | booktitle = {International Conference on Trusted Systems (INTRUST)}, 346 | publisher = {Springer-Verlag}, 347 | series = {LNCS 9473}, 348 | pages = {151--167}, 349 | year = {2014} 350 | } 351 | 352 | @inproceedings{MASCAB:BPSY:14, 353 | author = {N. Benger and J. van de Pol and N.P. Smart and Y. Yarom}, 354 | title = {``Ooh Aah... Just a Little Bit'' : A Small Amount of Side Channel Can Go a Long Way}, 355 | booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, 356 | publisher = {Springer-Verlag}, 357 | series = {LNCS 8731}, 358 | pages = {75--92}, 359 | year = {2014} 360 | } 361 | 362 | @article{MASCAB:RebMuk:13, 363 | author = {C.D. Rebeiro and D. Mukhopadhyay}, 364 | title = {Micro-Architectural Analysis of Time-Driven Cache Attacks: Quest for the Ideal Implementation}, 365 | journal = {IEEE Transactions on Computers}, 366 | volume = {64}, 367 | number = {3}, 368 | pages = {778--790}, 369 | year = {2013} 370 | } 371 | 372 | @inproceedings{MASCAB:AlyElG:13, 373 | author = {H. Aly and M. ElGayyar}, 374 | title = {Attacking {AES} Using {Bernstein's} Attack on Modern Processors}, 375 | booktitle = {Progress in Cryptology (AFRICACRYPT)}, 376 | publisher = {Springer-Verlag}, 377 | series = {LNCS 7918}, 378 | pages = {127--139}, 379 | year = {2013} 380 | } 381 | 382 | @inproceedings{MASCAB:HenWilHol:13, 383 | author = {R. Hund and C. Willems and T. Holz}, 384 | title = {Practical Timing Side Channel Attacks Against Kernel Space {ASLR}}, 385 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 386 | pages = {191--205}, 387 | year = {2013} 388 | } 389 | 390 | @inproceedings{MASCAB:SprPlo:13:a, 391 | author = {R. Spreitzer and T. Plos}, 392 | title = {Cache-Access Pattern Attack on Disaligned {AES} {T}-Tables}, 393 | booktitle = {Constructive Side-Channel Analysis and Secure Design (COSADE)}, 394 | publisher = {Springer-Verlag}, 395 | series = {LNCS 7864}, 396 | pages = {200--214}, 397 | year = {2013} 398 | } 399 | 400 | @inproceedings{MASCAB:SprPlo:13:b, 401 | author = {R. Spreitzer and T. Plos}, 402 | title = {On the Applicability of Time-Driven Cache Attacks on Mobile Devices}, 403 | booktitle = {Network and System Security (NSS)}, 404 | publisher = {Springer-Verlag}, 405 | series = {LNCS 7873}, 406 | pages = {656--662}, 407 | year = {2013} 408 | } 409 | 410 | @inproceedings{MASCAB:WeiHeiStu:12, 411 | author = {M. Wei{\ss} and B. Heinz and F. Stumpf}, 412 | title = {A Cache Timing Attack on {AES} in Virtualization Environments}, 413 | booktitle = {Financial Cryptography and Data Security (FC)}, 414 | publisher = {Springer-Verlag}, 415 | series = {LNCS 7397}, 416 | pages = {314--328}, 417 | year = {2012} 418 | } 419 | 420 | @article{MASCAB:RebMuk:12, 421 | author = {C.D. Rebeiro and D. Mukhopadhyay}, 422 | title = {Boosting Profiled Cache Timing Attacks With A Priori Analysis}, 423 | journal = {IEEE Transactions on Information Forensics and Security}, 424 | volume = {7}, 425 | number = {6}, 426 | pages = {1900--1905}, 427 | year = {2012} 428 | } 429 | 430 | @inproceedings{MASCAB:ZJRR:12, 431 | author = {Y. Zhang and A. Juels and M.K. Reiter and T. Ristenpart}, 432 | title = {Cross-{VM} Side Channels and Their Use to Extract Private Keys}, 433 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 434 | pages = {305--316}, 435 | year = {2012} 436 | } 437 | 438 | @inproceedings{MASCAB:RPDM:11, 439 | author = {C.D. Rebeiro and R. Poddar and A. Datta and D. Mukhopadhyay}, 440 | title = {An Enhanced Differential Cache Attack on {CLEFIA} for Large Cache Lines}, 441 | booktitle = {Progress in Cryptology (INDOCRYPT)}, 442 | publisher = {Springer-Verlag}, 443 | series = {LNCS 7107}, 444 | pages = {58--75}, 445 | year = {2011} 446 | } 447 | 448 | @inproceedings{MASCAB:RebMuk:11, 449 | author = {C.D. Rebeiro and D. Mukhopadhyay}, 450 | title = {Cryptanalysis of {CLEFIA} Using Differential Methods with Cache Trace Patterns}, 451 | booktitle = {Topics in Cryptology (CT-RSA)}, 452 | publisher = {Springer-Verlag}, 453 | series = {LNCS 6558}, 454 | pages = {89--103}, 455 | year = {2011} 456 | } 457 | 458 | @inproceedings{MASCAB:XBJJHS:11, 459 | author = {Y. Xu and M. Bailey and F. Jahanian and K. Joshi and M. Hiltunen and R. Schlichting}, 460 | title = {An Exploration of {L2} Cache Covert Channels in Virtualized Environments}, 461 | booktitle = {ACM Cloud Computing Security Workshop (CCSW)}, 462 | pages = {29--40}, 463 | year = {2011} 464 | } 465 | 466 | @inproceedings{MASCAB:PodDatReb:11, 467 | author = {R. Poddar and A. Datta and C.D. Rebeiro}, 468 | title = {A Cache Trace Attack on {CAMELLIA}}, 469 | booktitle = {Security Aspects in Information Technology}, 470 | publisher = {Springer-Verlag}, 471 | series = {LNCS 7011}, 472 | pages = {144--156}, 473 | year = {2011} 474 | } 475 | 476 | @inproceedings{MASCAB:JFHR:10, 477 | author = {D. Jayasinghe and J. Fernando and R. Herath and R. Ragel}, 478 | title = {Remote Cache Timing Attack on Advanced Encryption Standard and countermeasures}, 479 | booktitle = {Information and Automation for Sustainability (ICIAFs)}, 480 | pages = {177--182}, 481 | year = {2010} 482 | } 483 | 484 | @inproceedings{MASCAB:BEPW:10, 485 | author = {A. Bogdanov and T. Eisenbarth and C. Paar and M. Wienecke}, 486 | title = {Differential Cache-Collision Timing Attacks on {AES} with Applications to Embedded {CPUs}}, 487 | booktitle = {Topics in Cryptology (CT-RSA)}, 488 | publisher = {Springer-Verlag}, 489 | series = {LNCS 5985}, 490 | pages = {235--251}, 491 | year = {2010} 492 | } 493 | 494 | @inproceedings{MASCAB:RebMonMuk:10, 495 | author = {C.D. Rebeiro and M. Mondal and D. Mukhopadhyay}, 496 | title = {Pinpointing Cache Timing Attacks on {AES}}, 497 | booktitle = {International Conference on VLSI Design (VLSID)}, 498 | pages = {306--311}, 499 | year = {2010} 500 | } 501 | 502 | @inproceedings{MASCAB:GalKizTun:10, 503 | author = {J.-F. Gallais and I. Kizhvatov and M. Tunstall}, 504 | title = {Improved trace-driven cache-collision attacks against embedded {AES} implementations}, 505 | booktitle = {Information Security Applications (WISA)}, 506 | publisher = {Springer-Verlag}, 507 | series = {LNCS 6513}, 508 | pages = {243--257}, 509 | year = {2010} 510 | } 511 | 512 | @unpublished{MASCAB:ZhaWan:10, 513 | author = {X.-J. Zhao and T. Wang}, 514 | title = {Improved Cache Trace Attack on {AES} and {CLEFIA} by Considering Cache Miss and {S-box} Misalignment}, 515 | howpublished = {Cryptology ePrint Archive, Report 2010/056}, 516 | year = {2010}, 517 | url = {http://eprint.iacr.org/2010/056}, 518 | } 519 | 520 | @inproceedings{MASCAB:BruHak:09, 521 | author = {B.B. Brumley and R. Hakala}, 522 | title = {Cache-Timing Template Attacks}, 523 | booktitle = {Advances in Cryptology (ASIACRYPT)}, 524 | publisher = {Springer-Verlag}, 525 | series = {LNCS 5912}, 526 | pages = {667--684}, 527 | year = {2009} 528 | } 529 | 530 | @inproceedings{MASCAB:RTSS:09, 531 | author = {T. Ristenpart and E. Tromer and H. Shacham and S. Savage}, 532 | title = {Hey, You, Get Off of My Cloud! {E}xploring Information Leakage in Third-Party Compute Clouds}, 533 | booktitle = {Computer and Communications Security (CCS)}, 534 | pages = {199--212}, 535 | year = {2009} 536 | } 537 | 538 | @inproceedings{MASCAB:RMTF:09, 539 | author = {C.D. Rebeiro and D. Mukhopadhyay and J. Takahashi and T. Fukunaga}, 540 | title = {Cache Timing Attacks on {Clefia}}, 541 | booktitle = {Progress in Cryptology (INDOCRYPT)}, 542 | publisher = {Springer-Verlag}, 543 | series = {LNCS 5922}, 544 | pages = {104--118}, 545 | year = {2009} 546 | } 547 | 548 | @inproceedings{MASCAB:XTDYZ:08, 549 | author = {Z. Xinjie and W. Tao and M. Dong and Z. Yuanyuan and L. Zhaoyang}, 550 | title = {Robust First Two Rounds Access Driven Cache Timing Attack on {AES}}, 551 | booktitle = {Computer Science and Software Engineering}, 552 | pages = {785--788}, 553 | year = {2008} 554 | } 555 | 556 | @inproceedings{MASCAB:AciSeiKoc:07:b, 557 | author = {O. Ac\i i\c{c}mez, W. Schindler and \c{C}.K. Ko\c{c}}, 558 | title = {Cache Based Remote Timing Attacks on the {AES}}, 559 | booktitle = {Topics in Cryptology (CT-RSA)}, 560 | publisher = {Springer-Verlag}, 561 | series = {LNCS 4377}, 562 | pages = {271--286}, 563 | year = {2007} 564 | } 565 | 566 | @inproceedings{MASCAB:GraGroPag:07, 567 | author = {P. Grabher and J. Gro{\ss}sch\"{a}dl and D. Page}, 568 | title = {Cryptographic Side-Channels from Low Power Cache Memory}, 569 | booktitle = {IMA Conference on Cryptography and Coding (IMACC)}, 570 | publisher = {Springer-Verlag}, 571 | series = {LNCS 4887}, 572 | pages = {170--184}, 573 | year = {2007} 574 | } 575 | 576 | @inproceedings{MASCAB:NevSei:06, 577 | author = {M. Neve and J-.P. Seifert}, 578 | title = {Advances on Access-Driven Cache Attacks on {AES}}, 579 | booktitle = {Selected Areas in Cryptography (SAC)}, 580 | publisher = {Springer-Verlag}, 581 | series = {LNCS 4356}, 582 | pages = {147--162}, 583 | year = {2006} 584 | } 585 | 586 | @article{MASCAB:TTSKM:06, 587 | author = {Y. Tsunoo and E. Tsujihara and M. Shigeri and H. Kubo and K. Minematsu}, 588 | title = {Improving cache attacks by considering cipher structure}, 589 | journal = {Journal of Information Security}, 590 | volume = {5}, 591 | number = {3}, 592 | pages = {166--176}, 593 | year = {2006} 594 | } 595 | 596 | @inproceedings{MASCAB:BonMir:06, 597 | author = {J. Bonneau and I. Mironov}, 598 | title = {Cache-Collision Timing Attacks Against {AES}}, 599 | booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, 600 | publisher = {Springer-Verlag}, 601 | series = {LNCS 4249}, 602 | pages = {201--215}, 603 | year = {2006} 604 | } 605 | 606 | @inproceedings{MASCAB:Lauradoux:05, 607 | author = {C. Lauradoux}, 608 | title = {Collision attacks on processors with cache and countermeasures}, 609 | booktitle = {Western European Workshop on Research in Cryptology (WEWoRC)}, 610 | pages = {76--85}, 611 | year = {2005} 612 | } 613 | 614 | @inproceedings{MASCAB:MinTsuTsu:03, 615 | author = {K. Minematsu and Y. Tsunoo and E. Tsujihara}, 616 | title = {An Analysis on Success Probability of Cache Attack}, 617 | booktitle = {Symposium on Cryptography and Information Security (SCIS)}, 618 | year = {2003}, 619 | note = {(in Japanese)} 620 | } 621 | 622 | @inproceedings{MASCAB:OKSM:03, 623 | author = {K. Ohkuma and S. Kawamura and H. Shimizu and H. Muratani}, 624 | title = {Key Inference in a Side-Channel Attack Based on Cache Miss}, 625 | booktitle = {Symposium on Cryptography and Information Security (SCIS)}, 626 | year = {2003}, 627 | note = {(in Japanese)} 628 | } 629 | 630 | @unpublished{MASCAB:AtiYilSav:16, 631 | author = {A.C. Atici and C. Yilmaz and E. Sava\c{s}}, 632 | title = {Remote Cache-Timing Attack without Learning Phase}, 633 | howpublished = {Cryptology ePrint Archive, Report 2016/002}, 634 | year = {2016}, 635 | url = {http://eprint.iacr.org/2016/002} 636 | } 637 | 638 | @unpublished{MASCAB:IGIES:15, 639 | author = {M.S. Inci and B. G\"{u}lmezoglu and G. Irazoqui and T. Eisenbarth and B. Sunar}, 640 | title = {Seriously, get off my cloud! Cross-{VM} {RSA} Key Recovery in a Public Cloud}, 641 | howpublished = {Cryptology ePrint Archive, Report 2015/898}, 642 | year = {2015}, 643 | url = {http://eprint.iacr.org/2015/898} 644 | } 645 | 646 | @unpublished{MASCAB:IraEisSun:14, 647 | author = {G. Irazoqui and T. Eisenbarth and B. Sunar}, 648 | title = {Jackpot: Stealing Information From Large Caches via Huge Pages}, 649 | howpublished = {Cryptology ePrint Archive, Report 2014/970}, 650 | year = {2014}, 651 | url = {http://eprint.iacr.org/2014/970}, 652 | } 653 | 654 | @unpublished{MASCAB:YarBen:14, 655 | author = {Y. Yarom and N. Benger}, 656 | title = {Recovering {OpenSSL} {ECDSA} Nonces Using the {FLUSH+RELOAD} Cache Side-channel Attack}, 657 | howpublished = {Cryptology ePrint Archive, Report 2014/140}, 658 | year = {2014}, 659 | url = {http://eprint.iacr.org/2014/140}, 660 | } 661 | 662 | @unpublished{MASCAB:NevTir:07, 663 | author = {M. Neve and K. Tiri}, 664 | title = {On the complexity of side-channel attacks on {AES-256}: Methodology and quantitative results on cache attacks}, 665 | note = {Cryptology ePrint Archive, Report 2007/318}, 666 | year = {2007}, 667 | url = {http://eprint.iacr.org/2007/318.pdf} 668 | } 669 | 670 | @unpublished{MASCAB:Bon:06, 671 | author = {J. Bonneau}, 672 | title = {Robust Final-Round Cache-Trace Attacks Against {AES}}, 673 | note = {Cryptology ePrint Archive, Report 2006/374}, 674 | year = {2006}, 675 | url = {http://eprint.iacr.org/2006/374.pdf} 676 | } 677 | 678 | @unpublished{MASCAB:Page:02, 679 | author = {D. Page}, 680 | title = {Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel}, 681 | note = {Cryptology ePrint Archive, Report 2002/169}, 682 | year = {2002}, 683 | url = {http://eprint.iacr.org/2002/169.pdf} 684 | } 685 | 686 | @unpublished{MASCAB:Bernstein:05, 687 | author = {D.J. Bernstein}, 688 | title = {Cache-timing Attacks on {AES}}, 689 | year = {2005}, 690 | url = {http://cr.yp.to/antiforgery/cachetiming-20050414.pdf} 691 | } 692 | 693 | @techreport{MASCAB:OHaTon:05, 694 | author = {M. O'Hanlon and A. Tonge}, 695 | title = {Investigation Of Cache-Timing Attacks On {AES}}, 696 | institude = {Dublin City University}, 697 | year = {2005}, 698 | url = {http://www.sci-sym.dcu.ie/wpapers/2005/0105.pdf} 699 | } 700 | 701 | % ----------------------------------------------------------------------------- 702 | @STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=icache}} 703 | 704 | @article{MASCAB:CWKCL:13, 705 | author = {C. Chen and T. Wang and Y. Kou and X. Chen and X. Li}, 706 | title = {Improvement of Trace-driven {I}-Cache Timing Attack on the {RSA} Algorithm}, 707 | journal = {Journal of Systems and Software}, 708 | volume = {86}, 709 | number = {1}, 710 | pages = {100--107}, 711 | year = {2013} 712 | } 713 | 714 | % ----------------------------------------------------------------------------- 715 | @STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=fetch}} 716 | 717 | @inproceedings{MASCAB:GMFLM:16, 718 | author = {D. Gruss and C. Maurice and A. Fogh and M. Lipp and S. Mangard}, 719 | title = {Prefetch Side-Channel Attacks: Bypassing {SMAP} and Kernel {ASLR}}, 720 | booktitle = {Computer and Communications Security (CCS)}, 721 | pages = {368--379}, 722 | year = {2016} 723 | } 724 | 725 | @inproceedings{MASCAB:BhaRebMuk:12, 726 | author = {S. Bhattacharya and C.D. Rebeiro and D. Mukhopadhyay}, 727 | title = {Hardware Prefetchers Leak: A Revisit of {SVF} for Cache-Timing Attacks}, 728 | booktitle = {IEEE/ACM International Symposium on Microarchitecture Workshops (MICROW)}, 729 | pages = {17--23}, 730 | year = {2012} 731 | } 732 | 733 | % ----------------------------------------------------------------------------- 734 | @STRING{KEYWORDS={class=channel/side/cache,topic=pos/hardware}} 735 | 736 | @inproceedings{MASCAB:WFZMS:16, 737 | author = {Y. Wang and A. Ferraiuolo and D. Zhang and A.C. Myers and E.G. Suh}, 738 | title = {{SecDCP}: Secure Dynamic Cache Partitioning for Efficient Timing Channel Protection}, 739 | booktitle = {Proceedings of the 53rd Annual Design Automation Conference}, 740 | pages = {74:1--74:6}, 741 | year = {2016} 742 | } 743 | 744 | @inproceedings{MASCAB:KKKH:15, 745 | author = {D. Kim and H. Kim and N.S. Kim and J. Huh}, 746 | title = {vCache: Architectural Support for Transparent and Isolated Virtual LLCs in Virtualized Environments}, 747 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 748 | pages = {623--634}, 749 | year = {2015} 750 | } 751 | 752 | @inproceedings{MASCAB:LiuWuLee:15, 753 | author = {F. Liu and H. Wu and R.B. Lee}, 754 | title = {Can Randomized Mapping Secure Instruction Caches from Side-channel Attacks?}, 755 | booktitle = {Hardware and Architectural Support for Security and Privacy (HASP)}, 756 | pages = {4:1--4:8}, 757 | year = {2015} 758 | } 759 | 760 | @inproceedings{MASCAB:LiuLee:14, 761 | author = {F. Liu and R.B. Lee}, 762 | title = {Random Fill Cache Architecture}, 763 | booktitle = {IEEE/ACM International Symposium on Microarchitecture (MICRO)}, 764 | pages = {203--215}, 765 | year = {2014} 766 | } 767 | 768 | @article{MASCAB:DJLAP:12, 769 | author = {L. Domnitser and A. Jaleel and J. Loew and N. Abu-Ghazaleh and D. Ponomarev}, 770 | title = {Non-monopolizable Caches: Low-complexity Mitigation of Cache Side Channel Attacks}, 771 | journal = {ACM Transactions on Architure and Code Optimisation (TACO)}, 772 | volume = {8}, 773 | number = {4}, 774 | pages = {35:1--35:21}, 775 | year = {2012} 776 | } 777 | 778 | @inproceedings{MASCAB:KASZ:09, 779 | author = {J. Kong and O. Ac\i{}i\c{c}mez and J.-P. Seifert and H. Zhou}, 780 | title = {Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks}, 781 | booktitle = {High-Performance Computer Architecture (HPCA)}, 782 | pages = {393--404}, 783 | year = {2009} 784 | } 785 | 786 | @inproceedings{MASCAB:KASZ:08, 787 | author = {J. Kong and O. Ac\i{}i\c{c}mez and J.-P. Seifert and H. Zhou}, 788 | title = {Deconstructing new cache designs for thwarting software cache-based side channel attacks}, 789 | booktitle = {ACM Workshop on Computer Security Architecture (CSAW)}, 790 | pages = {25--34}, 791 | year = {2008} 792 | } 793 | 794 | @inproceedings{MASCAB:WanLee:08, 795 | author = {Z. Wang and R.B. Lee}, 796 | title = {A Novel Cache Architecture with Enhanced Performance and Security}, 797 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 798 | pages = {83--93}, 799 | year = {2008} 800 | } 801 | 802 | @inproceedings{MASCAB:WanLee:07, 803 | author = {Z. Wang and R.B. Lee}, 804 | title = {New Cache Designs for Thwarting Software Cache-based Side Channel Attacks}, 805 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 806 | pages = {494--505}, 807 | year = {2007} 808 | } 809 | 810 | @unpublished{MASCAB:Page:05, 811 | author = {D. Page}, 812 | title = {Partitioned Cache Architecture as a Side-Channel Defence Mechanism}, 813 | note = {Cryptology ePrint Archive, Report 2005/280}, 814 | year = {2005}, 815 | url = {http://eprint.iacr.org/2005/280.pdf} 816 | } 817 | 818 | % ----------------------------------------------------------------------------- 819 | @STRING{KEYWORDS={class=channel/side/cache,topic=pos/software}} 820 | 821 | @article{MASCAB:SadJam:16, 822 | author = {M. Sadiquea and D. Jamesa}, 823 | title = {A Novel Approach to Prevent Cache-based Side-Channel Attack in the Cloud}, 824 | journal = {Procedia Technology}, 825 | volume = {25}, 826 | pages = {232--239}, 827 | year = {2016} 828 | } 829 | 830 | @inproceedings{MASCAB:SBYLTRM:13, 831 | author = {D. Stefan and P. Buiras and E.Z. Yang and A. Levy and D. Terei and A. Russo and D. Mazi\'{e}res}, 832 | title = {Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling}, 833 | booktitle = {European Symposium on Research in Computer Security (ESORICS)}, 834 | publisher = {Springer-Verlag}, 835 | series = {LNCS 8134}, 836 | pages = {718--735}, 837 | year = {2013} 838 | } 839 | 840 | @inproceedings{MASCAB:GodZul:13, 841 | author = {M. Godfrey and M. Zulkernine}, 842 | title = {A Server-Side Solution to Cache-Based Side-Channel Attacks in the Cloud}, 843 | booktitle = {Proceedings of the 2013 IEEE Sixth International Conference on Cloud Computing (CLOUD)}, 844 | pages = {163--170}, 845 | year = {2013} 846 | } 847 | 848 | @inproceedings{MASCAB:KimPeiMai:12, 849 | author = {T. Kim and M. Peinado and G. Mainar-Ruiz}, 850 | title = {{StealthMem}: System-level Protection Against Cache-based Side Channel Attacks in the Cloud}, 851 | booktitle = {USENIX Security Symposium}, 852 | pages = {11:1--11:16}, 853 | year = {2012} 854 | } 855 | 856 | @inproceedings{MASCAB:AlaJayRag:11, 857 | author = {J. Alawatugoda and D. Jayasinghe and R. Ragel}, 858 | title = {Countermeasures against {Bernstein's} remote cache timing attack}, 859 | booktitle = {IEEE International Conference on Industrial and Information Systems (ICIIS)}, 860 | pages = {43--48}, 861 | year = {2011}, 862 | note = {See also~\url{http://arxiv.org/pdf/1403.7297}} 863 | } 864 | 865 | @inproceedings{MASCAB:BruTuv:11, 866 | author = {B.B. Brumley and N. Tuveri}, 867 | title = {Cache-Timing Attacks and Shared Contexts}, 868 | booktitle = {Constructive Side-Channel Analysis and Secure Design (COSADE)}, 869 | year = {2011} 870 | } 871 | 872 | @inproceedings{MASCAB:SSCZ:11, 873 | author = {J. Shi and X. Song and H. Chen and B. Zang}, 874 | title = {Limiting Cache-based Side-channel in Multi-tenant Cloud Using Dynamic Page Coloring}, 875 | booktitle = {Dependable Systems and Networks Workshop (DSNW)}, 876 | pages = {194--199}, 877 | year = {2011} 878 | } 879 | 880 | @inproceedings{MASCAB:JoyTun:07, 881 | author = {M. Joye and M. Tunstall}, 882 | title = {Securing {OpenSSL} against micro-architectural attacks}, 883 | booktitle = {Security and Cryptography (SECRYPT)}, 884 | pages = {189--196}, 885 | year = {2007} 886 | } 887 | 888 | @unpublished{MASCAB:BGNS:06, 889 | author = {E.F. Brickell and G. Graunke and M. Neve and J.-P. Seifert}, 890 | title = {Software mitigations to hedge {AES} against cache-based software side channel vulnerabilities}, 891 | note = {Cryptology ePrint Archive, Report 2006/052}, 892 | year = {2006}, 893 | url = {http://eprint.iacr.org/2006/052.pdf} 894 | } 895 | 896 | @article{MASCAB:Page:03, 897 | author = {D. Page}, 898 | title = {Defending Against Cache Based Side-Channel Attacks}, 899 | journal = {Information Security Technical Report}, 900 | volume = {8}, 901 | number = {1}, 902 | pages = {30--44}, 903 | year = {2003} 904 | } 905 | 906 | % ----------------------------------------------------------------------------- 907 | @STRING{KEYWORDS={class=channel/side/cache,topic=analysis/hw}} 908 | 909 | @unpublished{MASCAB:YGLLH:15, 910 | author = {Y. Yarom and Q. Ge and F. Liu and R.B. Lee and G. Heiser}, 911 | title = {Mapping the Intel Last-Level Cache}, 912 | howpublished = {Cryptology ePrint Archive, Report 2015/905}, 913 | year = {2015}, 914 | url = {http://eprint.iacr.org/2015/905} 915 | } 916 | 917 | @inproceedings{MASCAB:MSNHF:15, 918 | author = {C. Maurice and N. Le Scouarnec and C. Neumann and O. Heen and A. Francillon}, 919 | title = {Reverse Engineering {Intel} Last-Level Cache Complex Addressing Using Performance Counters}, 920 | booktitle = {Recent Advances in Intrusion Detection (RAID)}, 921 | publisher = {Springer-Verlag}, 922 | series = {LNCS 9404}, 923 | pages = {48--65}, 924 | year = {2015} 925 | } 926 | 927 | @inproceedings{MASCAB:IES:15, 928 | author = {G. Irazoqui and T. Eisenbarth and B. Sunar}, 929 | title = {Systematic Reverse Engineering of Cache Slice Selection in {Intel} Processors}, 930 | booktitle = {Digital System Design (DSD)}, 931 | pages = {629--636}, 932 | year = {2015} 933 | } 934 | 935 | % ----------------------------------------------------------------------------- 936 | @STRING{KEYWORDS={class=channel/side/cache,topic=pos/analysis}} 937 | 938 | @inproceedings{MASCAB:AtiYilSav:13, 939 | author = {A.C. Atici and C. Yilmaz and E. Sava\c{s}}, 940 | title = {An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks}, 941 | booktitle = {Software Security and Reliability-Companion (SERE-C)}, 942 | pages = {74--83}, 943 | year = {2013} 944 | } 945 | 946 | % ----------------------------------------------------------------------------- 947 | @STRING{KEYWORDS={class=channel/side/cache,topic=analysis/security}} 948 | 949 | @unpublished{MASCAB:ZDFJ:16, 950 | author = {L. Zhang and A.A. Ding and Y. Fei and Z.H. Jiang}, 951 | title = {Statistical Analysis for Access-Driven Cache Attacks Against {AES}}, 952 | note = {Cryptology ePrint Archive, Report 2016/970}, 953 | year = {2016}, 954 | url = {http://eprint.iacr.org/2016/970} 955 | } 956 | 957 | @inproceedings{MASCAB:BMRM:16, 958 | author = {S. Briongos and P. Malag\'{o}n and J.L. Risco-Mart\'{\i}n and J.M. Moya}, 959 | title = {Modeling Side-channel Cache Attacks on {AES}}, 960 | booktitle = {Summer Computer Simulation Conference (SCSC)}, 961 | pages = {37:1--37:8}, 962 | year = {2016} 963 | } 964 | 965 | @inproceedings{MASCAB:ZMHS:16, 966 | author = {A. Zankl and K. Miller and J. Heyszl and G. Sigl}, 967 | title = {Towards Efficient Evaluation of a Time-Driven Cache Attack on Modern Processors}, 968 | booktitle = {European Symposium on Research in Computer Security (ESORICS)}, 969 | publisher = {Springer-Verlag}, 970 | series = {LNCS 9879}, 971 | pages = {3--19}, 972 | year = {2016} 973 | } 974 | 975 | @article{MASCAB:SavYil:15, 976 | author = {E. Sava\c{s} and C. Yilmaz}, 977 | title = {A Generic Method for the Analysis of a Class of Cache Attacks: A Case Study for {AES}}, 978 | journal = {The Computer Journal}, 979 | volume = {58}, 980 | number = {10}, 981 | pages = {2716--2737}, 982 | year = {2015} 983 | } 984 | 985 | @inproceedings{MASCAB:LiuLee:13, 986 | author = {F. Liu and R.B. Lee}, 987 | title = {Security Testing of a Secure Cache Design}, 988 | booktitle = {Hardware and Architectural Support for Security and Privacy (HASP)}, 989 | pages = {3:1--3:8}, 990 | year = {2013} 991 | } 992 | 993 | @inproceedings{MASCAB:TANA:07, 994 | author = {K. Tiri and O. Ac\i{}i\c{c}mez and M. Neve and F. Andersen}, 995 | title = {An Analytical Model for Time-Driven Cache Attacks}, 996 | booktitle = {Fast Software Encryption (FSE)}, 997 | publisher = {Springer-Verlag}, 998 | series = {LNCS 4593}, 999 | pages = {399--413}, 1000 | year = {2007} 1001 | } 1002 | 1003 | % ----------------------------------------------------------------------------- 1004 | @STRING{KEYWORDS={class=channel/side/cache,topic=analysis/misc}} 1005 | 1006 | @article{MASCAB:ZWLZZ:15, 1007 | author = {P. Zhou and T. Wang and G. Li and F. Zhang and X. Zhao}, 1008 | title = {Analysis on the parameter selection method for {\sc Flush+Reload} based cache timing attack on {RSA}}, 1009 | journal = {China Communications}, 1010 | volume = {12}, 1011 | issue = {6}, 1012 | pages = {33--45}, 1013 | year = {2015} 1014 | } 1015 | 1016 | @inproceedings{MASCAB:TFAF:13, 1017 | author = {J. Takahashi and T. Fukunaga and K. Aoki and H. Fuji}, 1018 | title = {Highly Accurate Key Extraction Method for Access-Driven Cache Attacks Using Correlation Coefficient}, 1019 | booktitle = {Australasian Conference on Information Security and Privacy (ACISP)}, 1020 | publisher = {Springer-Verlag}, 1021 | series = {LNCS 7959}, 1022 | pages = {286--301}, 1023 | year = {2013} 1024 | } 1025 | 1026 | @inproceedings{MASCAB:MowKeeSha:12, 1027 | author = {K. Mowery and S. Keelveedhi and H. Shacham}, 1028 | title = {Are {AES} {x86} Cache Timing Attacks Still Feasible?}, 1029 | booktitle = {ACM Cloud Computing Security Workshop (CCSW)}, 1030 | pages = {19--24}, 1031 | year = {2012} 1032 | } 1033 | 1034 | @inproceedings{MASCAB:GalKiz:11, 1035 | author = {J.-F. Gallais and I. Kizhvatov}, 1036 | title = {Error-Tolerance in Trace-Driven Cache Collision Attacks}, 1037 | booktitle = {Constructive Side-Channel Analysis and Secure Design (COSADE)}, 1038 | year = {2011} 1039 | } 1040 | 1041 | @inproceedings{MASCAB:BloKru:07, 1042 | author = {J. Bl\"{o}mer and V. Krummel}, 1043 | title = {Analysis of Countermeasures Against Access Driven Cache Attacks on {AES}}, 1044 | booktitle = {Selected Areas in Cryptography (SAC)}, 1045 | publisher = {Springer-Verlag}, 1046 | series = {LNCS 4876}, 1047 | pages = {96--109}, 1048 | year = {2007} 1049 | } 1050 | 1051 | @inproceedings{MASCAB:NevSeiWan:06, 1052 | author = {M. Neve and J.-P. Seifert and Z. Wang}, 1053 | title = {A refined look at {Bernstein's} {AES} side-channel analysis}, 1054 | booktitle = {ACM Symposium on Information, Computer and Communications Security (AsiaCCS)}, 1055 | pages = {369--369}, 1056 | year = {2006} 1057 | } 1058 | 1059 | % ============================================================================= 1060 | @STRING{KEYWORDS={class=channel/side/branch,topic=neg}} 1061 | 1062 | @inproceedings{MASCAB:EvtPonAbu:16:a, 1063 | author = {D. Evtyushkin and D.V. Ponomarev and N.B. Abu-Ghazaleh}, 1064 | title = {Jump over {ASLR}: Attacking branch predictors to bypass {ASLR}}, 1065 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 1066 | pages = {1--13}, 1067 | year = {2016} 1068 | } 1069 | 1070 | @inproceedings{MASCAB:AciKocSei:07, 1071 | author = {O. Ac\i{}i\c{c}mez and \c{C}.K. Ko\c{c} and J.-P. Seifert}, 1072 | title = {On the Power of Simple Branch Prediction Analysis}, 1073 | booktitle = {ACM Symposium on Information, Computer and Communications Security}, 1074 | pages = {312--320}, 1075 | year = {2007} 1076 | } 1077 | 1078 | @inproceedings{MASCAB:AciGueSei:07, 1079 | author = {O. Ac\i{}i\c{c}mez and S. Gueron and J.-P. Seifert}, 1080 | title = {New Branch Prediction Vulnerabilities in {OpenSSL} and Necessary Software Countermeasures}, 1081 | booktitle = {IMA Conference on Cryptography and Coding (IMACC)}, 1082 | publisher = {Springer-Verlag}, 1083 | series = {LNCS 4887}, 1084 | pages = {185--203}, 1085 | year = {2007} 1086 | } 1087 | 1088 | @inproceedings{MASCAB:AciSeiKoc:07:a, 1089 | author = {O. Ac\i{}i\c{c}mez and J.-P. Seifert and \c{C}.K. Ko\c{c}}, 1090 | title = {Predicting Secret Keys via Branch Prediction}, 1091 | booktitle = {Topics in Cryptology (CT-RSA)}, 1092 | publisher = {Springer-Verlag}, 1093 | series = {LNCS 4377}, 1094 | pages = {225--242}, 1095 | year = {2007} 1096 | } 1097 | 1098 | % ----------------------------------------------------------------------------- 1099 | @STRING{KEYWORDS={class=channel/side/branch,topic=pos}} 1100 | 1101 | @inproceedings{MASCAB:TanWeiGuo:14, 1102 | author = {Y. Tan and J. Wei and W. Guo}, 1103 | title = {The Micro-architectural Support Countermeasures against the Branch Prediction Analysis Attack}, 1104 | booktitle = {Trust, Security and Privacy in Computing and Communications (TrustCom)}, 1105 | pages = {276--283}, 1106 | year = {2014} 1107 | } 1108 | 1109 | @unpublished{MASCAB:AgoPel:06, 1110 | author = {G. Agosta and G. Pelosi}, 1111 | title = {Countermeasures for the Simple Branch Prediction Analysis}, 1112 | note = {Cryptology ePrint Archive, Report 2006/482}, 1113 | year = {2006}, 1114 | url = {http://eprint.iacr.org/2006/482.pdf} 1115 | } 1116 | 1117 | % ----------------------------------------------------------------------------- 1118 | @STRING{KEYWORDS={class=channel/side/branch,topic=analysis/hw}} 1119 | 1120 | @inproceedings{MASCAB:UzeMil:09, 1121 | author = {V. Uzelac and A. Milenkovic}, 1122 | title = {Experiment flows and microbenchmarks for reverse engineering of branch predictor structures}, 1123 | booktitle = {IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS)}, 1124 | pages = {207--217}, 1125 | year = {2009} 1126 | } 1127 | 1128 | @article{MASCAB:MilMilKul:04, 1129 | author = {M. Milenkovic and A. Milenkovic and J. Kulick}, 1130 | title = {Microbenchmarks for Determining Branch Predictor Organization}, 1131 | journal = {Software -- Practice \& Experience}, 1132 | volume = {34}, 1133 | number = {5}, 1134 | pages = {465--487}, 1135 | year = {2004} 1136 | } 1137 | 1138 | % ----------------------------------------------------------------------------- 1139 | @STRING{KEYWORDS={class=channel/side/branch,topic=analysis/attack}} 1140 | 1141 | % ============================================================================= 1142 | @STRING{KEYWORDS={class=channel/side/arith,topic=pos}} 1143 | 1144 | % ============================================================================= 1145 | @STRING{KEYWORDS={class=channel/side/noc,topic=neg}} 1146 | 1147 | @inproceedings{MASCAB:RSBSS:16, 1148 | author = {C. Reinbrecht and A. Susin and L. Bossuet and G. Sigl and J. Sep\'{u}lveda}, 1149 | title = {Side channel attack on {NoC}-based {MPSoCs} are practical: {NoC} {\sc Prime+Probe} attack}, 1150 | booktitle = {Integrated Circuits and Systems Design (SBCCI)}, 1151 | pages = {1--6}, 1152 | year = {2016} 1153 | } 1154 | 1155 | % ----------------------------------------------------------------------------- 1156 | @STRING{KEYWORDS={class=channel/side/noc,topic=pos}} 1157 | 1158 | @article{MASCAB:WGOHKCS:14, 1159 | author = {H.M.G. Wassel and Y. Gao and J.K. Oberg and T. Huffmire and R. Kastner and F.T. Chong and T. Sherwood}, 1160 | title = {Networks on Chip with Provable Security Properties}, 1161 | journal = {IEEE Micro}, 1162 | volume = {34}, 1163 | number = {3}, 1164 | pages = {57--68}, 1165 | year = {2014} 1166 | } 1167 | 1168 | @inproceedings{MASCAB:AncChaRoy:14, 1169 | author = {D.M. Ancajas and K. Chakraborty and S. Roy}, 1170 | title = {{Fort-NoCs}: Mitigating the Threat of a Compromised {NoC}}, 1171 | booktitle = {Design Automation Conference (DAC)}, 1172 | pages = {158:1--158:6}, 1173 | year = {2014} 1174 | } 1175 | 1176 | @inproceedings{MASCAB:WanFerSuh:14, 1177 | author = {Y. Wang and A. Ferraiuolo and G.E. Suh}, 1178 | title = {Timing Channel Protection for a Shared Memory Controller}, 1179 | booktitle = {High-Performance Computer Architecture (HPCA)}, 1180 | pages = {225--236}, 1181 | year = {2014} 1182 | } 1183 | 1184 | @inproceedings{MASCAB:WanSuh:12, 1185 | author = {Y. Wang and G.E. Suh}, 1186 | title = {Efficient Timing Channel Protection for On-Chip Networks}, 1187 | booktitle = {IEEE/ACM International Symposium on Networks-on-Chip (NOCS)}, 1188 | pages = {142--151}, 1189 | year = {2012} 1190 | } 1191 | 1192 | @inproceedings{MASCAB:FioPalSil:08, 1193 | author = {L. Fiorin and G. Palermo and C. Silvano}, 1194 | title = {A Security Monitoring Service for {NoCs}}, 1195 | booktitle = {IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS)}, 1196 | pages = {197--202}, 1197 | year = {2008} 1198 | } 1199 | 1200 | % ============================================================================= 1201 | @STRING{KEYWORDS={class=channel/side/misc,topic=neg}} 1202 | 1203 | @article{MASCAB:ZhaZhaLee:16:b, 1204 | author = {T. Zhang and Y. Zhang and R.B. Lee}, 1205 | title = {Memory {Do}S Attacks in Multi-tenant Clouds: Severity and Mitigation}, 1206 | journal = {CoRR}, 1207 | volume = {abs/1603.03404}, 1208 | year = {2016}, 1209 | } 1210 | 1211 | % ----------------------------------------------------------------------------- 1212 | @STRING{KEYWORDS={class=channel/side/misc,topic=pos/hardware}} 1213 | 1214 | @inproceedings{MASCAB:CosLebDev:16, 1215 | author = {V. Costan and I. Lebedev and S. Devadas}, 1216 | title = {{Sanctum}: Minimal Hardware Extensions for Strong Software Isolation}, 1217 | booktitle = {USENIX Security Symposium}, 1218 | pages = {857--874}, 1219 | year = {2016} 1220 | } 1221 | 1222 | @article{MASCAB:WZJWGF:15, 1223 | author = {W. Wu and E. Zhai and D. Jackowitz and D.I. Wolinsky and L. Gu and B. Ford}, 1224 | title = {Warding off timing attacks in Deterland}, 1225 | journal = {CoRR}, 1226 | volume = {abs/1504.07070}, 1227 | year = {2015}, 1228 | url = {http://arxiv.org/abs/1504.07070}, 1229 | } 1230 | 1231 | @inproceedings{MASCAB:LiGaoRei:13, 1232 | author = {P. Li and D. Gao and M.K. Reiter}, 1233 | title = {Mitigating Access-driven Timing Channels in Clouds Using {StopWatch}}, 1234 | booktitle = {Dependable Systems and Networks Workshop (DSNW)}, 1235 | pages = {1--12}, 1236 | year = {2013} 1237 | } 1238 | 1239 | @inproceedings{MASCAB:TLWCS:09, 1240 | author = {M. Tiwari and X. Li and H.M.G. Wasseln and F.T. Chong and T. Sherwood}, 1241 | title = {Execution Leases: A Hardware-supported Mechanism for Enforcing Strong Non-interference}, 1242 | booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)}, 1243 | pages = {493--504}, 1244 | year = {2009} 1245 | } 1246 | 1247 | @inproceedings{MASCAB:ZhuZhaPan:04, 1248 | author = {X. Zhuang and T. Zhang and S. Pande}, 1249 | title = {{HIDE}: An Infrastructure for Efficiently Protecting Information Leakage on the Address Bus}, 1250 | booktitle = {Architectural Support for Programming Languages and Operating Systems (ASPLOS)}, 1251 | pages = {72--84}, 1252 | year = {2004} 1253 | } 1254 | 1255 | @inproceedings{MASCAB:ZZLP:04, 1256 | author = {X. Zhuang and T. Zhang H.-H.S Lee and S. Pande}, 1257 | title = {Hardware Assisted Control Flow Obfuscation for Embedded Processors}, 1258 | booktitle = {Compilers, Architecture, and Synthesis for Embedded Systems (CASES)}, 1259 | pages = {292--302}, 1260 | year = {2004} 1261 | } 1262 | 1263 | % ----------------------------------------------------------------------------- 1264 | @STRING{KEYWORDS={class=channel/side/misc,topic=pos/software}} 1265 | 1266 | @inproceedings{MASCAB:ZhaZhaLee:16:a, 1267 | author = {T. Zhang and Y. Zhang and R.B. Lee}, 1268 | title = {{CloudRadar}: A Real-Time Side-Channel Attack Detection System in Clouds}, 1269 | booktitle = {Research in Attacks, Intrusions, and Defenses (RAID)}, 1270 | publisher = {Springer-Verlag}, 1271 | series = {LNCS 9854}, 1272 | pages = {118--140}, 1273 | year = {2016} 1274 | } 1275 | 1276 | @inproceedings{MASCAB:MooSekRei:15, 1277 | author = {S.-J. Moon and V. Sekar and M.K. Reiter}, 1278 | title = {{Nomad}: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration}, 1279 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 1280 | pages = {1595--1606}, 1281 | year = {2015} 1282 | } 1283 | 1284 | @inproceedings{MASCAB:CHBLF:15, 1285 | author = {S. Crane and A. Homescu and S. Brunthaler and P. Larsen and M. Franz}, 1286 | title = {Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity}, 1287 | booktitle = {Network and Distributed System Security Symposium (NDSS)}, 1288 | year = {2015} 1289 | } 1290 | 1291 | @inproceedings{MASCAB:VarRisSwi:14, 1292 | author = {V. Varadarajan and T. Ristenpart and M. Swift}, 1293 | title = {Scheduler-based Defenses against Cross-{VM} Side-channels}, 1294 | booktitle = {USENIX Security Symposium}, 1295 | pages = {687--702}, 1296 | year = {2014} 1297 | } 1298 | 1299 | @inproceedings{MASCAB:AWHF:10, 1300 | author = {A. Aviram and S.-C. Weng and S. Hu and B. Ford}, 1301 | title = {Efficient System-enforced Deterministic Parallelism}, 1302 | booktitle = {USENIX Conference on Operating Systems Design and Implementation (OSDI)}, 1303 | pages = {193--206}, 1304 | year = {2010} 1305 | } 1306 | 1307 | @article{MASCAB:CleCopSut:12, 1308 | author = {J.V. Cleemput and B. Coppens and B. De Sutter}, 1309 | title = {Compiler Mitigations for Time Attacks on Modern {x86} Processors}, 1310 | journal = {ACM Transactions on Architecture and Code Optimisation (TACO)}, 1311 | volume = {8}, 1312 | number = {4}, 1313 | pages = {23:1--23:20}, 1314 | year = {2012} 1315 | } 1316 | 1317 | @inproceedings{MASCAB:CVBS:09, 1318 | author = {B. Coppens and I. Verbauwhede and K. de Bosschere and B. de Sutter}, 1319 | title = {Practical Mitigation for Timing-Based Side-Channel Attacks on Modern {x86} Processors}, 1320 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 1321 | pages = {45--60}, 1322 | year = {2009} 1323 | } 1324 | 1325 | % ----------------------------------------------------------------------------- 1326 | @STRING{KEYWORDS={class=channel/side/misc,topic=analysis}} 1327 | 1328 | @inproceedings{MASCAB:KopBas:07, 1329 | author = {B. K\"{o}pf and D. Basin}, 1330 | title = {An Information-theoretic Model for Adaptive Side-channel Attacks}, 1331 | booktitle = {Computer and Communications Security (CCS)}, 1332 | pages = {286--296}, 1333 | year = {2007} 1334 | } 1335 | 1336 | @inproceedings{MASCAB:PBPMB:17, 1337 | author = {Q.-S. Phan and L. Bang and C.S. Pasareanu and P. Malacaria and T. Bultan}, 1338 | title = {Synthesis of Adaptive Side-Channel Attacks}, 1339 | booktitle = {Computer Security Foundations Symposium (CSF)}, 1340 | pages = {328--342}, 1341 | year = {2017} 1342 | } 1343 | 1344 | % ----------------------------------------------------------------------------- 1345 | @STRING{KEYWORDS={class=channel/side/misc,topic=misc}} 1346 | 1347 | @inproceedings{MASCAB:HKRDVT:15, 1348 | author = {C. Hunger and M. Kazdagli and A. Rawat and A. Dimakis and S. Vishwanath and M. Tiwari}, 1349 | title = {Understanding contention-based channels and using them for defense}, 1350 | booktitle = {High Performance Computer Architecture (HPCA)}, 1351 | pages = {639--650}, 1352 | year = {2015} 1353 | } 1354 | 1355 | @article{MASCAB:DMWS:13, 1356 | author = {J. Demme and R. Martin and A. Waksman and S. Sethumadhavan}, 1357 | title = {A Quantitative, Experimental Approach to Measuring Processor Side-Channel Security}, 1358 | journal = {IEEE Micro}, 1359 | volume = {33}, 1360 | number = {3}, 1361 | pages = {68--77}, 1362 | year = {2013} 1363 | } 1364 | 1365 | @inproceedings{MASCAB:DMWS:12, 1366 | author = {J. Demme and R. Martin and A. Waksman and S. Sethumadhavan}, 1367 | title = {Side-channel Vulnerability Factor: A Metric for Measuring Information Leakage}, 1368 | booktitle = {International Symposium on Computer Architecture (ISCA)}, 1369 | pages = {106--117}, 1370 | year = {2012}, 1371 | } 1372 | 1373 | % ============================================================================= 1374 | @STRING{KEYWORDS={class=crosscut/oblivious}} 1375 | 1376 | @inproceedings{MASCAB:RanLinTiw:15, 1377 | author = {A. Rane and C. Lin and M. Tiwari}, 1378 | title = {{Raccoon}: Closing Digital Side-channels Through Obfuscated Execution}, 1379 | booktitle = {USENIX Security Symposium}, 1380 | pages = {431--446}, 1381 | year = {2015} 1382 | } 1383 | 1384 | @inproceedings{MASCAB:LHMHTS:15, 1385 | author = {C. Liu and A. Harris and M. Maas and M. Hicks and M. Tiwari and E. Shi}, 1386 | title = {{GhostRider}: A Hardware-Software System for Memory Trace Oblivious Computation}, 1387 | booktitle = {Architectural Support for Programming Languages and Operating Systems (ASPLOS)}, 1388 | pages = {87--101}, 1389 | year = {2015} 1390 | } 1391 | 1392 | @inproceedings{MASCAB:MLSTSAKS:13, 1393 | author = {M. Maas and E. Love and E. Stefanov and M. Tiwari and E. Shi and K. Asanovic and J. Kubiatowicz and D. Song}, 1394 | title = {{PHANTOM}: Practical Oblivious Computation in a Secure Processor}, 1395 | booktitle = {ACM Conference on Computer and Communications Security (CCS)}, 1396 | pages = {311--324}, 1397 | year = {2013} 1398 | } 1399 | 1400 | % ----------------------------------------------------------------------------- 1401 | @STRING{KEYWORDS={class=crosscut/schedule}} 1402 | 1403 | @incollection{MASCAB:KadKiy:13, 1404 | author = {S. Kadloor and N. Kiyavash}, 1405 | title = {Exploiting Timing Side Channel in Secure Cloud Scheduling}, 1406 | chapter = {6}, 1407 | pages = {147--168}, 1408 | editor = {K.J. Han and B.-Y. Choi and S. Song}, 1409 | booktitle = {High Performance Cloud Auditing and Applications}, 1410 | publisher = {Springer}, 1411 | year = {2013} 1412 | } 1413 | 1414 | % ----------------------------------------------------------------------------- 1415 | @STRING{KEYWORDS={class=crosscut/interrupt}} 1416 | 1417 | @article{MASCAB:GayManSub:15, 1418 | author = {R. Gay and H. Mantel and H. Sudbrock}, 1419 | title = {An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels}, 1420 | journal = {International Journal of Secure Software Engineering}, 1421 | volume = {6}, 1422 | number = {2}, 1423 | pages = {1--22}, 1424 | year = {2015} 1425 | } 1426 | 1427 | @incollection{MASCAB:ManSub:09, 1428 | author = {H. Mantel and H. Sudbrock}, 1429 | chapter = {Information-Theoretic Modeling and Analysis of Interrupt-Related Covert Channels}, 1430 | title = {Formal Aspects in Security and Trust}, 1431 | editor = {P. Degano and J. Guttman and F. Martinelli}, 1432 | publisher = {Springer-Verlag}, 1433 | pages = {67--81}, 1434 | year = {2009} 1435 | } 1436 | 1437 | % ----------------------------------------------------------------------------- 1438 | @STRING{KEYWORDS={class=crosscut/colocation}} 1439 | 1440 | @inproceedings{MASCAB:IGES:16, 1441 | author = {M.S. Inci and B. G\"{u}lmezoglu and T. Eisenbarth and B. Sunar}, 1442 | title = {Co-location detection on the Cloud}, 1443 | booktitle = {Constructive Side-Channel Analysis and Secure Design (COSADE)}, 1444 | publisher = {Springer-Verlag}, 1445 | series = {LNCS 9689}, 1446 | pages = {19--34}, 1447 | year = {2016} 1448 | } 1449 | 1450 | @inproceedings{MASCAB:VZRS:15, 1451 | author = {V. Varadarajan and Y. Zhang and T. Ristenpart and M. Swift}, 1452 | title = {A Placement Vulnerability Study in Multi-tenant Public Clouds}, 1453 | booktitle = {USENIX Security Symposium}, 1454 | pages = {913--928}, 1455 | year = {2015} 1456 | } 1457 | 1458 | @inproceedings{MASCAB:XuWanWu:15, 1459 | author = {Z. Xu and H. Wang and Z. Wu}, 1460 | title = {A Measurement Study on Co-residence Threat Inside the Cloud}, 1461 | booktitle = {USENIX Security Symposium}, 1462 | pages = {929--944}, 1463 | year = {2015} 1464 | } 1465 | 1466 | @inproceedings{MASCAB:ZJOR:11, 1467 | author = {Y. Zhang and A. Juels and A. Oprea and M.K. Reiter}, 1468 | title = {{HomeAlone}: Co-residency Detection in the Cloud via Side-Channel Analysis}, 1469 | booktitle = {IEEE Symposium on Security \& Privacy (S\&P)}, 1470 | pages = {313--328}, 1471 | year = {2011} 1472 | } 1473 | 1474 | % ----------------------------------------------------------------------------- 1475 | @STRING{KEYWORDS={class=crosscut/aslr}} 1476 | 1477 | @inproceedings{MASCAB:BRPG:15, 1478 | author = {A. Barresi and K. Razavi and M. Payer and T.R. Gross}, 1479 | title = {{CAIN}: Silently Breaking ASLR in the Cloud}, 1480 | booktitle = {USENIX Workshop on Offensive Technologies (WOOT)}, 1481 | year = {2015} 1482 | } 1483 | 1484 | % ----------------------------------------------------------------------------- 1485 | @STRING{KEYWORDS={class=crosscut/iee}} 1486 | 1487 | @inproceedings{MASCAB:SLKP:17, 1488 | author = {M.-W. Shih and S. Lee and T. Kim and M. Peinado}, 1489 | title = {{T-SGX}: Eradicating Controlled-Channel Attacks Against Enclave Programs}, 1490 | booktitle = {Network and Distributed System Security Symposium (NDSS)}, 1491 | year = {2017} 1492 | } 1493 | 1494 | @inproceedings{MASCAB:CZRZ:16, 1495 | author = {S. Chen and X. Zhang and M.K. Reiter and Y. Zhang}, 1496 | title = {Detecting Privileged Side-Channel Attacks in Shielded Execution with D\'{e}j\'{a} Vu}, 1497 | booktitle = {ACM Symposium on Information, Computer and Communications Security (AsiaCCS)}, 1498 | year = {2017} 1499 | } 1500 | 1501 | @inproceedings{MASCAB:XuCuiPei:15, 1502 | author = {Y. Xu and W. Cui and M. Peinado}, 1503 | title = {Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems}, 1504 | booktitle = {IEEE Symposium on Security and Privacy (S\&P)}, 1505 | pages = {640--656}, 1506 | year = {2015} 1507 | } 1508 | 1509 | @inproceedings{MASCAB:SCNS:16, 1510 | author = {S. Shinde and Z.L. Chua and V. Narayanan and P. Saxena}, 1511 | title = {Preventing Page Faults from Telling Your Secrets}, 1512 | booktitle = {ACM Symposium on Information, Computer and Communications Security (AsiaCCS)}, 1513 | pages = {317--328}, 1514 | year = {2016} 1515 | } 1516 | 1517 | % ============================================================================= 1518 | -------------------------------------------------------------------------------- /mascab.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/danpage/mascab/19e32747e0dddc8bf0ac3c1064e6808ae17cb57b/mascab.pdf -------------------------------------------------------------------------------- /mascab.tax: -------------------------------------------------------------------------------- 1 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=misc/history}} 2 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/covert,topic=neg}} 3 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/covert,topic=pos}} 4 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/covert,topic=alt}} 5 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=dcache}} 6 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=icache}} 7 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=fetch}} 8 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/hardware}} 9 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/software}} 10 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=analysis/hw}} 11 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/analysis}} 12 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=analysis/security}} 13 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=analysis/misc}} 14 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/branch,topic=neg}} 15 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/branch,topic=pos}} 16 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/branch,topic=analysis/hw}} 17 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/branch,topic=analysis/attack}} 18 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/arith,topic=pos}} 19 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/noc,topic=neg}} 20 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/noc,topic=pos}} 21 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=neg}} 22 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=pos/hardware}} 23 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=pos/software}} 24 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=analysis}} 25 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=misc}} 26 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/oblivious}} 27 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/schedule}} 28 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/interrupt}} 29 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/colocation}} 30 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/aslr}} 31 | mascab-scratchpad.bib:@STRING{KEYWORDS={class=crosscut/iee}} 32 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=cache/security}} 33 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=cache/power}} 34 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=cache/partition}} 35 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/rowhammer}} 36 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/aslr}} 37 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/debug}} 38 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/degrade}} 39 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/recover}} 40 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=attack/paradigm}} 41 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=verify}} 42 | mascab-peripheral.bib:@STRING{KEYWORDS={class=peripheral,topic=misc}} 43 | mascab.bib:@STRING{KEYWORDS={class=misc/history}} 44 | mascab.bib:@STRING{KEYWORDS={class=misc/datasheet}} 45 | mascab.bib:@STRING{KEYWORDS={class=misc/patent}} 46 | mascab.bib:@STRING{KEYWORDS={class=misc/standard}} 47 | mascab.bib:@STRING{KEYWORDS={class=misc/survey}} 48 | mascab.bib:@STRING{KEYWORDS={class=misc/position}} 49 | mascab.bib:@STRING{KEYWORDS={class=misc/book}} 50 | mascab.bib:@STRING{KEYWORDS={class=misc/thesis}} 51 | mascab.bib:@STRING{KEYWORDS={class=misc/software}} 52 | mascab.bib:@STRING{KEYWORDS={class=channel/covert,topic=neg}} 53 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg/method,style=dcache/access}} 54 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg/attack/crypto,style=dcache/access}} 55 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg/attack/ui,style=dcache/access}} 56 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg/attack/tee,style=dcache/access}} 57 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=dcache/time}} 58 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=dcache/trace}} 59 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=dcache/power}} 60 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=neg,style=icache}} 61 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/hardware}} 62 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/software}} 63 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=pos/analysis}} 64 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=alt}} 65 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=analysis/hw}} 66 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=analysis/attack}} 67 | mascab.bib:@STRING{KEYWORDS={class=channel/side/cache,topic=misc}} 68 | mascab.bib:@STRING{KEYWORDS={class=channel/side/branch,topic=neg}} 69 | mascab.bib:@STRING{KEYWORDS={class=channel/side/spec,topic=neg}} 70 | mascab.bib:@STRING{KEYWORDS={class=channel/side/arith,topic=neg}} 71 | mascab.bib:@STRING{KEYWORDS={class=channel/side/arith,topic=pos/hardware}} 72 | mascab.bib:@STRING{KEYWORDS={class=channel/side/arith,topic=pos/software}} 73 | mascab.bib:@STRING{KEYWORDS={class=channel/side/noc,topic=pos}} 74 | mascab.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=neg}} 75 | mascab.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=pos/hardware}} 76 | mascab.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=pos/software}} 77 | mascab.bib:@STRING{KEYWORDS={class=channel/side/misc,topic=pos/analysis}} 78 | mascab.bib:@STRING{KEYWORDS={class=crosscut/perfctr,topic=neg}} 79 | mascab.bib:@STRING{KEYWORDS={class=crosscut/perfctr,topic=pos}} 80 | mascab.bib:@STRING{KEYWORDS={class=crosscut/interrupt}} 81 | mascab.bib:@STRING{KEYWORDS={class=crosscut/ids}} 82 | -------------------------------------------------------------------------------- /mascab.tex: -------------------------------------------------------------------------------- 1 | % Copyright (C) 2018 Daniel Page 2 | % 3 | % Use of this source code is restricted per the CC BY-SA license, a copy of 4 | % which can be found via http://creativecommons.org (and should be included 5 | % as LICENSE.txt within the associated archive or repository). 6 | 7 | \documentclass[a4paper,10pt]{article} 8 | 9 | \usepackage{adjustbox} 10 | \usepackage{hyperref} 11 | \usepackage[backend=biber,style=draft,hyperref=true,defernumbers=true]{biblatex} 12 | \usepackage{listings} 13 | \usepackage[margin=2cm]{geometry} 14 | \usepackage[usenames,dvipsnames,svgnames,table]{xcolor} 15 | 16 | \addbibresource{mascab.bib} 17 | \addbibresource{mascab-peripheral.bib} 18 | \addbibresource{mascab-scratchpad.bib} 19 | 20 | \DeclareSourcemap{ 21 | \maps[datatype=bibtex]{ 22 | \map{\step[fieldset=keywords,fieldvalue={unclassified}]} 23 | } 24 | } 25 | 26 | \DeclareFieldFormat{addendum}{\newline\adjustbox{minipage=[H]{\linewidth},frame={1pt 1ex 0ex}}{\color{darkgray} #1}} 27 | \renewcommand*\finentrypunct{} 28 | \defbibheading{subsubbibnumbered}[\bibname]{\subsubsection{#1}\markboth{#1}{#1}} 29 | 30 | \begin{document} 31 | 32 | \begin{center} 33 | {\LARGE\scshape {MASCAB}: a Micro-Architectural Side-Channel Attack Bibliography \par} \vspace{0.5cm} 34 | {\LARGE \url{http://www.github.com/danpage/mascab} \par} \vspace{1.0cm} 35 | {\Large\scshape D. Page \par} 36 | {\Large\scshape \today \par} \vspace{1.0cm} 37 | \end{center} 38 | 39 | \tableofcontents \nocite{*} \newpage 40 | 41 | % ============================================================================= 42 | 43 | \section{Miscellaneous} 44 | 45 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/history}, title={History } ] 46 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/datasheet}, title={Datasheet } ] 47 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/patent}, title={Patent } ] 48 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/standard}, title={Standard } ] 49 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/survey}, title={Survey } ] 50 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/position}, title={Position } ] 51 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/book}, title={Book } ] 52 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/thesis}, title={Thesis } ] 53 | \printbibliography[ heading={subbibnumbered}, keyword={class=misc/software}, title={Software } ] 54 | 55 | % ============================================================================= 56 | 57 | \section{Covert channels} 58 | 59 | \defbibfilter{f}{keyword={class=channel/covert}} 60 | 61 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases } ] 62 | 63 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 64 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 65 | 66 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 67 | 68 | % ============================================================================= 69 | 70 | \section{Side-channels} 71 | 72 | % ----------------------------------------------------------------------------- 73 | 74 | \subsection{Caches (data {\em and} instruction)} 75 | 76 | \defbibfilter{f}{keyword={class=channel/side/cache} and keyword={style=dcache/access}} 77 | 78 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg/method}, title={Negative use-cases: attacks using data-cache (access-based, methodology)} ] 79 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg/attack/crypto}, title={Negative use-cases: attacks using data-cache (access-based, vs. cryptography)} ] 80 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg/attack/ui}, title={Negative use-cases: attacks using data-cache (access-based, vs. UI)} ] 81 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg/attack/tee}, title={Negative use-cases: attacks using data-cache (access-based, vs. TEE)} ] 82 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg/attack/aslr}, title={Negative use-cases: attacks using data-cache (access-based, vs. ASLR)} ] 83 | 84 | \defbibfilter{f}{keyword={class=channel/side/cache} and keyword={topic=neg}} 85 | 86 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={style=dcache/time}, title={Negative use-cases: attacks using data-cache, (time-based) } ] 87 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={style=dcache/trace}, title={Negative use-cases: attacks using data-cache, (trace-based) } ] 88 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={style=dcache/power}, title={Negative use-cases: attacks using data-cache, (power-based) } ] 89 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={style=icache}, title={Negative use-cases: attacks using instruction-cache } ] 90 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={style=icache}, title={Negative use-cases: attacks using cache pre-fetch } ] 91 | 92 | \defbibfilter{f}{keyword={class=channel/side/cache}} 93 | 94 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 95 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 96 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 97 | 98 | \defbibfilter{f}{keyword={class=channel/side/cache} and keyword={topic=alt}} 99 | 100 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, title={Alternative use-cases } ] 101 | 102 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/attack}, title={Analysis (of attacks) } ] 103 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/hw}, title={Analysis (of hardware) } ] 104 | 105 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 106 | 107 | % ----------------------------------------------------------------------------- 108 | 109 | \subsection{Branch prediction} 110 | 111 | \defbibfilter{f}{keyword={class=channel/side/branch}} 112 | 113 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 114 | 115 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 116 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 117 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 118 | 119 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 120 | 121 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/attack}, title={Analysis (of attacks) } ] 122 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/hw}, title={Analysis (of hardware) } ] 123 | 124 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 125 | 126 | % ----------------------------------------------------------------------------- 127 | 128 | \subsection{Speculative and/or out-of-order execution} 129 | 130 | \defbibfilter{f}{keyword={class=channel/side/spec}} 131 | 132 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 133 | 134 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 135 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 136 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 137 | 138 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 139 | 140 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/attack}, title={Analysis (of attacks) } ] 141 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=analysis/hw}, title={Analysis (of hardware) } ] 142 | 143 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 144 | 145 | % ----------------------------------------------------------------------------- 146 | 147 | \subsection{Arithmetic} 148 | 149 | \defbibfilter{f}{keyword={class=channel/side/arith}} 150 | 151 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 152 | 153 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 154 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 155 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 156 | 157 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 158 | 159 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 160 | 161 | % ----------------------------------------------------------------------------- 162 | 163 | \subsection{Network-on-Chip (NoC)} 164 | 165 | \defbibfilter{f}{keyword={class=channel/side/noc}} 166 | 167 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 168 | 169 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 170 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 171 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 172 | 173 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 174 | 175 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 176 | 177 | % ----------------------------------------------------------------------------- 178 | 179 | \subsection{Miscellaneous} 180 | 181 | \defbibfilter{f}{keyword={class=channel/side/misc}} 182 | 183 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 184 | 185 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/hardware}, title={Positive use-cases: hardware-based countermeasures } ] 186 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/software}, title={Positive use-cases: software-based countermeasures } ] 187 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos/analysis}, title={Positive use-cases: analysis-based countermeasures (e.g., of source code) } ] 188 | 189 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=alt} title={Alternative use-cases } ] 190 | 191 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 192 | 193 | % ============================================================================= 194 | 195 | \section{Cross-cutting topics} 196 | 197 | \subsection{Performance counters} 198 | 199 | \defbibfilter{f}{keyword={class=crosscut/perfctr}} 200 | 201 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=neg}, title={Negative use-cases: attacks } ] 202 | \printbibliography[ heading={subsubbibnumbered}, filter={f}, keyword={topic=pos}, title={Positive use-cases: countermeasures } ] 203 | 204 | \subsection{IDS-like monitoring and detection} 205 | 206 | \defbibfilter{f}{keyword={class=crosscut/ids}} 207 | 208 | \printbibliography[ heading={none}, filter={f} ] 209 | 210 | % ============================================================================= 211 | 212 | \section{Peripheral topics} 213 | 214 | \defbibfilter{f}{keyword={class=peripheral}} 215 | 216 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=cache/security}, title={Caches: designs with general security properties } ] 217 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=cache/power}, title={Caches: designs for low-power } ] 218 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=cache/partition}, title={Caches: designs that harness partitioning } ] 219 | 220 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/rowhammer}, title={Attacks: results relating to RowHammer } ] 221 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/aslr}, title={Attacks: results relating to Address Space Layout Randomisation (ASLR) } ] 222 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/debug}, title={Attacks: results relating to test and debug mechanisms (e.g., scan-chain) } ] 223 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/degrade}, title={Attacks: use of performance degradation } ] 224 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/recover}, title={Attacks: techniques for key recovery } ] 225 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=attack/paradigm}, title={Attacks: alterative paradigms } ] 226 | 227 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=verify}, title={Verification } ] 228 | 229 | \printbibliography[ heading={subbibnumbered}, filter={f}, keyword={topic=misc}, title={Miscellaneous } ] 230 | 231 | % ============================================================================= 232 | 233 | \printbibliography[heading={bibnumbered}, keyword={unclassified}, title={Residual unclassified entries } ] 234 | 235 | % ============================================================================= 236 | 237 | \end{document} 238 | --------------------------------------------------------------------------------