{"id":"https://openalex.org/W4410660779","doi":"https://doi.org/10.1109/access.2025.3573038","title":"Timing and Speculative Execution Attacks: Defeating State-of-the-Art Code-Reuse Defenses","display_name":"Timing and Speculative Execution Attacks: Defeating State-of-the-Art Code-Reuse Defenses","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4410660779","doi":"https://doi.org/10.1109/access.2025.3573038"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3573038","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3573038","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3573038","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102880118","display_name":"Tong-Tong Zhang","orcid":"https://orcid.org/0009-0003-3337-7357"},"institutions":[{"id":"https://openalex.org/I4210096899","display_name":"Jiangsu University of Science and Technology","ror":"https://ror.org/00tyjp878","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210096899"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhang Tianning","raw_affiliation_strings":["College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China","Jiangsu University of Science and Technology, Zhenjiang, China"],"raw_orcid":"https://orcid.org/0009-0003-3337-7357","affiliations":[{"raw_affiliation_string":"College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China","institution_ids":["https://openalex.org/I4210096899"]},{"raw_affiliation_string":"Jiangsu University of Science and Technology, Zhenjiang, China","institution_ids":["https://openalex.org/I4210096899"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002618939","display_name":"Miao Cai","orcid":"https://orcid.org/0000-0003-0170-6905"},"institutions":[{"id":"https://openalex.org/I9842412","display_name":"Nanjing University of Aeronautics and Astronautics","ror":"https://ror.org/01scyh794","country_code":"CN","type":"education","lineage":["https://openalex.org/I9842412"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Cai Miao","raw_affiliation_strings":["College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China","Nanjing University of Aeronautics and Astronautics, Nanjing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China","institution_ids":["https://openalex.org/I9842412"]},{"raw_affiliation_string":"Nanjing University of Aeronautics and Astronautics, Nanjing, China","institution_ids":["https://openalex.org/I9842412"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100783976","display_name":"Diming Zhang","orcid":"https://orcid.org/0000-0001-6256-5638"},"institutions":[{"id":"https://openalex.org/I4210096899","display_name":"Jiangsu University of Science and Technology","ror":"https://ror.org/00tyjp878","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210096899"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhang Diming","raw_affiliation_strings":["College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China","Jiangsu University of Science and Technology, Zhenjiang, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"College of Computer Science, Jiangsu University of Science and Technology, Zhenjiang, China","institution_ids":["https://openalex.org/I4210096899"]},{"raw_affiliation_string":"Jiangsu University of Science and Technology, Zhenjiang, China","institution_ids":["https://openalex.org/I4210096899"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5024772368","display_name":"Hao Huang","orcid":"https://orcid.org/0000-0001-6604-0951"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huang Hao","raw_affiliation_strings":["Department of Computer Science and Technology, Nanjing University, Nanjing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science and Technology, Nanjing University, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102880118"],"corresponding_institution_ids":["https://openalex.org/I4210096899"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.04992328,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"13","issue":null,"first_page":"93084","last_page":"93101"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.9965999722480774,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9952999949455261,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8248151540756226},{"id":"https://openalex.org/keywords/code-reuse","display_name":"Code reuse","score":0.7113872170448303},{"id":"https://openalex.org/keywords/reuse","display_name":"Reuse","score":0.7031438946723938},{"id":"https://openalex.org/keywords/speculative-multithreading","display_name":"Speculative multithreading","score":0.6677517890930176},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.6173263192176819},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.6020159125328064},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.5428178310394287},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5325129628181458},{"id":"https://openalex.org/keywords/speculative-execution","display_name":"Speculative execution","score":0.4646904468536377},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.38447242975234985},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3521084487438202},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1410752236843109},{"id":"https://openalex.org/keywords/multithreading","display_name":"Multithreading","score":0.06848996877670288}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8248151540756226},{"id":"https://openalex.org/C2778583558","wikidata":"https://www.wikidata.org/wiki/Q771245","display_name":"Code reuse","level":3,"score":0.7113872170448303},{"id":"https://openalex.org/C206588197","wikidata":"https://www.wikidata.org/wiki/Q846574","display_name":"Reuse","level":2,"score":0.7031438946723938},{"id":"https://openalex.org/C15296174","wikidata":"https://www.wikidata.org/wiki/Q7575343","display_name":"Speculative multithreading","level":4,"score":0.6677517890930176},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.6173263192176819},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.6020159125328064},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.5428178310394287},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5325129628181458},{"id":"https://openalex.org/C141331961","wikidata":"https://www.wikidata.org/wiki/Q2164465","display_name":"Speculative execution","level":2,"score":0.4646904468536377},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.38447242975234985},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3521084487438202},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1410752236843109},{"id":"https://openalex.org/C201410400","wikidata":"https://www.wikidata.org/wiki/Q1064412","display_name":"Multithreading","level":3,"score":0.06848996877670288},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C138101251","wikidata":"https://www.wikidata.org/wiki/Q213092","display_name":"Thread (computing)","level":2,"score":0.0},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3573038","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3573038","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:5f387751dbd84ad2b846ed59ca25745d","is_oa":true,"landing_page_url":"https://doaj.org/article/5f387751dbd84ad2b846ed59ca25745d","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 93084-93101 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3573038","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3573038","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4292243829","display_name":null,"funder_award_id":"BK20220973","funder_id":"https://openalex.org/F4320322769","funder_display_name":"Natural Science Foundation of Jiangsu Province"},{"id":"https://openalex.org/G5559275507","display_name":null,"funder_award_id":"NS2024057","funder_id":"https://openalex.org/F4320335787","funder_display_name":"Fundamental Research Funds for the Central Universities"}],"funders":[{"id":"https://openalex.org/F4320322769","display_name":"Natural Science Foundation of Jiangsu Province","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320325854","display_name":"Council for Science, Technology and Innovation","ror":null},{"id":"https://openalex.org/F4320335787","display_name":"Fundamental Research Funds for the Central Universities","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":43,"referenced_works":["https://openalex.org/W50107694","https://openalex.org/W1499791368","https://openalex.org/W1508634734","https://openalex.org/W1531820677","https://openalex.org/W1613874182","https://openalex.org/W1740185811","https://openalex.org/W1963947298","https://openalex.org/W1965071495","https://openalex.org/W1968002620","https://openalex.org/W1992291252","https://openalex.org/W1994342242","https://openalex.org/W2003619630","https://openalex.org/W2022018347","https://openalex.org/W2089448621","https://openalex.org/W2109219878","https://openalex.org/W2131202839","https://openalex.org/W2154555738","https://openalex.org/W2155810272","https://openalex.org/W2168843528","https://openalex.org/W2293825325","https://openalex.org/W2295234910","https://openalex.org/W2510394756","https://openalex.org/W2725598243","https://openalex.org/W2775990858","https://openalex.org/W2810584084","https://openalex.org/W2963120920","https://openalex.org/W2967970333","https://openalex.org/W2979547870","https://openalex.org/W3042840909","https://openalex.org/W3131816193","https://openalex.org/W4220832017","https://openalex.org/W4233119454","https://openalex.org/W4288057752","https://openalex.org/W4300807510","https://openalex.org/W4319079638","https://openalex.org/W6602906054","https://openalex.org/W6635629245","https://openalex.org/W6636574085","https://openalex.org/W6636991409","https://openalex.org/W6678545021","https://openalex.org/W6723399092","https://openalex.org/W6727158905","https://openalex.org/W7062072610"],"related_works":["https://openalex.org/W2033801100","https://openalex.org/W2124112831","https://openalex.org/W10893106","https://openalex.org/W1936132780","https://openalex.org/W2371844484","https://openalex.org/W2765149243","https://openalex.org/W2741344640","https://openalex.org/W2586771600","https://openalex.org/W2905048389","https://openalex.org/W2913814439"],"abstract_inverted_index":{"Recently,":[0],"numerous":[1],"effective":[2],"defensive":[3],"strategies":[4],"like":[5,127],"ASLR":[6,129],"and":[7,101,116,130,152],"execute-no-read":[8],"have":[9],"been":[10],"put":[11],"forward":[12],"to":[13,84,143],"counter":[14],"code-reuse":[15,63,105],"attacks":[16,113,151],"in":[17,39],"software":[18],"systems.":[19],"These":[20],"methods":[21],"safeguard":[22],"systems":[23],"robustly":[24],"by":[25],"addressing":[26],"randomization":[27],"or":[28],"memory":[29],"access":[30],"constraints.":[31],"However,":[32],"this":[33],"paper":[34],"uncovers":[35],"a":[36,49,62,104],"novel":[37],"vulnerability":[38],"these":[40,149],"approaches:":[41],"the":[42,54,72,157],"lack":[43],"of":[44],"time":[45,73,93],"protection.":[46],"We":[47,134,147],"present":[48],"new":[50],"assault":[51],"method":[52],"named":[53],"timing":[55],"function":[56,91],"attack.":[57,106],"This":[58],"attack":[59,64],"can":[60,76,124],"initiate":[61],"even":[65],"against":[66],"cutting-edge":[67],"defense":[68,154],"techniques.":[69],"By":[70],"exploiting":[71],"channel,":[74],"we":[75,89,111],"obtain":[77],"crucial":[78],"security":[79],"information":[80],"despite":[81],"previous":[82],"attempts":[83],"hide":[85],"spatial":[86],"details.":[87],"Specifically,":[88],"use":[90],"execution":[92,141],"for":[94,159],"side-channel":[95],"attacks,":[96],"de-randomize":[97],"code":[98],"segment":[99],"layouts":[100],"then":[102],"execute":[103],"To":[107],"verify":[108],"its":[109],"practicality,":[110],"conduct":[112],"on":[114],"ChakraCore":[115],"Chrome":[117],"v8":[118],"JavaScript":[119],"engines.":[120],"Results":[121],"show":[122],"it":[123],"bypass":[125,144],"defenses":[126],"function-granularity":[128],"XnR,":[131],"escalating":[132],"privileges.":[133],"also":[135],"introduce":[136],"SAROP,":[137],"which":[138],"uses":[139],"speculative":[140],"vulnerabilities":[142],"address":[145],"randomization.":[146],"compare":[148],"two":[150],"discuss":[153],"mechanisms,":[155],"emphasizing":[156],"need":[158],"multi-layered":[160],"security.":[161]},"counts_by_year":[],"updated_date":"2026-05-06T08:25:59.206177","created_date":"2025-10-10T00:00:00"}