- Cache Attacks and Countermeasures: the Case of AES
- Cache missing for fun and profit
- Cache-timing attacks on AES
- FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
- Last-Level Cache Side-Channel Attacks are Practical
- S $ A: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES
- Attack Directories, Not Caches: Side-Channel Attacks in a Non-Inclusive World
- Flush+Flush: a fast and stealthy cache attack
- On the Power of Simple Branch Prediction Analysis
- Predicting Secret Keys Via Branch Prediction
- Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR
- BranchScope: A New Side-Channel Attack on Directional Branch Predictor
- Understanding and Mitigating Covert Channels Through Branch Predictors
- Breaking Kernel Address Space Layout Randomization with Intel TSX
- Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX
- Spectre Attacks: Exploiting Speculative Execution
- ret2spec: Speculative Execution Using Return Stack Buffers
- Spectre Returns! Speculation Attacks using the Return Stack Buffer
- MemJam: A False Dependency Attack against Constant-Time Crypto Implementations
- Microarchitectural Minefields: 4K-Aliasing Covert Channel and Multi-Tenant Detection in IaaS Cloud
- CacheZoom: How SGX Amplifies the Power of Cache Attacks
- Software grand exposure: SGX cache attacks are practical
- Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
- Malware Guard Extension: Using SGX to Conceal Cache Attacks
- Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
- Telling Your Secrets Without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution
- Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic
- Meltdown: Reading Kernel Memory from User Space
- FORESHADOW: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution
- Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
- Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage
- LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels
- On Subnormal Floating Point and Abnormal Timing
- ARMageddon: Cache Attacks on Mobile Devices
- AutoLock: Why Cache Attacks on ARM Are Harder Than You Think
- Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Device
- Another Flip in the Wall of Rowhammer Defenses
- Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks
- Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors
- Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
- Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
- The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications
- Drive-by Key-Extraction Cache Attacks from Portable Code
- Rendered Insecure: GPU Side Channel Attacks are Practical
- Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU
- FPGA Side Channel Attacks without Physical Access
- FPGA-Based Remote Power Side-Channel Attacks
- Leaky Wires: Information Leakage and Covert Communication Between FPGA Long Wires
- “Ooh Aah... Just a Little Bit” : A small amount of side channel can go a long way
- May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
- Return of the Hidden Number Problem
- To BLISS-B or not to be - Attacking strongSwan’s Implementation of Post-Quantum Signatures
- Flush, Gauss, and Reload – A Cache Attack onthe BLISS Lattice-Based Signature Scheme
- Raccoon: Closing Digital Side-Channels through Obfuscated Execution
- Verifying Constant-Time Implementations
- MicroWalk: A Framework for Finding Side Channels in Binaries
- DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries
- CacheD: Identifying Cache-Based Timing Channels in Production Software