pith. sign in

arxiv: 2606.16372 · v2 · pith:AF55YKRGnew · submitted 2026-06-15 · 💻 cs.CR

MIPSBLEED: Uncovering Microarchitectural Timing Leaks in Pervasive Embedded Processors

Ahmed Najeeb , Billy Bob Brumley This is my paper

Pith reviewed 2026-06-27 03:40 UTC · model grok-4.3

classification 💻 cs.CR
keywords MIPS processorstiming attacksside-channel attackssimultaneous multithreadingembedded systemselliptic curve cryptographymicroarchitectural leakskey recovery
0
0 comments X

The pith

MIPS processors with simultaneous multithreading leak timing data from shared L1 caches and execution engine, enabling unprivileged single-trace key recovery on elliptic curve cryptography.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

MIPS processors remain common in routers, industrial controllers, and IoT devices. The paper shows that simultaneous multithreading on these platforms shares the L1 data cache, L1 instruction cache, and execution engine across threads, creating measurable timing differences. MIPSBLEED uses assembly-level probes to quantify leakage in all three channels and executes attacks that need no special access rights. The work ends with a demonstration that recovers the full key from a real elliptic curve cryptographic implementation in one trace. A reader would care because these low-power platforms often run security-sensitive code in environments with limited isolation options.

Core claim

The central claim is that simultaneous multithreading on MIPS platforms produces high-resolution timing leakage through three shared components—the L1 data cache, L1 instruction cache, and execution engine—and that this leakage supports practical attacks, including full key recovery on elliptic curve cryptography, using only unprivileged code.

What carries the argument

Assembly-level timing probes that detect contention effects in the shared L1 data cache, L1 instruction cache, and execution engine under simultaneous multithreading.

If this is right

  • Unprivileged code can extract cryptographic keys from elliptic curve implementations on SMT-enabled MIPS devices.
  • All three identified channels contribute usable leakage that can be combined in attacks.
  • Resource-constrained embedded systems using these processors require new lightweight isolation methods to block cross-thread timing channels.
  • Single-trace attacks become viable because the timing resolution is high enough to extract keys without repeated observations.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar timing leaks may exist in other legacy embedded processor families that still use simultaneous multithreading.
  • Device makers could reduce risk by disabling simultaneous multithreading or adding simple cache partitioning on MIPS-based products.
  • The probe techniques could be ported to study timing leakage on additional constrained architectures used in industrial and IoT settings.

Load-bearing premise

The tested MIPS platforms actually run simultaneous multithreading with the described shared L1 data cache, L1 instruction cache, and execution engine that produce timing differences matching the probe measurements.

What would settle it

Running the assembly probes on the target MIPS hardware and finding no statistically significant timing variation tied to different cache states or execution paths would falsify the reported leakage.

Figures

Figures reproduced from arXiv: 2606.16372 by Ahmed Najeeb, Billy Bob Brumley.

Figure 1
Figure 1. Figure 1: High-level layout of the MIPS32 1004K processor. Each physical core contains two logical cores sharing L1 data cache, L1 instruction cache, and execution engine. MDU ALU FPU IF IS IT RF AG MS ER WB Thread 1 Thread 2 [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: MIPS32 1004K pipeline stages. Instructions from both logical cores are inter￾leaved through the shared 8–9 stage execution engine. (LRU) cache replacement policy to deal with cache conflicts [33]. Since both the logical cores share the L1 cache and they both can write to it, this can lead to one process evicting the cache lines of the other process running on the same physical core. The execution engine is… view at source ↗
Figure 3
Figure 3. Figure 3: L1 data cache probe implementation excerpt (MIPS assembly). Three iterations shown for cache sets 0, 1, and 127, each accessing all four ways with a dependency chain to prevent out-of-order execution. We implemented our attack in assembly, and [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: L1 data cache probe output with the victim accessing set 50. The y-axis denotes cache set index (128 sets monitored) and the x-axis denotes successive probe iterations. The horizontal dark band at set 50 confirms measurable contention [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Top: averaged L1 data cache traces across two classes (sustained contention vs. contention then idle). Vertical lines correspond to context switches. Bottom: cor￾responding NICV values; high NICV confirms significant information leakage through the data cache channel. (center), the only differences being an extra 32 bytes in each fixed load offset (lines are 32 bytes) to select the cache set, and the fixed… view at source ↗
Figure 6
Figure 6. Figure 6: shows an excerpt of our assembly implementation. It shows two iterations, one for cache set 1 and then follows with another for set 2. This logic repeats for each of the 256 cache sets (see Section 2.1), taking a timing measurement for each set. The code is structured in a similar way to [2]. First we align our code at a 13-bit boundary (here 8000, and note t7 is initially set to the corresponding virtual … view at source ↗
Figure 7
Figure 7. Figure 7: L1 instruction cache probe output with the victim executing instructions aligned to set 50. The y-axis denotes cache set index (128 sets monitored) and the x-axis denotes successive probe iterations. The horizontal dark band at set 50 confirms measurable contention. 0 20 40 60 80 100 Latency (clock cycles) 0/0 0/1 0 0.2 0.4 0.6 0.8 1 6000 8000 10000 12000 14000 sqrt(NICV) Time (samples) [PITH_FULL_IMAGE:f… view at source ↗
Figure 8
Figure 8. Figure 8: Top: averaged L1 instruction cache traces across two classes (sustained con￾tention vs. contention then idle). Vertical lines correspond to context switches. Bot￾tom: corresponding NICV values; high NICV confirms significant information leakage through the instruction cache channel [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Execution engine probe implementation (MIPS assembly). Left: ALU con￾tention via repeated add/sub pairs. Right: MDU contention via repeated mul instruc￾tions. Both record per-iteration cycle counts. 0 20 40 60 80 100 Latency (clock cycles) 0/0 0/1 0 0.2 0.4 0.6 0.8 1 0 1000 2000 3000 4000 5000 6000 7000 8000 sqrt(NICV) Time (samples) [PITH_FULL_IMAGE:figures/full_fig_p014_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Top: averaged execution engine traces across two classes (no contention vs. ALU contention in the second half). Bottom: corresponding NICV values; high NICV confirms significant information leakage through the execution engine channel. 5.1 Results The results of the attack are shown in [PITH_FULL_IMAGE:figures/full_fig_p014_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Vulnerable code segment in SECCURE’s pointmul function. The conditional branch on each scalar bit introduces a data-dependent point addition, creating ex￾ploitable timing variation [PITH_FULL_IMAGE:figures/full_fig_p016_11.png] view at source ↗
Figure 12
Figure 12. Figure 12: Partial instruction cache trace during SECCURE scalar multiplication on P-256. Darker regions indicate higher latency. Red and green highlights mark point addition and point doubling operations, respectively, directly revealing scalar bits. The objective of the attack is to recover the sequence of elliptic curve point doubling and addition operations executed during scalar multiplication. Since this seque… view at source ↗
read the original abstract

Despite their age, MIPS processors remain deeply embedded in routers, industrial controllers, and IoT systems, yet their security against modern side-channel attacks has received little attention. This paper exposes how Simultaneous Multithreading (SMT), a feature increasingly used to boost performance in these environments, creates powerful cross-core timing channels on MIPS-based platforms. We introduce MIPSBLEED, a systematic analysis and exploitation framework that uncovers leakage in three shared microarchitectural components: the L1 data cache, L1 instruction cache, and the execution engine. Through carefully crafted assembly-level probes and quantitative leakage assessment, we demonstrate practical, high-resolution timing attacks that operate without requiring privileged access. Our evaluation reveals significant information leakage across all three channels and culminates in a single trace key recovery attack on a real elliptic curve cryptographic toolkit. These results position MIPS as an overlooked yet critical target in the study of microarchitectural security and underscore the urgent need for lightweight isolation mechanisms in resource-constrained, SMT-enabled embedded systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 1 minor

Summary. The paper introduces MIPSBLEED, a systematic analysis and exploitation framework for microarchitectural timing leaks in MIPS processors enabled by Simultaneous Multithreading (SMT). It identifies leakage channels in the shared L1 data cache, L1 instruction cache, and execution engine via assembly-level probes, demonstrates practical high-resolution timing attacks without privileged access, and reports a single-trace key recovery attack against a real elliptic curve cryptographic toolkit on embedded MIPS platforms.

Significance. If the empirical results hold, the work is significant for highlighting an overlooked attack surface in widely deployed but understudied MIPS-based embedded systems (routers, IoT, industrial controllers), providing concrete evidence of cross-thread leakage and motivating lightweight isolation mechanisms in resource-constrained SMT environments.

major comments (2)
  1. [Abstract (evaluation paragraph)] The central claim that the three named channels exist and enable single-trace EC key recovery rests on the assumption that the evaluated MIPS platforms implement SMT with the exact shared L1 D-cache, I-cache, and execution engine configuration modeled by the assembly probes. The abstract states that evaluation occurred but provides no platform identifiers, SMT configuration details, or hardware confirmation that these resources are shared in the manner required for the observed timing leaks.
  2. [Abstract (evaluation paragraph)] No quantitative leakage metrics, trace counts, success rates, or error analysis are supplied to support the claims of 'significant information leakage across all three channels' and 'single trace key recovery.' Without these, it is impossible to assess whether the attacks are practical or reproducible on the claimed hardware.
minor comments (1)
  1. The abstract would benefit from naming the specific MIPS cores or SoCs evaluated and the cryptographic toolkit used for the key-recovery demonstration.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed comments on the abstract. The full manuscript provides platform details, SMT configurations, hardware confirmations, and quantitative metrics in Sections 4-6, but we agree the abstract can be strengthened for clarity and will revise it accordingly.

read point-by-point responses

  1. Referee: [Abstract (evaluation paragraph)] The central claim that the three named channels exist and enable single-trace EC key recovery rests on the assumption that the evaluated MIPS platforms implement SMT with the exact shared L1 D-cache, I-cache, and execution engine configuration modeled by the assembly probes. The abstract states that evaluation occurred but provides no platform identifiers, SMT configuration details, or hardware confirmation that these resources are shared in the manner required for the observed timing leaks.

    Authors: Section 4 of the manuscript identifies the specific MIPS platforms evaluated, their SMT configurations, and confirms shared L1 D-cache, I-cache, and execution engine resources via both vendor documentation and assembly-level microbenchmarking results. We will revise the abstract to include brief platform identifiers and a statement on hardware confirmation of the shared resources. revision: yes

  2. Referee: [Abstract (evaluation paragraph)] No quantitative leakage metrics, trace counts, success rates, or error analysis are supplied to support the claims of 'significant information leakage across all three channels' and 'single trace key recovery.' Without these, it is impossible to assess whether the attacks are practical or reproducible on the claimed hardware.

    Authors: Sections 5 and 6 present quantitative leakage metrics for all three channels, trace counts for the single-trace EC attack, success rates, and error analysis. The abstract summarizes these findings due to length constraints. We will revise the abstract to include key quantitative highlights supporting practicality and reproducibility. revision: yes

Circularity Check

0 steps flagged

No circularity: empirical security evaluation with no derivation chain

full rationale

This paper presents an empirical security analysis of timing side-channels on MIPS processors. The abstract and description describe experimental probes, leakage assessment, and a key recovery attack on real hardware, with no equations, fitted parameters, predictions derived from inputs, or self-citation chains that reduce claims to their own assumptions by construction. The load-bearing elements are hardware measurements and attack demonstrations, which are externally falsifiable on the claimed platforms rather than internally defined. No steps match any enumerated circularity pattern.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract provides no information on free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5705 in / 1038 out tokens · 39526 ms · 2026-06-27T03:40:38.961485+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

44 extracted references · 22 canonical work pages

  1. [1]

    In: Ning, P., Atluri, V

    Acıiçmez, O.: Yet another MicroArchitectural attack: exploiting I-Cache. In: Ning, P., Atluri, V. (eds.) Proceedings of the 2007 ACM workshop on Computer Security Architecture, CSAW 2007, Fairfax, VA, USA, November 2, 2007. pp. 11–18. ACM (2007), https://doi.org/10.1145/1314466.1314469

    work page doi:10.1145/1314466.1314469 2007

  2. [2]

    In: Mangard, S., Standaert, F

    Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings. Lecture Notes in Computer Science, vol. 6225, pp. 110–124. Springer (2010), https://doi.org/1...

    work page doi:10.1007/978-3-642-15031-9_8 2010

  3. [3]

    In: Abe, M

    Acıiçmez, O., Koç, Ç.K., Seifert, J.: Predicting secret keys via branch prediction. In: Abe, M. (ed.) Topics in Cryptology - CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007, San Francisco, CA, USA, February 5-9, 2007, Proceedings. Lecture Notes in Computer Science, vol. 4377, pp. 225–242. Springer (2007), https://doi.org/10.1007/11967668_15

    work page doi:10.1007/11967668_15 2007

  4. [4]

    In: Butler, K.R.B., Thomas, K

    Aldaya, A.C., Brumley, B.B.: HyperDegrade: From GHz to MHz effective CPU frequencies. In: Butler, K.R.B., Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. pp. 2801–2818. USENIX Association (2022), https://www.usenix.org/conference/ usenixsecurity22/presentation/aldaya

    2022

  5. [5]

    Port contention for fun and profit

    Aldaya, A.C., Brumley, B.B., ul Hassan, S., Pereida García, C., Tuveri, N.: Port contention for fun and profit. In: 2019 IEEE Symposium on Security and Privacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. pp. 870–887. IEEE (2019), https://doi.org/10.1109/SP.2019.00066

    work page doi:10.1109/sp.2019.00066 2019

  6. [6]

    In: Proceedings of the 55th Annual Design Automation Conference, DAC 2018, San Francisco, CA, USA, June 24-29, 2018

    Barenghi, A., Pelosi, G.: Side-channel security of superscalar CPUs: evaluating the impact of micro-architectural features. In: Proceedings of the 55th Annual Design Automation Conference, DAC 2018, San Francisco, CA, USA, June 24-29, 2018. pp. 120:1–120:6. ACM (2018), https://doi.org/10.1145/3195970.3196112

    work page doi:10.1145/3195970.3196112 2018

  7. [7]

    html#cachetiming

    Bernstein, D.J.: Cache-timing attacks on AES (2005), http://cr.yp.to/papers. html#cachetiming

    2005

  8. [8]

    IACR Trans

    Bernstein, D.J., Bhargavan, K., Bhasin, S., Chattopadhyay, A., Chia, T.K., Kan- nwischer, M.J., Kiefer, F., Paiva, T.B., Ravi, P., Tamvada, G.: KyberSlash: Ex- ploiting secret-dependent division timings in Kyber implementations. IACR Trans. Cryptogr. Hardw. Embed. Syst.2025(2), 209–234 (2025), https://doi.org/10. 46586/tches.v2025.i2.209-234

    2025

  9. [9]

    In: International Symposium on Electromag- netic Compatibility, EMC 2014, Tokyo, Japan, May 12-16, 2014, Proceedings

    Bhasin, S., Danger, J., Guilley, S., Najm, Z.: NICV: Normalized inter-class variance for detection of side-channel leakage. In: International Symposium on Electromag- netic Compatibility, EMC 2014, Tokyo, Japan, May 12-16, 2014, Proceedings. pp. 310–313 (2014), https://ieeexplore.ieee.org/document/6997167

    arXiv 2014

  10. [10]

    In: Cavallaro, L., Kinder, J., Wang, X., Katz, J

    Bhattacharyya,A.,Sandulescu,A.,Neugschwandtner,M.,Sorniotti,A.,Falsafi,B., Payer,M.,Kurmus,A.:SMoTherSpectre:Exploitingspeculativeexecutionthrough port contention. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, November 11-15, 2019. pp. 7...

    work page doi:10.1145/3319535.3363194 2019

  11. [11]

    In: Matsui, M

    Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) Advances in Cryptology - ASIACRYPT 2009, 15th International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan, December 6-10, 2009. Proceedings. Lecture Notes in Computer Science, vol. 5912, pp. 667–684. Springer (2009), https://doi...

    work page doi:10.1007/978-3-642-10366-7_39 2009

  12. [12]

    In: Con- structive Side-Channel Analysis and Secure Design - 2nd International Workshop, COSADE 2011, Darmstadt, Germany, February 24-25, 2011

    Brumley, B.B., Tuveri, N.: Cache-timing attacks and shared contexts. In: Con- structive Side-Channel Analysis and Secure Design - 2nd International Workshop, COSADE 2011, Darmstadt, Germany, February 24-25, 2011. Proceedings. pp. 233– 242 (2011), https://researchportal.tuni.fi/files/15671512/cosade2011.pdf

    arXiv 2011

  13. [13]

    In: Jr., B.S.K., Koç, Ç.K., Paar, C

    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Jr., B.S.K., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems - CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers. Lecture Notes in Computer Science, vol. 2523, pp. 13–28. Springer (2002), https://doi.org/10.1007/3-540-36400-5_3

    work page doi:10.1007/3-540-36400-5_3 2002

  14. [14]

    In: Frankel, Y

    Coron, J., Kocher, P.C., Naccache, D.: Statistics and secret leakage. In: Frankel, Y. (ed.) Financial Cryptography, 4th International Conference, FC 2000 Anguilla, British West Indies, February 20-24, 2000, Proceedings. Lecture Notes in Com- puter Science, vol. 1962, pp. 157–173. Springer (2000), https://doi.org/10.1007/ 3-540-45472-1_12

    2000

  15. [15]

    In: ACSAC ’21: Annual Computer Security Appli- cations Conference, Virtual Event, USA, December 6-10, 2021

    Cronin, P., Gao, X., Wang, H., Cotton, C.: An exploration of ARM system-level cache and GPU side channels. In: ACSAC ’21: Annual Computer Security Appli- cations Conference, Virtual Event, USA, December 6-10, 2021. pp. 784–795. ACM (2021), https://doi.org/10.1145/3485832.3485902

    work page doi:10.1145/3485832.3485902 2021

  16. [16]

    In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023

    Gast, S., Juffinger, J., Schwarzl, M., Saileshwar, G., Kogler, A., Franza, S., Köstl, M., Gruss, D.: SQUIP: Exploiting the scheduler queue contention side channel. In: 44th IEEE Symposium on Security and Privacy, SP 2023, San Francisco, CA, USA, May 21-25, 2023. pp. 2256–2272. IEEE (2023), https://doi.org/10.1109/SP46215. 2023.10179368

    work page doi:10.1109/sp46215 2023

  17. [17]

    Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptographic Engi- neering8(1), 1–27 (2018), https://doi.org/10.1007/s13389-016-0141-6

    work page doi:10.1007/s13389-016-0141-6 2018

  18. [18]

    In: Non-Invasive Attack Testing Workshop, NIAT 2011, Nara, Japan, September 26-27, 2011

    Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: Non-Invasive Attack Testing Workshop, NIAT 2011, Nara, Japan, September 26-27, 2011. Proceedings. NIST (2011), https://csrc.nist.gov/csrc/media/events/non-invasive-attack-testing-workshop/ documents/08_goodwill.pdf

    2011

  19. [19]

    In: Enck, W., Felt, A.P

    Gras, B., Razavi, K., Bos, H., Giuffrida, C.: Translation leak-aside buffer: De- feating cache side-channel protections with TLB attacks. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Balti- more, MD, USA, August 15-17, 2018. pp. 955–972. USENIX Association (2018), https://www.usenix.org/conference/usenixsecurity18/...

    2018

  20. [20]

    In: Kirda, E., Ristenpart, T

    Green, M., Lima, L.R., Zankl, A., Irazoqui, G., Heyszl, J., Eisenbarth, T.: AutoLock: Why cache attacks on ARM are harder than you think. In: Kirda, E., Ristenpart, T. (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017. pp. 1075–1091. USENIX Association (2017), https://www.usenix.org/conference/ usenixse...

    2017

  21. [21]

    In: 32nd IEEE Symposium on Security and Privacy, 20 Ahmed Najeeb and Billy Bob Brumley S&P 2011, 22-25 May 2011, Berkeley, California, USA

    Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium on Security and Privacy, 20 Ahmed Najeeb and Billy Bob Brumley S&P 2011, 22-25 May 2011, Berkeley, California, USA. pp. 490–505. IEEE Com- puter Society (2011), https://doi.org/10.1109/SP.2011.22

    work page doi:10.1109/sp.2011.22 2011

  22. [22]

    and Patterson, D.A

    Hennessy, J.L., Patterson, D.A.: A new golden age for computer architecture. Com- mun. ACM62(2), 48–60 (2019), https://doi.org/10.1145/3282307

    work page doi:10.1145/3282307 2019

  23. [23]

    In: Proceedings of the 53rd Annual Design Automation Conference, DAC 2016, Austin, TX, USA, June 5-9, 2016

    Kayaalp, M., Abu-Ghazaleh, N.B., Ponomarev, D.V., Jaleel, A.: A high-resolution side-channel attack on last-level cache. In: Proceedings of the 53rd Annual Design Automation Conference, DAC 2016, Austin, TX, USA, June 5-9, 2016. pp. 72:1– 72:6. ACM (2016), http://doi.acm.org/10.1145/2897937.2897962

    work page doi:10.1145/2897937.2897962 2016

  24. [24]

    In: IEEE International Symposium on High-Performance Computer Archi- tecture, HPCA 2022, Seoul, South Korea, April 2-6, 2022

    Kim, S., Han, M., Baek, W.: DPrime+DAbort: A high-precision and timer-free directory-based side-channel attack in non-inclusive cache hierarchies using Intel TSX. In: IEEE International Symposium on High-Performance Computer Archi- tecture, HPCA 2022, Seoul, South Korea, April 2-6, 2022. pp. 67–81. IEEE (2022), https://doi.org/10.1109/HPCA53966.2022.00014

    work page doi:10.1109/hpca53966.2022.00014 2022

  25. [25]

    Spectre attacks: Exploit- ing speculative execution

    Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre attacks: Exploiting speculative execution. In: 2019 IEEE Symposium on Security and Pri- vacy, SP 2019, San Francisco, CA, USA, May 19-23, 2019. pp. 1–19. IEEE (2019), https://doi.org/10.1109/SP.2019.00002

    work page doi:10.1109/sp.2019.00002 2019

  26. [26]

    In: Koblitz, N

    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology - CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, Califor- nia, USA, August 18-22, 1996, Proceedings. Lecture Notes in Computer Science, vol. 1109, pp. 104–113. Springer (1996), https://do...

    work page doi:10.1007/3-540-68697-5_9 1996

  27. [27]

    Kocher, Joshua Jaffe, and Benjamin Jun

    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology - CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15-19, 1999, Proceedings. Lecture Notes in Computer Science, vol. 1666, pp. 388–397. Springer (1999), https: //doi.org/10.1007/3-540-48405-1_25

    work page doi:10.1007/3-540-48405-1_25 1999

  28. [28]

    In: Holz, T., Savage, S

    Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: Cache attacks on mobile devices. In: Holz, T., Savage, S. (eds.) 25th USENIX Secu- rity Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016. pp. 549–564. USENIX Association (2016), https://www.usenix.org/conference/ usenixsecurity16/technical-sessions/presentation/lipp

    2016

  29. [29]

    In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May

    Lipp, M., Kogler, A., Oswald, D.F., Schwarz, M., Easdon, C., Canella, C., Gruss, D.: PLATYPUS: Software-based power side-channel attacks on x86. In: 42nd IEEE Symposium on Security and Privacy, SP 2021, San Francisco, CA, USA, 24-27 May

    2021

  30. [30]

    pp. 355–371. IEEE (2021), https://doi.org/10.1109/SP40001.2021.00063

    work page doi:10.1109/sp40001.2021.00063 2021

  31. [31]

    In: Enck, W., Felt, A.P

    Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Man- gard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown: Reading ker- nel memory from user space. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018. pp. 973–990. USENIX Association (2018),...

    2018

  32. [32]

    In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015

    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. pp. 605–622. IEEE Computer Society (2015), https://doi.org/10.1109/SP.2015.43

    work page doi:10.1109/sp.2015.43 2015

  33. [33]

    MIPS: MIPS 1004K coherent processing system datasheet (2011), https://s3-eu-west-1.amazonaws.com/downloads-mips/documents/ MD00584-2B-1004K-DTS-01.20.pdf, [Accessed 27-03-2025] MIPSBLEED: Uncovering Microarchitectural Timing Leaks 21

    2011

  34. [34]

    MIPS: MIPS software training (2018), https://training.mips.com/basic_mips/ PDF/Caches.pdf, [Accessed 27-03-2025]

    2018

  35. [35]

    MIPS: Corporate overview (2024), https://mips.com/wp-content/uploads/2024/ 01/MIPS-Corporate-Overview-FINALdocx.pdf, [Accessed 04-06-2026]

    2024

  36. [36]

    Cache attacks and countermeasures: The case of AES

    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings. Lecture Notes in Computer Science, vol. 3860, pp. 1–20. Springer (2006), https://doi.org/10.1007/1...

    work page doi:10.1007/11605805_1 2006

  37. [37]

    In: Bailey, M.D., Green- stadt,R.(eds.)30thUSENIXSecuritySymposium,USENIXSecurity2021,August 11-13, 2021

    Paccagnella, R., Luo, L., Fletcher, C.W.: Lord of the ring(s): Side channel at- tacks on the CPU on-chip ring interconnect are practical. In: Bailey, M.D., Green- stadt,R.(eds.)30thUSENIXSecuritySymposium,USENIXSecurity2021,August 11-13, 2021. pp. 645–662. USENIX Association (2021), https://www.usenix.org/ conference/usenixsecurity21/presentation/paccagnella

    2021

  38. [38]

    In: BSDCan 2005, Ottawa, Canada, May 13-14, 2005, Proceedings (2005), http://www.daemonology.net/ papers/cachemissing.pdf

    Percival, C.: Cache missing for fun and profit. In: BSDCan 2005, Ottawa, Canada, May 13-14, 2005, Proceedings (2005), http://www.daemonology.net/ papers/cachemissing.pdf

    2005

  39. [39]

    In: Patterson, D.A

    Tullsen, D.M., Eggers, S.J., Levy, H.M.: Simultaneous multithreading: Maximiz- ing on-chip parallelism. In: Patterson, D.A. (ed.) Proceedings of the 22nd Annual International Symposium on Computer Architecture, ISCA ’95, Santa Margherita Ligure,Italy,June22-24,1995.pp.392–403.ACM(1995),https://doi.org/10.1145/ 223982.224449

    arXiv 1995

  40. [40]

    In: Butler, K.R.B., Thomas, K

    Wang, Y., Paccagnella, R., He, E.T., Shacham, H., Fletcher, C.W., Kohlbren- ner, D.: Hertzbleed: Turning power side-channel attacks into remote timing at- tacks on x86. In: Butler, K.R.B., Thomas, K. (eds.) 31st USENIX Security Symposium, USENIX Security 2022, Boston, MA, USA, August 10-12, 2022. pp. 679–697. USENIX Association (2022), https://www.usenix....

    2022

  41. [41]

    In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014

    Yarom, Y., Falkner, K.: FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014. pp. 719–732. USENIX Association (2014), https://www.usenix.org/conference/usenixsecurity14/technical-sessions/ presentation/yarom

    2014

  42. [42]

    In: Gierlichs, B., Poschmann, A.Y

    Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: A timing attack on OpenSSL constant time RSA. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hard- ware and Embedded Systems - CHES 2016 - 18th International Conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings. Lecture Notes in Com- puter Science, vol. 9813, pp. 346–367. Springer (2...

    2016

  43. [43]

    In: Calandrino, J.A., Tron- coso, C

    Yu, J., Dutta, A., Jaeger, T., Kohlbrenner, D., Fletcher, C.W.: Synchroniza- tion storage channels (S2C): Timer-less cache side-channel attacks on the Ap- ple M1 via hardware synchronization instructions. In: Calandrino, J.A., Tron- coso, C. (eds.) 32nd USENIX Security Symposium, USENIX Security 2023, Ana- heim, CA, USA, August 9-11, 2023. pp. 1973–1990. ...

    2023

  44. [44]

    In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S

    Zhang, X., Xiao, Y., Zhang, Y.: Return-oriented flush-reload side channels on ARM and their implications for Android devices. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016. pp. 858–870. ACM (2016), ...

    work page doi:10.1145/2976749.2978360 2016