A Survey of Processor Chip Security

CHEN Congcong; GU Zhiyang; ZHANG Jiliang

doi:10.11999/JEIT260026

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2026 >

CHEN Congcong, GU Zhiyang, ZHANG Jiliang. A Survey of Processor Chip Security[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260026

Citation:

CHEN Congcong, GU Zhiyang, ZHANG Jiliang. A Survey of Processor Chip Security[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260026

CHEN Congcong, GU Zhiyang, ZHANG Jiliang. A Survey of Processor Chip Security[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260026

Citation:

CHEN Congcong, GU Zhiyang, ZHANG Jiliang. A Survey of Processor Chip Security[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT260026

PDF( 1369 KB)

A Survey of Processor Chip Security

doi: 10.11999/JEIT260026 cstr: 32379.14.JEIT260026

School of Integrated Circuit Science and Engineering, Nanjing University of Posts and Telecommunications, Nanjing 210023, China

Funds: The National Natural Science Foundation of China (U24A20289)

Received Date: 2026-01-08
Accepted Date: 2026-03-24
Rev Recd Date: 2026-03-18

Available Online: 2026-04-19

Abstract

Abstract

Significance Processor chip security is widely regarded as the foundation of modern information security. Cryptographic algorithms, operating systems, and applications have traditionally relied on processors as trusted computing bases. However, as Moore’s Law slows, modern processors increasingly adopt aggressive microarchitectural optimizations to improve performance and energy efficiency, often without systematic security consideration. As a result, security vulnerabilities have emerged frequently in recent years. Notably, microarchitectural timing channels exemplified by Meltdown and Spectre exploit timing differences induced by microarchitectural state changes to bypass fundamental hardware and software isolation, affecting billions of devices worldwide. Meanwhile, the boundary between architectural and microarchitectural behavior has become increasingly blurred, giving rise to new attack paradigms and transforming timing channels from isolated hardware flaws into cross-layer system security problems. Progress Although substantial progress has been made in the study of timing channels, existing surveys exhibit several limitations. First, the mechanisms underlying timing channels are highly diverse, with an expanding set of exploitable components, making hardware-centric classifications insufficient to capture emerging and unknown attacks while obscuring commonalities across techniques. Second, as classic microarchitectural channels become better understood and partially mitigated, leakage increasingly migrates to higher-level shared resources, including operating system policies and software-managed coordination mechanisms. However, prior work often treats software primarily as an execution context rather than a source of timing leakage. In addition, existing discussions of defenses tend to focus on individual techniques, with limited analysis of their scope of effectiveness and failure modes. Contributions In this survey, timing channels are systematically reviewed from a cross-layer perspective, and hardware- and software-based leakages are unified under a common abstraction. Four necessary conditions for timing channel exploitation are identified, and a unified classification framework is constructed based on the nature of shared mutable state and the mechanisms enabling timing observability. Within this framework, representative attacks from the past decade are comprehensively reviewed, their attack workflows are analyzed, and underlying commonalities are revealed. Furthermore, existing defense mechanisms are classified according to the leakage conditions they aim to disrupt, and their protection scope as well as potential failure modes are discussed. Finally, this paper also analyzes the current automated detection methods. Prospects Looking forward, timing channel research faces emerging challenges. New hardware optimization techniques continue to introduce novel attack surfaces, while resource sharing at the software level may give rise to additional timing leakage. Moreover, emerging platforms—including chiplet-based architectures, cloud computing environments, hardware accelerators, and heterogeneous systems—are likely to expose new forms of timing channels that warrant systematic investigation.
- Processor security,
- timing channels,
- side-channel attacks,
- transient execution

FullText(HTML)

References(82)

References

[1]	ZHANG Jiliang, CHEN Congcong, CUI Jinhua, et al. Timing side-channel attacks and countermeasures in CPU microarchitectures[J]. ACM Computing Surveys, 2024, 56(7): 178. doi: 10.1145/3645109.
[2]	YAROM Y and FALKNER K. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack[C]. 23rd USENIX Security Symposium, San Diego, USA, 2014: 719–732.
[3]	KOCHER P, HORN J, FOGH A, et al. Spectre attacks: Exploiting speculative execution[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2019: 1–19. doi: 10.1109/SP.2019.00002.
[4]	LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown: Reading kernel memory from user space[J]. Communications of the ACM, 2020, 63(6): 46–56. doi: 10.1145/3357033.
[5]	GRUSS D, KRAFT E, TIWARI T, et al. Page cache attacks[C]. ACM SIGSAC Conference on Computer and Communications Security, London United, UK, 2019: 167–180. doi: 10.1145/3319535.3339809.
[6]	MAAR L, GAST S, UNTERGUGGENBERGER M, et al. SLUBStick: Arbitrary memory writes through practical software cross-cache attacks within the Linux kernel[C]. 33rd USENIX Security Symposium, Philadelphia, USA, 2024: 4051–4068.
[7]	BISWAS A K, GHOSAL D, and NAGARAJA S. A survey of timing channels and countermeasures[J]. ACM Computing Surveys, 2018, 50(1): 6. doi: 10.1145/3023872.
[8]	蓝泽如, 邱朋飞, 王春露, 等. 处理器硬件漏洞研究综述[J]. 电子与信息学报, 2025, 47(9): 3020–3037. doi: 10.11999/JEIT250357. LAN Zeru, QIU Pengfei, WANG Chunlu, et al. A survey of processor hardware vulnerability[J]. Journal of Electronics & Information Technology, 2025, 47(9): 3020–3037. doi: 10.11999/JEIT250357.
[9]	尹嘉伟, 李孟豪, 霍玮. 处理器微体系结构安全研究综述[J]. 信息安全学报, 2022, 7(4): 17–31. doi: 10.19363/J.cnki.cn10-1380/tn.2022.07.02. YIN Jiawei, LI Menghao, and HUO Wei. Survey on security researches of processor's microarchitecture[J]. Journal of Cyber Security, 2022, 7(4): 17–31. doi: 10.19363/J.cnki.cn10-1380/tn.2022.07.02.
[10]	刘畅, 黄祺霖, 刘煜川, 等. 处理器数据预取器安全研究综述[J]. 电子与信息学报, 2025, 47(9): 3038–3056. doi: 10.11999/JEIT250412. LIU Chang, HUANG Qilin, LIU Yuchuan, et al. A survey of data prefetcher security on modern processors[J]. Journal of Electronics & Information Technology, 2025, 47(9): 3038–3056. doi: 10.11999/JEIT250412.
[11]	GRAS B, RAZAVI K, BOS H, et al. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks[C]. 27th USENIX Security Symposium, Baltimore, USA, 2018: 955–972.
[12]	LIU Fangfei, YAROM Y, GE Qian, et al. Last-level cache side-channel attacks are practical[C]. IEEE Symposium on Security and Privacy, San Jose, USA, 2015: 605–622. doi: 10.1109/SP.2015.43.
[13]	EVTYUSHKIN D, PONOMAREV D, and ABU-GHAZALEH N. Jump over ASLR: Attacking branch predictors to bypass ASLR[C]. 49th Annual IEEE/ACM International Symposium on Microarchitecture, Taipei, China, 2016: 1–13. doi: 10.1109/MICRO.2016.7783743.
[14]	PESSL P, GRUSS D, MAURICE C, et al. DRAMA: Exploiting DRAM addressing for cross-CPU attacks[C]. 25th USENIX Security Symposium, Austin, USA, 2016: 565–581.
[15]	SONG Linke, PANG Zixuan, WANG Wenhao, et al. The early bird catches the leak: Unveiling timing side channels in LLM serving systems[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 11431–11446. doi: 10.1109/TIFS.2025.3622954.
[16]	CHOWDHURYY M H I, ZHENG Hao, and YAO Fan. MetaLeak: Uncovering side channels in secure processor architectures exploiting metadata[C]. ACM/IEEE 51st Annual International Symposium on Computer Architecture, Buenos Aires, Argentina, 2024: 693–707. doi: 10.1109/ISCA59077.2024.00056.
[17]	CHEN Congcong, CUI Jinhua, QU Gang, et al. Write+Sync: Software cache write covert channels exploiting memory-disk synchronization[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 8066–8078. doi: 10.1109/TIFS.2024.3414255.
[18]	XU Ke, TANG Ming, WANG Quancheng, et al. Exploitation of security vulnerability on retirement[C]. IEEE International Symposium on High-Performance Computer Architecture, Edinburgh, UK, 2024: 1–14. doi: 10.1109/HPCA57654.2024.00012.
[19]	WANG Han, TANG Ming, XU Ke, et al. Cache bandwidth contention leaks secrets[C]. Design, Automation & Test in Europe Conference & Exhibition, Valencia, Spain, 2024: 1–6. doi: 10.23919/DATE58400.2024.10546529.
[20]	CHIANG L C and LI S W. Reload+Reload: Exploiting cache and memory contention side channel on AMD SEV[C]. 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Rotterdam, Netherlands, 2025: 1014–1027. doi: 10.1145/3676641.3716017.
[21]	BOSTANCI F N, CANPOLAT O, OLGUN A, et al. Understanding and mitigating covert channel and side channel vulnerabilities introduced by RowHammer defenses[C]. 58th IEEE/ACM International Symposium on Microarchitecture, Seoul, South Korea, 2025: 1412–1432. doi: 10.1145/3725843.3756029.
[22]	MAAR L, JUFFINGER J, STEINBAUER T, et al. KernelSnitch: Side channel-attacks on kernel data structures[C]. 32nd Annual Network and Distributed System Security Symposium, San Diego, USA, 2025: 1–20.
[23]	JIANG Qisheng and WANG Chundong. Sync+Sync: A covert channel built on fsync with storage[C]. 33rd USENIX Security Symposium, Philadelphia, USA, 2024: 1–18.
[24]	PACCAGNELLA R, LUO Licheng, and FLETCHER C W. Lord of the ring(s): Side channel attacks on the CPU on-chip ring interconnect are practical[C]. 30th USENIX Security Symposium, 2021: 645–662. (查阅网上资料, 未找到本条文献出版地信息, 请确认并补充).
[25]	TAN Mingtian, WAN Junpeng, ZHOU Zhe, et al. Invisible probe: Timing attacks with PCIe congestion side-channel[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2021: 322–338. doi: 10.1109/SP40001.2021.00059.
[26]	WAN Junpeng, BI Yanxiang, ZHOU Zhe, et al. MeshUp: Stateless cache side-channel attack on CPU mesh[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2022: 1506–1524. doi: 10.1109/SP46214.2022.9833794.
[27]	SHEN Chaoqun, ZHANG Jiliang, and QU Gang. MES-attacks: Software-controlled covert channels based on mutual exclusion and synchronization[C]. 60th ACM/IEEE Design Automation Conference, San Francisco, USA, 2023: 1–6. doi: 10.1109/DAC56929.2023.10247792.
[28]	ZHANG Jiliang, SHEN Chaoqun, and QU Gang. Mex+Sync: Software covert channels exploiting mutual exclusion and synchronization[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2023, 42(12): 4491–4504. doi: 10.1109/TCAD.2023.3291669.
[29]	ZHANG Xin, ZHANG Zhi, SHEN Qingni, et al. SegScope: Probing fine-grained interrupts via architectural footprints[C]. IEEE International Symposium on High-Performance Computer Architecture, Edinburgh, UK, 2024: 424–438. doi: 10.1109/HPCA57654.2024.00039.
[30]	ZHANG Xin, ZHANG Zhi, SHEN Qingni, et al. ThermalScope: A practical interrupt side channel attack based on thermal event interrupts[C]. 61st ACM/IEEE Design Automation Conference, San Francisco, USA, 2024: 28. doi: 10.1145/3649329.3656525.
[31]	SCHWARZ M, LIPP M, GRUSS D, et al. KeyDrown: Eliminating software-based keystroke timing side-channel attacks[C]. 25th Network and Distributed System Security Symposium, San Diego, USA, 2018: 1–15.
[32]	ZHANG Ruiyi, KIM T, WEBER D, et al. (M)WAIT for it: Bridging the gap between microarchitectural and architectural side channels[C]. 32nd USENIX Security Symposium, Anaheim, USA, 2023: 7267–7284.
[33]	SUZAKI K, IIJIMA K, YAGI T, et al. Memory deduplication as a threat to the guest OS[C]. Fourth European Workshop on System Security, Salzburg, Austria, 2011: 1. doi: 10.1145/1972551.1972552.
[34]	STECKLINA J and PRESCHER T. LazyFP: Leaking FPU register state using microarchitectural side-channels[J]. arXiv preprint arXiv: 1806.07480, 2018. doi: 10.48550/arXiv.1806.07480.(查阅网上资料,请核对文献类型及格式是否正确).
[35]	CHEN Boru, WANG Yingchen, SHOME P, et al. GoFetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers[C]. 33rd USENIX Security Symposium, Philadelphia, USA, 2024: 1117–1134.
[36]	CHEN Yun, HAJIABADI A, PEI Lingfeng, et al. PREFETCHX: Cross-core cache-agnostic prefetcher-based side-channel attacks[C]. IEEE International Symposium on High-Performance Computer Architecture, Edinburgh, UK, 2024: 395–408. doi: 10.1109/HPCA57654.2024.00037.
[37]	ZHANG Zhiyuan, TAO Mingtian, O’CONNELL S, et al. BunnyHop: Exploiting the instruction prefetcher[C]. 32nd USENIX Security Symposium, Anaheim, USA, 2023: 7321–7337.
[38]	GUO Yanan, ZIGERELLI A, ZHANG Youtao, et al. Adversarial prefetch: New cross-core cache side channel attacks[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2022: 1458–1473. doi: 10.1109/SP46214.2022.9833692.
[39]	MAISURADZE G and ROSSOW C. ret2spec: Speculative execution using return stack buffers[C]. ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, 2018: 2109–2122. doi: 10.1145/3243734.3243761.
[40]	VAN SCHAIK S, MILBURN A, OSTERLUND S, et al. RIDL: Rogue in-flight data load[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2019: 88–105. doi: 10.1109/SP.2019.00087.
[41]	CANELLA C, GENKIN D, GINER L, et al. Fallout: Leaking data on meltdown-resistant CPUs[C]. ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 769–784. doi: 10.1145/3319535.3363219.
[42]	LIU Chang, LI Zhouyang, WANG Haixia, et al. Exploiting ARMeD channels by reverse engineering ARM memory disambiguation unit[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2026, 45(2): 1075–1088. doi: 10.1109/TCAD.2025.3585078.
[43]	郭佳益, 邱朋飞, 苑洁, 等. 利用循环预测执行机制实现新型瞬态执行攻击[J]. 电子与信息学报, 2025, 47(9): 3363–3373. doi: 10.11999/JEIT250361. GUO Jiayi, QIU Pengfei, YUAN Jie, et al. A novel transient execution attack exploiting loop prediction mechanisms[J]. Journal of Electronics & Information Technology, 2025, 47(9): 3363–3373. doi: 10.11999/JEIT250361.
[44]	VAN BULCK J, MINKIN M, WEISSE O, et al. Foreshadow: Extracting the keys to the intel SGX Kingdom with transient out-of-order execution[C]. 27th USENIX Security Symposium, Baltimore, USA, 2018: 991–1008.
[45]	BRIONGOS S, MALAGÓN P, MOYA J M, et al. RELOAD+REFRESH: Abusing cache replacement policies to perform stealthy cache attacks[C]. 29th USENIX Security Symposium, 2020: 1967–1984. (查阅网上资料, 未找到本条文献出版地信息, 请确认并补充).
[46]	LIU Chang, LYU Yongqiang, WANG Haixia, et al. Leaky MDU: ARM memory disambiguation unit uncovered and vulnerabilities exposed[C]. 60th ACM/IEEE Design Automation Conference, San Francisco, USA, 2023: 1–6. doi: 10.1109/DAC56929.2023.10247985.
[47]	VOUGIOUKAS I, NIKOLERIS N, SANDBERG A, et al. BRB: Mitigating branch predictor side-channels[C]. IEEE International Symposium on High Performance Computer Architecture, Washington, USA, 2019: 466–477. doi: 10.1109/HPCA.2019.00058.
[48]	ZHAO Lutan, LI Peinan, HOU Rui, et al. A lightweight isolation mechanism for secure branch predictors[C]. 58th ACM/IEEE Design Automation Conference, San Francisco, USA, 2021: 1267–1272. doi: 10.1109/DAC18074.2021.9586178.
[49]	ZHAO Lutan, LI Peinan, HOU Rui, et al. HyBP: Hybrid isolation-randomization secure branch predictor[C]. IEEE International Symposium on High-Performance Computer Architecture, Seoul, South Korea, 2022: 346–359. doi: 10.1109/HPCA53966.2022.00033.
[50]	TAN Qinhan, ZENG Zhihua, BU Kai, et al. PhantomCache: Obfuscating cache conflicts with localized randomization[C]. 27th Annual Network and Distributed Systems Security Symposium, San Diego, USA, 2020: 1–17.
[51]	KIRIANSKY V, LEBEDEV I, AMARASINGHE S, et al. DAWG: A defense against cache timing attacks in speculative execution processors[C]. 51st Annual IEEE/ACM International Symposium on Microarchitecture, Fukuoka, Japan, 2018: 974–987. doi: 10.1109/MICRO.2018.00083.
[52]	REIS C, MOSHCHUK A, and OSKOV N. Site isolation: Process separation for web sites within the browser[C]. 28th USENIX Security Symposium, Santa Clara, USA, 2019: 1661–1678.
[53]	GRUSS D, LIPP M, SCHWARZ M, et al. KASLR is dead: Long live KASLR[C]. 9th International Symposium on Engineering Secure Software and Systems, Bonn, Germany, 2017: 161–176. doi: 10.1007/978-3-319-62105-0_11.
[54]	HARRIS S. Retpoline: A software construct for preventing branch-target-injection[EB/OL]. https://harukizaemon.com/links/2018/01/15/retpoline-a-software-construct-for-preventing-branch-target-injection/, 2018.
[55]	TARAM M, VENKAT A, and TULLSEN D. Context-Sensitive fencing: Securing speculative execution via microcode customization[C]. Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, Providence, USA, 2019: 395–410. doi: 10.1145/3297858.3304060.
[56]	YAN Mengjia, CHOI J, SKARLATOS D, et al. InvisiSpec: Making speculative execution invisible in the cache hierarchy[C]. 51st Annual IEEE/ACM International Symposium on Microarchitecture, Fukuoka, Japan, 2018: 428–441. doi: 10.1109/MICRO.2018.00042.
[57]	LI Mengming, BU Kai, MIAO Chenlu, et al. TreasureCache: Hiding cache evictions against side-channel attacks[J]. IEEE Transactions on Dependable and Secure Computing, 2024, 21(5): 4574–4588. doi: 10.1109/TDSC.2024.3354991.
[58]	SAILESHWAR G and QURESHI M K. CleanupSpec: An “Undo” approach to safe speculation[C]. 52nd Annual IEEE/ACM International Symposium on Microarchitecture, Columbus, USA, 2019: 73–86. doi: 10.1145/3352460.3358314.
[59]	WEISSE O, NEAL I, LOUGHLIN K, et al. NDA: Preventing speculative execution attacks at their source[C]. 52nd Annual IEEE/ACM International Symposium on Microarchitecture, Columbus, USA, 2019: 572–586. doi: 10.1145/3352460.3358306.
[60]	CHENG Xiaoyu, TONG Fei, ZHOU Zhe, et al. SCSGuardian: A practical hardware defense against speculative cache side-channel attacks[J]. IEEE Transactions on Information Forensics and Security, 2025, 20: 8833–8847. doi: 10.1109/TIFS.2025.3598478.
[61]	SCHLÜTER T and TIPPENHAUER N O. PreFence: A fine-grained and scheduling-aware defense against prefetching-based attacks[C]. 10th IEEE European Symposium on Security and Privacy, Venice, Italy, 2025: 374–394. doi: 10.1109/EuroSP63326.2025.00030.
[62]	FANG Hongyu, DOROSLOVAČKI M, and VENKATARAMANI G. Reuse-trap: Re-purposing cache reuse distance to defend against side channel leakage[C]. 57th ACM/IEEE Design Automation Conference, San Francisco, USA, 2020: 1–6. doi: 10.1109/DAC18072.2020.9218725.
[63]	LI Luyi, HUANG Jiayi, FENG Lang, et al. Prefender: A prefetching defender against cache side channel attacks as a pretender[J]. IEEE Transactions on Computers, 2024, 73(6): 1457–1471. doi: 10.1109/TC.2024.3377891.
[64]	GUARNIERI M, KOPF B, MORALES J F, et al. Spectector: Principled detection of speculative information flows[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2020: 1–19. doi: 10.1109/SP40000.2020.00011.
[65]	QI Zhenxiao, FENG Qian, CHENG Yueqiang, et al. SpecTaint: Speculative taint analysis for discovering spectre gadgets[C]. 28th Annual Network and Distributed Systems Security Symposium, 2021: 1–14. (查阅网上资料, 未找到本条文献出版地信息, 请确认并补充).
[66]	CUI Jinhua, YIN Yiyun, CHEN Congcong, et al. Spoiler-alert: Detecting spoiler attacks using a cuckoo filter[C]. Design, Automation & Test in Europe Conference & Exhibition, Antwerp, Belgium, 2023: 1–6. doi: 10.23919/DATE56975.2023.10137180.
[67]	WICHELMANN J, RABICH A, PÄTSCHKE A, et al. Obelix: Mitigating side-channels through dynamic obfuscation[C]. IEEE Symposium on Security and Privacy, San Francisco, USA, 2024: 4182–4199. doi: 10.1109/SP54263.2024.00261.
[68]	SONG Wei, XUE Zihan, HAN Jinchi, et al. Randomizing set-associative caches against conflict-based cache side-channel attacks[J]. IEEE Transactions on Computers, 2024, 73(4): 1019–1033. doi: 10.1109/TC.2024.3349659.
[69]	CHOWDHURYY M H I and YAO Fan. IvLeague: Side channel-resistant secure architectures using isolated domains of dynamic integrity trees[C]. 57th IEEE/ACM International Symposium on Microarchitecture, Austin, USA, 2024: 1153–1168. doi: 10.1109/MICRO61859.2024.00087.
[70]	ZHU Yongye, CHEN Boru, ZHAO Z N, et al. Controlled preemption: Amplifying side-channel attacks from userspace[C]. 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Rotterdam, Netherlands, 2025: 162–177. doi: 10.1145/3676641.3715985.
[71]	FADIHEH M R, WEZEL A, MULLER J, et al. An exhaustive approach to detecting transient execution side channels in RTL designs of processors[J]. IEEE Transactions on Computers, 2023, 72(1): 222–235. doi: 10.1109/TC.2022.3152666.
[72]	ROSTAMI M, ZEITOUNI S, KANDE R, et al. Lost and found in speculation: Hybrid speculative vulnerability detection[C]. 61st ACM/IEEE Design Automation Conference, San Francisco, USA, 2024: 294. doi: 10.1145/3649329.3658469.
[73]	XU Jinyan, ZHOU Yangye, ZHANG Xingzhi, et al. DejaVuzz: Disclosing transient execution bugs with dynamic swappable memory and differential information flow tracking assisted processor fuzzing[C]. 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Rotterdam, Netherlands, 2025: 64–80. doi: 10.1145/3676642.3736115.
[74]	BORKAR P, CHEN Chen, ROSTAMI M, et al. WhisperFuzz: White-box fuzzing for detecting and locating timing vulnerabilities in processors[C]. 33rd USENIX Security Symposium, Philadelphia, USA, 2024: 5377–5394.
[75]	ZHANG Shixuan, WANG Haixia, QIU Pengfei, et al. SCAFinder: Formal verification of cache fine-grained features for side channel detection[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 8079–8093. doi: 10.1109/TIFS.2024.3452002.
[76]	ZHANG Kanqi, LI Peinan, LI Miao, et al. Sonar: A hardware fuzzing framework to uncover contention side channels in processors[C]. IEEE/ACM International Symposium on Microarchitecture, Seoul, South Korea, 2025: 125–139. doi: 10.1145/3725843.3756136.
[77]	GRAS B, GIUFFRIDA C, KURTH M, et al. ABSynthe: Automatic Blackbox side-channel synthesis on commodity microarchitectures[C]. 27th Annual Network and Distributed System Security Symposium, San Diego, USA, 2020: 1–18. doi: 10.14722/ndss.2020.23018.
[78]	WEBER D, IBRAHIM A, NEMATI H, et al. Osiris: Automated discovery of microarchitectural side channels[C]. 30th USENIX Security Symposium, Vancouver, Canada, 2021: 1415–1432. (查阅网上资料, 未找到本条文献出版地信息, 请确认).
[79]	OLEKSENKO O, FETZER C, KÖPF B, et al. Revizor: Testing black-box CPUs against speculation contracts[J]. IEEE Micro, 2023, 43(4): 37–44. doi: 10.1109/MM.2023.3273009.
[80]	THOMAS F, ARRIBAS E G, HETTERICH L, et al. RISCover: Automatic discovery of user-exploitable architectural security vulnerabilities in closed-source RISC-V CPUs[C]. ACM SIGSAC Conference on Computer and Communications Security, Taipei, China, 2025: 3326–3340. doi: 10.1145/3719027.3765141.
[81]	THOMAS F, TORRES M, MOGHIMI D, et al. ExfilState: Automated discovery of timer-free cache side channels on ARM CPUs[C]. ACM SIGSAC Conference on Computer and Communications Security, Taipei, China, 2025: 2564–2578. doi: 10.1145/3719027.3765061.
[82]	WANG Xinrui, FENG Lang, WANG Yujie, et al. Resister: A resilient interposer architecture for chiplet to mitigate timing side-channel attacks[J]. ACM Transactions on Design Automation of Electronic Systems, 2025, 30(5): 76. doi: 10.1145/3748258.