book.bib

@Electronic{Pornin2018,
  author = {Thomas Pornin},
  title  = {Why Constant-Time Crypto?},
  url    = {https://www.bearssl.org/constanttime.html},
  year   = {2018},
}

@Electronic{Hicks2014,
  author = {Michael Hicks},
  title  = {What is memory safety?},
  url    = {http://www.pl-enthusiast.net/2014/07/21/memory-safety/},
  year   = {2014},
}

@inproceedings{Shacham2007,
  author    = {Shacham, Hovav},
  title     = {The Geometry of Innocent Flesh on the Bone: Return-into-Libc without Function Calls (on the X86)},
  year      = {2007},
  isbn      = {9781595937032},
  publisher = {Association for Computing Machinery},
  address   = {New York, NY, USA},
  url       = {https://doi.org/10.1145/1315245.1315313},
  doi       = {10.1145/1315245.1315313},
  booktitle = {Proceedings of the 14th ACM Conference on Computer and Communications Security},
  pages     = {552–561},
  numpages  = {10},
  keywords  = {instruction set, turing completeness, return-into-libc},
  location  = {Alexandria, Virginia, USA},
  series    = {CCS '07}
}

@inproceedings{Bletsch2011,
  author    = {Bletsch, Tyler and Jiang, Xuxian and Freeh, Vince W. and Liang, Zhenkai},
  title     = {Jump-Oriented Programming: A New Class of Code-Reuse Attack},
  year      = {2011},
  isbn      = {9781450305648},
  publisher = {Association for Computing Machinery},
  address   = {New York, NY, USA},
  url       = {https://doi.org/10.1145/1966913.1966919},
  doi       = {10.1145/1966913.1966919},
  booktitle = {Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security},
  pages     = {30–40},
  numpages  = {11},
  location  = {Hong Kong, China},
  series    = {ASIACCS '11}
}

@inproceedings{Schuster2015,
  author    = {F. Schuster and T. Tendyck and C. Liebchen and L. Davi and A. Sadeghi and T. Holz},
  booktitle = {2015 IEEE Symposium on Security and Privacy (SP)},
  title     = {Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications},
  year      = {2015},
  volume    = {},
  issn      = {1081-6011},
  pages     = {745-762},
  keywords  = {semantics;runtime;layout;aerospace electronics;object oriented programming;arrays},
  doi       = {10.1109/SP.2015.51},
  url       = {https://doi.ieeecomputersociety.org/10.1109/SP.2015.51},
  publisher = {IEEE Computer Society},
  address   = {Los Alamitos, CA, USA},
  month     = {may}
}

@inproceedings{Bosman2014,
  author    = {Bosman, Erik and Bos, Herbert},
  booktitle = {2014 IEEE Symposium on Security and Privacy},
  title     = {Framing Signals - A Return to Portable Shellcode},
  year      = {2014},
  volume    = {},
  number    = {},
  pages     = {243-258},
  doi       = {10.1109/SP.2014.23}
}

Please keep the comma after the author's name
@Electronic{AlephOne1996,
  author = {Aleph One,},
  title  = {Smashing The Stack For Fun And Profit},
  url    = {http://www.phrack.org/issues/49/14.html#article},
  year   = {1996},
}

Please keep the comma after the author's name
@Electronic{Solar1997,
  author = {Solar Designer,},
  title  = {Getting around non-executable stack (and fix)},
  url    = {https://seclists.org/bugtraq/1997/Aug/63},
  year   = {1997},
}

@article{Karger1974,
  author = {Paul A., Karger and Roger R., Schell},
  title  = {MULTICS SECURITY EVALUATION: VULNERABILITY ANALYSIS},
  url    = {https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf},
  pages  = {52},
  year   = {1974},
}

@article{Thompson1984,
  author = {Ken Thompson},
  title  = {Reflections on Trusting Trust},
  url    = {https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf},
  year   = {1984},
}

@Electronic{Gostev2009,
  author = {Alexander Gostev},
  title  = {A short history of Induc},
  url    = {https://securelist.com/a-short-history-of-induc/30555/},
  year   = {2009},
}

@article{Cox2015,
  author  = {Joseph Cox},
  title   = {Hack Brief: Malware Sneaks Into the Chinese iOS App Store},
  url     = {https://www.wired.com/2015/09/hack-brief-malware-sneaks-chinese-ios-app-store/},
  year    = {2015},
  journal = {WIRED},
}

@article{Greenberg2019,
  author  = {Andy Greenberg},
  title   = {Supply Chain Hackers Snuck Malware Into Videogames},
  url     = {https://www.wired.com/story/supply-chain-hackers-videogames-asus-ccleaner/},
  year    = {2019},
  journal = {WIRED},
}

@Electronic{Miller2012,
  author = {Matt Miller},
  title  = {Modeling the exploitation and mitigation of memory safety vulnerabilities},
  url    = {https://github.com/Microsoft/MSRC-Security-Research/blob/master/presentations/2012_10_Breakpoint/BreakPoint2012_Miller_Modeling_the_exploitation_and_mitigation_of_memory_safety_vulnerabilities.pdf},
  howpublished = {\href{https://2012.ruxconbreakpoint.com/}{Breakpoint 2012}},
}

@inproceedings{Hu2016,
  author    = {Hu, Hong and Shinde, Shweta and Adrian, Sendroiu and Chua, Zheng Leong and Saxena, Prateek and Liang, Zhenkai},
  booktitle = {2016 IEEE Symposium on Security and Privacy (SP)},
  title     = {Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks},
  year      = {2016},
  volume    = {},
  number    = {},
  pages     = {969-986},
  doi       = {10.1109/SP.2016.62}
}

@article{Dullien2020,
  author    = {Dullien, Thomas},
  journal   = {IEEE Transactions on Emerging Topics in Computing},
  title     = {Weird Machines, Exploitability, and Provable Unexploitability},
  year      = {2020},
  volume    = {8},
  number    = {2},
  pages     = {391-403},
  keywords  = {Software;Programming;Complexity theory;Transducers;Concrete;Cryptography;Computer security;computer hacking;computation theory;information security;language-theoretic security},
  doi       = {10.1109/TETC.2017.2785299}
}

@Electronic{Beer2020,
  author = {Ian Beer},
  title  = {An iOS zero-click radio proximity exploit odyssey},
  url    = {https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html},
  year   = {2020},
}

@Electronic{Groß2020,
  author = {Samuel Groß},
  title  = {JITSploitation I: A JIT Bug},
  url    = {https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html},
  year   = {2020},
}

@Electronic{Beer2021,
  author = {Ian Beer and Samuel Groß},
  title  = {A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution},
  url    = {https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html},
  year   = {2021},
}

@Electronic{Sharma2014,
  author = {Siddharth Sharma},
  title  = {Enhance application security with FORTIFY_SOURCE},
  url    = {https://www.redhat.com/en/blog/enhance-application-security-fortifysource},
  year   = {2014},
}

@book{Seacord2013,
author = {Seacord, Robert C.},
title = {Secure Coding in C and C++},
year = {2013},
isbn = {0321822137},
publisher = {Addison-Wesley Professional},
edition = {2nd},
}

@book{Dowd2006,
author = {Dowd, Mark and McDonald, John and Schuh, Justin},
title = {The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities},
year = {2006},
isbn = {0321444426},
publisher = {Addison-Wesley Professional},
}

@InProceedings{Yarom2014,
  author    = {Yuval Yarom and Katrina Falkner},
  booktitle = {23rd USENIX Security Symposium (USENIX Security 14)},
  title     = {{FLUSH+RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack},
  year      = {2014},
  address   = {San Diego, CA},
  month     = aug,
  pages     = {719--732},
  publisher = {USENIX Association},
  file      = {:184415 - FLUSH+RELOAD_ a High Resolution, Low Noise, L3 Cache Side Channel Attack.pdf:PDF},
  groups    = {codegen security},
  isbn      = {978-1-931971-15-7},
  url       = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom},
}

@InProceedings{Weber2021,
  author    = {Daniel Weber and Ahmad Ibrahim and Hamed Nemati and Michael Schwarz and Christian Rossow},
  booktitle = {USENIX Security'21},
  title     = {Osiris: Automated Discovery of Microarchitectural Side Channels},
  year      = {2021},
  url       = {https://arxiv.org/abs/2106.03470},
}

@InProceedings{Osvik2005,
  author  = {Osvik, Dag Arne and Shamir, Adi and Tromer, Eran},
  title   = {Cache Attacks and Countermeasures: The Case of AES},
  year    = {2005},
  doi     = {10.1007/11605805_1},
  journal = {IACR Cryptology ePrint Archive},
}

@InProceedings{Gruss2016a,
  author    = {Gruss, Daniel and Maurice, Cl\'{e}mentine and Wagner, Klaus and Mangard, Stefan},
  booktitle = {Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721},
  title     = {Flush+Flush: A Fast and Stealthy Cache Attack},
  year      = {2016},
  pages     = {279–299},
  series    = {DIMVA 2016},
  doi       = {10.1007/978-3-319-40667-1_14},
  url       = {https://doi.org/10.1007/978-3-319-40667-1_14},
}

@InProceedings{Gruss2016,
  author    = {Gruss, Daniel and Maurice, Cl\'{e}mentine and Fogh, Anders and Lipp, Moritz and Mangard, Stefan},
  booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
  title     = {Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR},
  year      = {2016},
  series    = {CCS '16},
  doi       = {10.1145/2976749.2978356},
  url       = {https://doi.org/10.1145/2976749.2978356},
}

@Misc{Percival2005,
  author       = {Percival, Colin},
  howpublished = {BSDCan},
  title        = {Cache missing for fun and profit},
  year         = {2005},
  url          = {https://eprint.iacr.org/2005/271},
}

@InProceedings{Briongos2020,
  author    = {Samira Briongos and Pedro Malagon and Jose M. Moya and Thomas Eisenbarth},
  booktitle = {29th USENIX Security Symposium (USENIX Security 20)},
  title     = {{RELOAD+REFRESH}: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks},
  year      = {2020},
  url       = {https://www.usenix.org/conference/usenixsecurity20/presentation/briongos},
}

@InProceedings{Lipp2020,
  author    = {Moritz Lipp and Vedad Hadzic and Michael Schwarz and Arthur Perais and Maurice, {Clementine Lucie Noemie} and Daniel Gru{\ss}},
  booktitle = {Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020},
  title     = {Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors},
  doi       = {10.1145/3320269.3384746},
  year      = {2020},
}

@article{Burow2017,
  author     = {Burow, Nathan and Carr, Scott A. and Nash, Joseph and Larsen, Per and Franz, Michael and Brunthaler, Stefan and Payer, Mathias},
  title      = {Control-Flow Integrity: Precision, Security, and Performance},
  year       = {2017},
  issue_date = {January 2018},
  publisher  = {Association for Computing Machinery},
  address    = {New York, NY, USA},
  volume     = {50},
  number     = {1},
  issn       = {0360-0300},
  url        = {https://doi.org/10.1145/3054924},
  doi        = {10.1145/3054924},
  journal    = {ACM Comput. Surv.},
  month      = {apr},
  articleno  = {16},
  numpages   = {33},
  keywords   = {control-flow hijacking, shadow stack, Control-flow integrity, return-oriented programming}
}

@inproceedings{Conti2015,
  author    = {Conti, Mauro and Crane, Stephen and Davi, Lucas and Franz, Michael and Larsen, Per and Negro, Marco and Liebchen, Christopher and Qunaibit, Mohaned and Sadeghi, Ahmad-Reza},
  title     = {Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks},
  year      = {2015},
  isbn      = {9781450338325},
  publisher = {Association for Computing Machinery},
  address   = {New York, NY, USA},
  url       = {https://doi.org/10.1145/2810103.2813671},
  doi       = {10.1145/2810103.2813671},
  booktitle = {Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security},
  pages     = {952–963},
  numpages  = {12},
  keywords  = {code-reuse attacks, control-flow integrity, stack corruption},
  location  = {Denver, Colorado, USA},
  series    = {CCS '15}
}

@Electronic{Serna2012,
  author = {Fermin J. Serna},
  title  = {The Info Leak Era on Software Exploitation},
  url    = {https://www.youtube.com/watch?v=VgWoPa8Whmc},
  note   = {Black Hat USA 2012},
  year   = {2012}
}

@Electronic{McCall2019,
  author = {John McCall and Ahmed Bougacha},
  title  = {arm64e: An ABI for Pointer Authentication},
  url    = {https://llvm.org/devmtg/2019-10/slides/McCall-Bougacha-arm64e.pdf},
  note   = {2019 LLVM Developers' Meeting},
  year   = {2019}
}

@Electronic{Rutland2017,
  title  = {ARMv8.3 Pointer Authentication},
  author = {Mark Rutland},
  url    = {https://events.static.linuxfound.org/sites/events/files/slides/slides_23.pdf},
  note   = {Linux Security Summit 2017},
  year   = {2017}
}

@inproceedings{Liljestrand2021,
  title     = {$\{$PACStack$\}$: an Authenticated Call Stack},
  author    = {Liljestrand, Hans and Nyman, Thomas and Gunn, Lachlan J and Ekberg, Jan-Erik and Asokan, N},
  booktitle = {30th USENIX Security Symposium (USENIX Security 21)},
  pages     = {357--374},
  year      = {2021}
}

@inproceedings{Chen2005,
  title     = {Non-Control-Data Attacks Are Realistic Threats.},
  author    = {Chen, Shuo and Xu, Jun and Sezer, Emre Can and Gauriar, Prachi and Iyer, Ravishankar K},
  booktitle = {USENIX security symposium},
  volume    = {5},
  pages     = {146},
  year      = {2005}
}

@Electronic{Dullien2018,
  author = {Thomas Dullien/Halvar Flake},
  title  = {Turing completeness, weird machines, Twitter, and muddled terminology},
  url    = {http://addxorrol.blogspot.com/2018/10/turing-completeness-weird-machines.html},
  year   = {2018},
}

@inproceedings{Ispoglou2018,
  author    = {Ispoglou, Kyriakos K. and AlBassam, Bader and Jaeger, Trent and Payer, Mathias},
  title     = {Block Oriented Programming: Automating Data-Only Attacks},
  year      = {2018},
  isbn      = {9781450356930},
  publisher = {Association for Computing Machinery},
  address   = {New York, NY, USA},
  url       = {https://doi.org/10.1145/3243734.3243739},
  doi       = {10.1145/3243734.3243739},
  booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
  pages     = {1868–1882},
  numpages  = {15},
  keywords  = {block oriented programming, program synthesis, binary analysis, data only attacks, exploitation},
  location  = {Toronto, Canada},
  series    = {CCS '18}
}

@Article{Su2021,
  author    = {Chao Su and Qingkai Zeng},
  journal   = {Security and Communication Networks},
  title     = {Survey of {CPU} Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures},
  year      = {2021},
  month     = {jun},
  doi       = {10.1155/2021/5559552},
  publisher = {Hindawi Limited},
}

@Article{Mushtaq2020,
  author    = {Maria Mushtaq and Muhammad Asim Mukhtar and Vianney Lapotre and Muhammad Khurram Bhatti and Guy Gogniat},
  journal   = {Information Systems},
  title     = {Winter is here! A decade of cache-based side-channel attacks, detection & mitigation for {RSA}},
  year      = {2020},
  month     = {sep},
  doi       = {10.1016/j.is.2020.101524},
  publisher = {Elsevier {BV}},
}


@InProceedings{Schwarz2019,
  author    = {Michael Schwarz and Martin Schwarzl and Moritz Lipp and Jon Masters and Daniel Gruss},
  booktitle = {Computer Security - {ESORICS} 2019 - 24th European Symposium on Research in Computer Security, Luxembourg, September 23-27, 2019, Proceedings, Part {I}},
  title     = {NetSpectre: Read Arbitrary Memory over Network},
  year      = {2019},
  pages     = {279--299},
  publisher = {Springer},
  series    = {Lecture Notes in Computer Science},
  volume    = {11735},
}

@InCollection{Schwarz2017,
  author    = {Michael Schwarz and Cl{\'{e}}mentine Maurice and Daniel Gruss and Stefan Mangard},
  booktitle = {Financial Cryptography and Data Security},
  publisher = {Springer International Publishing},
  title     = {Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in {JavaScript}},
  year      = {2017},
  pages     = {247--267},
}

@inproceedings{Serebryany2012,
  author    = {Serebryany, Konstantin and Bruening, Derek and Potapenko, Alexander and Vyukov, Dmitriy},
  title     = {$\{$AddressSanitizer$\}$: A Fast Address Sanity Checker},
  booktitle = {2012 USENIX Annual Technical Conference (USENIX ATC 12)},
  pages     = {309--318},
  year      = {2012}
}

@InProceedings{Soares2021,
  author    = {Luigi Soares and Fernando Magno Quintan Pereira},
  booktitle = {2021 {IEEE}/{ACM} International Symposium on Code Generation and Optimization ({CGO})},
  title     = {Memory-Safe Elimination of Side Channels},
  year      = {2021},
  publisher = {{IEEE}},
  doi       = {10.1109/cgo51591.2021.9370305},
}

@InProceedings{Wu2018,
  author    = {Meng Wu and Shengjian Guo and Patrick Schaumont and Chao Wang},
  booktitle = {Proceedings of the 27th {ACM} {SIGSOFT} International Symposium on Software Testing and Analysis},
  title     = {Eliminating timing side-channel leaks using program repair},
  year      = {2018},
  publisher = {{ACM}},
  doi       = {10.1145/3213846.3213851},
}

@Electronic{Groß2022,
  author = {Samuel Groß and Amy Burnett},
  title  = {Attacking JavaScript Engines in 2022},
  url    = {https://saelo.github.io/presentations/offensivecon_22_attacking_javascript_engines.pdf},
  note   = {OffensiveCon 2022},
  year   = {2022}
}

@Electronic{Glazunov2021,
  author = {Sergei Glazunov},
  title  = {In-the-Wild Series: Chrome Infinity Bug},
  url    = {https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html},
  year   = {2021},
}

@Electronic{Fetiveau2019,
  author = {Jeremy Fetiveau},
  title  = {Circumventing Chrome's hardening of typer bugs},
  url    = {https://doar-e.github.io/blog/2019/05/09/circumventing-chromes-hardening-of-typer-bugs/},
  year   = {2019},
}

@Electronic{Pizlo2020,
  author = {Filip Pizlo},
  title  = {Speculation in JavaScriptCore},
  url    = {https://webkit.org/blog/10308/speculation-in-javascriptcore/},
  year   = {2020},
}

@Electronic{saelo2021a,
  author = {saelo},
  title  = {Exploiting Logic Bugs in JavaScript JIT Engines},
  url    = {http://www.phrack.org/issues/70/9.html},
  year   = {2021},
}

@Electronic{saelo2021b,
  author = {saelo},
  title  = {Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622},
  url    = {http://www.phrack.org/issues/70/3.html},
  year   = {2021},
}

@Electronic{Wingo2011,
  author = {Any Wingo},
  title  = {Value Representation in JavaScript Implementations},
  url    = {https://wingolog.org/archives/2011/05/18/value-representation-in-javascript-implementations},
  year   = {2011},
}

@inproceedings{Song2015,
  title     = {Exploiting and Protecting Dynamic Code Generation.},
  author    = {Song, Chengyu and Zhang, Chao and Wang, Tielei and Lee, Wenke and Melski, David},
  booktitle = {NDSS},
  year      = {2015}
}

@inproceedings{wang2012undefined,
  title={Undefined behavior: what happened to my code?},
  author={Wang, Xi and Chen, Haogang and Cheung, Alvin and Jia, Zhihao and Zeldovich, Nickolai and Kaashoek, M Frans},
  booktitle={Proceedings of the Asia-Pacific Workshop on Systems},
  pages={1--7},
  year={2012}
}

@inproceedings{d2015correctness,
  title={The correctness-security gap in compiler optimization},
  author={D'Silva, Vijay and Payer, Mathias and Song, Dawn},
  booktitle={2015 IEEE Security and Privacy Workshops},
  pages={73--87},
  year={2015},
  organization={IEEE}
}

@article{dusilent,
  title={Silent Bugs Matter: A Study of Compiler-Introduced Security Bugs},
  author={Du, Jianhao Xu1 Kangjie Lu2 Zhengjie and Wu, Zhu Ding1 Linke Li1 Qiushi and Mao, Mathias Payer3 Bing}
}

@Electronic{Wang2015,
  author = {Xi Wang},
  title  = {More randomness or less},
  url    = {https://kqueue.org/blog/2012/06/25/more-randomness-or-less/},
  year   = {2015},
}

@Electronic{FbsdJunk,
  title  = {FreeBSD mitigation for srandom undefined behavior},
  url    = {https://github.com/freebsd/freebsd-src/commit/6a762eb23ea5f31e65cfa12602937f39a14e9b0c},
  year   = {2012},
}

@Electronic{ObsdJunk,
  title  = {OpenBSD mitigation for srandom undefined behavior},
  url    = {https://github.com/openbsd/src/commit/99d815f892ce481695caf21f08f773f563820a66},
  year   = {2002},
}

@Electronic{ChromiumIssue,
  title  = {Issue 3782: V8 is not -fsanitize=null clean},
  url    = {https://bugs.chromium.org/p/v8/issues/detail?id=3782},
  year   = {2014},
}

@Electronic{MozillaIssue,
  title  = {GCC6 - TB crashes due to removed null pointer checks for "this"},
  url    = {https://bugzilla.mozilla.org/show_bug.cgi?id=1251576},
  year   = {2016},
}

@Electronic{MemZeroBarrier,
  title  = {lib: memzero\_explicit: use barrier instead of {OPTIMIZER\_HIDE\_VAR}},
  url    = {https://github.com/torvalds/linux/commit/0b053c9518292705736329a8fe20ef4686ffc8e9},
  year   = {2015},
}

@Electronic{MemZeroDataBarrier,
  title  = {lib: make memzero\_explicit more robust against dead store elimination},
  url    = {https://github.com/torvalds/linux/commit/7829fb09a2b4268b30dd9bc782fa5ebee278b137},
  year   = {2015},
}

@Electronic{OpenSSLMemClr,
  title  = {lib: make memzero\_explicit more robust against dead store elimination},
  url    = {https://github.com/openssl/openssl/commit/104ce8a9f02d250dd43c255eb7b8747e81b29422},
  year   = {2016},
}

@Electronic{GNUMemSet,
  title  = {10.604 memset\_explicit},
  url    = {https://www.gnu.org/software//gnulib/manual/html_node/memset_005fexplicit.html},
}

@Electronic{MemSetProposal,
  title  = {memset\_explicit},
  url    = {https://www.open-std.org/jtc1/sc22/wg14/www/docs/n2897.htm},
  year   = {2021},
}

@Article{Huo2019,
  author    = {Tianlin Huo and Xiaoni Meng and Wenhao Wang and Chunliang Hao and Pei Zhao and Jian Zhai and Mingshu Li},
  journal   = {{IACR} Transactions on Cryptographic Hardware and Embedded Systems},
  title     = {Bluethunder: A 2-level Directional Predictor Based Side-Channel Attack against {SGX}},
  year      = {2019},
  month     = {nov},
  doi       = {10.46586/tches.v2020.i1.321-347},
}

@InProceedings{Evtyushkin2018,
  author    = {Dmitry Evtyushkin and Ryan Riley and Nael CSE and ECE Abu-Ghazaleh and Dmitry Ponomarev},
  booktitle = {Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems},
  title     = {BranchScope: A New Side-Channel Attack on Directional Branch Predictor},
  year      = {2018},
  doi       = {10.1145/3173162.3173204},
}

@InProceedings{Aciicmez2007,
  author    = {Onur Acii{\c{c}}mez and {\c{C}}etin Kaya Ko{\c{c}} and Jean-Pierre Seifert},
  booktitle = {Proceedings of the 2nd {ACM} symposium on Information, computer and communications security},
  title     = {On the power of simple branch prediction analysis},
  year      = {2007},
  publisher = {{ACM}},
  doi       = {10.1145/1229285.1266999},
}

@InProceedings{Lee2017,
  author    = {Sangho Lee and Ming-Wei Shih and Prasun Gera and Taesoo Kim and Hyesoon Kim and Marcus Peinado},
  booktitle = {26th USENIX Security Symposium (USENIX Security 17)},
  title     = {Inferring Fine-grained Control Flow Inside {SGX} Enclaves with Branch Shadowing},
  year      = {2017},
  url       = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/lee-sangho},
}

@InProceedings{Bulygin2008,
  author    = {Yuriy Bulygin},
  booktitle = {CPU side-channels vs. virtualization rootkits: the good, the bad, or the ugly},
  title     = {{CPU} side-channels vs. virtualization rootkits: the good, the bad, or the ugly},
  year      = {2008},
  url       = {https://infocondb.org/con/toorcon/toorcon-seattle-2008/cpu-side-channels-vs-virtualization-rootkits-the-good-the-bad-or-the-ugly},
}

@Article{Eyerman2009,
  author    = {Stijn Eyerman and Lieven Eeckhout and Tejas Karkhanis and James E. Smith},
  journal   = {{ACM} Transactions on Computer Systems},
  title     = {A mechanistic performance model for superscalar out-of-order processors},
  year      = {2009},
  month     = {may},
  number    = {2},
  volume    = {27},
  doi       = {10.1145/1534909.1534910},
}

@Electronic{Cook2023,
  author = {Kees Cook},
  title  = {Bounded Flexible Arrays in {C}},
  url    = {https://people.kernel.org/kees/bounded-flexible-arrays-in-c},
  year   = {2023},
}

@InProceedings{Kocher2019,
  author    = {Paul Kocher and Jann Horn and Anders Fogh and Daniel Genkin and Daniel Gruss and Werner Haas and Mike Hamburg and Moritz Lipp and Stefan Mangard and Thomas Prescher and Michael Schwarz and Yuval Yarom},
  booktitle = {2019 {IEEE} Symposium on Security and Privacy ({SP})},
  title     = {Spectre Attacks: Exploiting Speculative Execution},
  year      = {2019},
  publisher = {{IEEE}},
  doi       = {10.1109/sp.2019.00002}
}

@inproceedings {Lipp2018,
author = {Moritz Lipp and Michael Schwarz and Daniel Gruss and Thomas Prescher and Werner Haas and Anders Fogh and Jann Horn and Stefan Mangard and Paul Kocher and Daniel Genkin and Yuval Yarom and Mike Hamburg},
title = {Meltdown: Reading Kernel Memory from User Space},
booktitle = {27th USENIX Security Symposium (USENIX Security 18)},
year = {2018},
url = {https://www.usenix.org/conference/usenixsecurity18/presentation/lipp},
}

@InProceedings{Bulck2020,
  author    = {Jo Van Bulck and Daniel Moghimi and Michael Schwarz and Moritz Lippi and Marina Minkin and Daniel Genkin and Yuval Yarom and Berk Sunar and Daniel Gruss and Frank Piessens},
  booktitle = {2020 {IEEE} Symposium on Security and Privacy ({SP})},
  title     = {{LVI}: Hijacking Transient Execution through Microarchitectural Load Value Injection},
}

@InProceedings{Canella2019,
  author    = {Claudio Canella and Jo Van Bulck and Michael Schwarz and Moritz Lipp and Benjamin von Berg and Philipp Ortner and Frank Piessens and Dmitry Evtyushkin and Daniel Gruss},
  booktitle = {28th {USENIX} Security Symposium ({USENIX} Security 19)},
  title     = {A Systematic Evaluation of Transient Execution Attacks and Defenses},
  year      = {2019},
  url       = {https://www.usenix.org/conference/usenixsecurity19/presentation/canella},
}

@InProceedings{Mutlu2004,
  author     = {Mutlu, Onur and Kim, Hyesoon and Armstrong, David N. and Patt, Yale N.},
  booktitle  = {Proceedings of the 3rd workshop on Memory performance issues in conjunction with the 31st international symposium on computer architecture - WMPI ’04},
  title      = {Understanding the effects of wrong-path memory references on processor performance},
  year       = {2004},
  doi        = {10.1145/1054943.1054951},
}

@TechReport{Wheeler2020,
  title={Initial Analysis of Underhanded Source Code},
  author={Wheeler, David A.},
  url={https://www.ida.org/research-and-publications/publications/all/i/in/initial-analysis-of-underhanded-source-code},
  year={2020},
  institution={Institute for Defense Analyses.}
}

@InProceedings{Boucher2023,
    title = {Trojan Source: Invisible Vulnerabilities},
    author = {Nicholas Boucher and Ross Anderson},
    booktitle = {32nd USENIX Security Symposium (USENIX Security 23)},
    year = {2023},
    address = {Anaheim, CA},
    publisher = {USENIX Association},
    month = {aug},
    url = {https://arxiv.org/abs/2111.00169}
}

@TechReport{pep572,
  author  = {Chris Angelico and Tim Peters and Guido van Rossum},
  title   = {Assignment Expressions},
  year    = {2018},
  type    = {PEP},
  number  = {572},
  url     = {https://peps.python.org/pep-0572/},
}