(u)arch Security

Research
(Micro-)Architectural Security Papers

Tier 1 Conference

  • S&P (Oakland) IEEE Symposium on Security and Privacy
  • CCS ACM Conference on Computer and Communications Security
  • Security USENIX Security Symposium
  • NDSS ISOC Network and Distributed System Security Symposium

from Security Conference Ranking and Statistic

Why start at 2018? Because Meltdownm, Spectre and MDS emerged, open a new era of (micro-)architectural security.

2023

IEEE S&P

... TO BE ADD More

ACM CCS

... TO BE ADD More

USENIX Security

NDSS

... TO BE ADD More


2022

IEEE S&P

ACM CCS

  • ATTRITION: Attacking Static Hardware Trojan Detection Techniques Using Reinforcement Learning
  • Automatic Detection of Speculative Execution Combinations
  • CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
  • Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing
  • Discovering IoT Physical Channel Vulnerabilities
  • Frequency Throttling Side-Channel Attack
  • HammerScope: Observing DRAM Power Consumption Using Rowhammer
  • HyperDbg: Reinventing Hardware-Assisted Debugging
  • Low-Latency Hardware Private Circuits
  • Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels
  • On the Success Rate of Side-Channel Attacks on Masked Implementations
  • PACMem: Enforcing Spatial and Temporal Memory Safety via ARM Pointer Authentication
  • PalanTír: Optimizing Attack Provenance with Hardware-enhanced System Observability
  • Power Contracts: Provably Complete Power Leakage Models for Processors
  • SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities
  • StrongBox: A GPU TEE on Arm Endpoints
  • What Your Firmware Tells You Is Not How You Should Emulate It: A Specification-Guided Approach for Firmware Emulation
  • When Frodo Flips: End-to-End Key Recovery on FrodoKEM via Rowhammer

USENIX Security

NDSS

2021

IEEE S&P

ACM CCS

  • Exorcising Spectres with Secure Compilers
  • SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference
  • PPE Circuits for Rational Polynomials
  • CROSSLINE: Breaking ``Security-by-Crash'' based Memory Isolation in AMD SEV
  • Hardware Support to Improve Fuzzing Performance and Precision
  • Constantine: Automatic Side-Channel Resistance Using Efficient Control and Data Flow Linearization
  • PalmTree: Learning an Assembly Language Model for Instruction Embedding
  • HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs
  • Aion: Enabling Open Systems through Strong Availability Guarantees for Enclaves
  • Prime+Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks
  • SmashEx: Smashing SGX Enclaves Using Exceptions

USENIX Security

NDSS

2020

IEEE S&P

ACM CCS

  • InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis
  • TRUSTORE: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA
  • FirmRay: Detecting BLE Link Layer Vulnerabilities from Configurations in Bare-Metal Firmware
  • Cache-in-the-Middle (CITM) Attacks : Manipulating Sensitive Data in Isolated Execution Environments
  • Speculative Probing: Hacking Blind in the Spectre Era
  • SNI-in-the-head: Protecting MPC-in-the-head Protocols against Side-channel Analysis
  • Déjà vu: Side-channel analysis of Mozilla’s NSS

USENIX Security

NDSS

2019

IEEE S&P

ACM CCS

  • A Tale of Two Worlds: Assessing the Vulnerability of Enclave Shielding Runtimes
  • DeMiCPU: Device Fingerprinting with Magnetic Signals Radiated by CPU
  • Fallout: Leaking Data on Meltdown-resistant CPUs
  • OPERA: Open Remote Attestation for Intel’s Secure Enclaves
  • Page Cache Attacks
  • SecTEE: A Software-based Approach to Secure Enclave Architecture Using TEE
  • Towards Memory Safe Enclave Programming with Rust-SGX
  • VeriSketch: Synthesizing Secure Hardware Designs with Timing-Sensitive Information Flow Properties
  • VoltJockey: Breaching TrustZone by Software-Controlled Voltage Manipulation over Multi-core Frequencies
  • Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack
  • ZombieLoad: Cross-Privilege-Boundary Data Sampling

USENIX Security

NDSS

2018

IEEE S&P

ACM CCS

  • Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage
  • HyperFlow: A High-Assurance Processor Architecture for Practical Timing-Safe Information Flow Security
  • Ohm’, s Law in Data Centers: A Voltage Side Channel for Timing Power Attacks
  • Lord of the x86 Rings: A Portable User Mode Privilege Separation Architecture on x86
  • Practical state recovery attacks against legacy RNG implementations
  • ret2spec: Speculative Execution Using Return Stack Buffers
  • Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
  • Rendered Insecure: GPU side channel attacks are practical
  • An Exploratory Analysis of Microcode as a Building Block for System Defenses

USENIX Security

NDSS

  • What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. Marius Muench (EURECOM)
  • ZeroTrace : Oblivious Memory Primitives from Intel SGX
  • Securing Real-Time Microcontroller Systems through Customized Memory View Switching
  • OBLIVIATE: A Data Oblivious Filesystem for Intel SGX

Before 2018

IEEE S&P

... TO BE ADD More

ACM CCS

... TO BE ADD More

USENIX Security

NDSS

... TO BE ADD More

References