{"id":"https://openalex.org/W4288057719","doi":"https://doi.org/10.1109/sp46214.2022.9833599","title":"Finding and Exploiting CPU Features using MSR Templating","display_name":"Finding and Exploiting CPU Features using MSR Templating","publication_year":2022,"publication_date":"2022-05-01","ids":{"openalex":"https://openalex.org/W4288057719","doi":"https://doi.org/10.1109/sp46214.2022.9833599"},"language":"en","primary_location":{"id":"doi:10.1109/sp46214.2022.9833599","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833599","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/Finding_and_Exploiting_CPU_Features_using_MSR_Templating/24614148","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063363138","display_name":"Andreas Kogler","orcid":"https://orcid.org/0009-0003-7314-9033"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Andreas Kogler","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032066840","display_name":"Daniel Weber","orcid":"https://orcid.org/0000-0002-1197-114X"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Weber","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086084863","display_name":"Martin Haubenwallner","orcid":null},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Martin Haubenwallner","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056935116","display_name":"Moritz Lipp","orcid":null},"institutions":[{"id":"https://openalex.org/I1311688040","display_name":"Amazon (United States)","ror":"https://ror.org/04mv4n011","country_code":"US","type":"company","lineage":["https://openalex.org/I1311688040"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Moritz Lipp","raw_affiliation_strings":["Amazon Web Services"],"affiliations":[{"raw_affiliation_string":"Amazon Web Services","institution_ids":["https://openalex.org/I1311688040"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066874310","display_name":"Daniel Gruss","orcid":"https://orcid.org/0000-0002-7977-3246"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Daniel Gruss","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070469078","display_name":"Michael Schwarz","orcid":"https://orcid.org/0000-0001-6744-3410"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Schwarz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5063363138"],"corresponding_institution_ids":["https://openalex.org/I4092182"],"apc_list":null,"apc_paid":null,"fwci":0.3141,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.50166958,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":96},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9932000041007996,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9758999943733215,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8367926478385925},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.7153741121292114},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.49946117401123047},{"id":"https://openalex.org/keywords/debugging","display_name":"Debugging","score":0.49856090545654297},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.4669787585735321},{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.45095932483673096},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.4442770183086395}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8367926478385925},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.7153741121292114},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.49946117401123047},{"id":"https://openalex.org/C168065819","wikidata":"https://www.wikidata.org/wiki/Q845566","display_name":"Debugging","level":2,"score":0.49856090545654297},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.4669787585735321},{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.45095932483673096},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.4442770183086395}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/sp46214.2022.9833599","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46214.2022.9833599","pdf_url":null,"source":{"id":"https://openalex.org/S4363606603","display_name":"2022 IEEE Symposium on Security and Privacy (SP)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},{"id":"pmh:oai:figshare.com:article/24614148","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Finding_and_Exploiting_CPU_Features_using_MSR_Templating/24614148","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"doi:10.60882/cispa.24614148.v1","is_oa":true,"landing_page_url":"https://doi.org/10.60882/cispa.24614148.v1","pdf_url":null,"source":{"id":"https://openalex.org/S7407050916","display_name":"CISPA Helmholtz Center","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/24614148","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Finding_and_Exploiting_CPU_Features_using_MSR_Templating/24614148","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[{"score":0.5600000023841858,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":44,"referenced_works":["https://openalex.org/W116902681","https://openalex.org/W2024540116","https://openalex.org/W2171667830","https://openalex.org/W2469208367","https://openalex.org/W2519006453","https://openalex.org/W2532499458","https://openalex.org/W2593994116","https://openalex.org/W2594560662","https://openalex.org/W2604789199","https://openalex.org/W2744509465","https://openalex.org/W2751428564","https://openalex.org/W2769061097","https://openalex.org/W2883613460","https://openalex.org/W2884163605","https://openalex.org/W2888798936","https://openalex.org/W2897675008","https://openalex.org/W2900479912","https://openalex.org/W2936368424","https://openalex.org/W2954241526","https://openalex.org/W2963237187","https://openalex.org/W2963311060","https://openalex.org/W2976763854","https://openalex.org/W2981343730","https://openalex.org/W2982848142","https://openalex.org/W2985076257","https://openalex.org/W3015844221","https://openalex.org/W3021358986","https://openalex.org/W3048784143","https://openalex.org/W3096773319","https://openalex.org/W3112409568","https://openalex.org/W3153001680","https://openalex.org/W4213364828","https://openalex.org/W4300402905","https://openalex.org/W6604828220","https://openalex.org/W6712237015","https://openalex.org/W6720296912","https://openalex.org/W6727080473","https://openalex.org/W6734345789","https://openalex.org/W6736329903","https://openalex.org/W6743549341","https://openalex.org/W6753443810","https://openalex.org/W6756740455","https://openalex.org/W6777023048","https://openalex.org/W6902533906"],"related_works":["https://openalex.org/W1997369499","https://openalex.org/W2766515706","https://openalex.org/W2032227989","https://openalex.org/W2068239131","https://openalex.org/W2978026406","https://openalex.org/W2388687068","https://openalex.org/W1999657508","https://openalex.org/W2399091034","https://openalex.org/W2351581202","https://openalex.org/W2366922255"],"abstract_inverted_index":{"To":[0],"ensure":[1],"backward":[2],"compatibility":[3],"while":[4],"adding":[5],"new":[6],"features":[7,189,292],"to":[8,64,71,101,153,156,161,229],"CPUs,":[9],"CPU":[10,15,296],"vendors":[11],"enable":[12],"a":[13,45,99,224,251,272],"limited":[14],"configuration":[16,66,74,85],"via":[17],"so-called":[18],"model-specific":[19],"registers":[20],"(MSRs).":[21],"These":[22],"MSRs":[23,39,52,82,220,234],"have":[24],"been":[25],"introduced":[26],"for":[27,223,291],"various":[28],"features,":[29],"such":[30,131],"as":[31,132],"debugging,":[32],"performance":[33],"monitoring,":[34],"or":[35,49,281],"security.":[36],"While":[37],"many":[38],"are":[40,279],"documented,":[41],"there":[42],"is":[43,69,263,289],"still":[44],"plethora":[46],"of":[47,109,203,210,219],"undocumented":[48,143,231,247,253],"sparsely":[50],"documented":[51,245],"in":[53],"modern":[54],"CPUs.":[55,95],"Furthermore,":[56],"with":[57,191,256,295],"multiple":[58],"hundred":[59],"MSRs,":[60,248],"each":[61],"providing":[62],"up":[63],"64":[65],"bits,":[67],"it":[68],"tedious":[70],"find":[72,113],"specific":[73,237],"options.":[75],"In":[76,207],"this":[77,165],"paper,":[78],"we":[79,139,171,185,214,249,270],"show":[80,120,140,186,215],"that":[81,105,121,141,187,216,287],"and":[83,93,111,135,232,235,246,269],"their":[84],"bits":[86,104,114,124],"can":[87,125,194],"be":[88,195],"detected":[89],"automatically":[90,102],"on":[91],"Intel":[92],"AMD":[94],"We":[96,119],"introduce":[97],"MSRevelio,":[98],"framework":[100],"detect":[103],"influence":[106],"the":[107,174,179,200,204,211,257],"behavior":[108],"instructions":[110],"semi-automatically":[112],"controlled":[115],"by":[116,178],"BIOS":[117],"settings.":[118],"previously":[122,252],"overlooked":[123],"harden":[126],"systems":[127],"against":[128],"microarchitectural":[129],"attacks":[130],"Medusa,":[133],"CrossTalk,":[134],"software-prefetch":[136],"attacks.":[137,163],"Additionally,":[138],"an":[142,157,168],"lock":[144],"bit":[145],"allows":[146],"disabling":[147],"AES-NI":[148],"at":[149],"runtime,":[150],"forcing":[151],"mbedTLS":[152],"fall":[154],"back":[155],"AES":[158,175],"implementation":[159],"vulnerable":[160],"cache":[162],"Exploiting":[164],"fallback":[166],"inside":[167],"SGX":[169],"enclave,":[170],"fully":[172],"recover":[173],"key":[176],"used":[177],"enclave.":[180],"With":[181],"our":[182,208],"detection":[183],"approach,":[184],"security":[188],"retrofitted":[190],"microcode":[192],"updates":[193],"easily":[196],"detected,":[197],"even":[198],"before":[199],"public":[201],"documentation":[202],"underlying":[205],"vulnerability.":[206],"analysis":[209,243],"Xen":[212,238,267],"hypervisor,":[213],"Xen\u2019s":[217],"handling":[218],"was":[221],"flawed":[222],"long":[225],"time,":[226],"allowing":[227],"guests":[228],"access":[230],"unhandled":[233],"fingerprint":[236],"versions.":[239],"Using":[240],"automated":[241],"correlation":[242],"between":[244],"discover":[250],"MSR":[254,262],"correlating":[255],"CPU\u2019s":[258],"timestamp":[259],"counter.":[260],"This":[261],"also":[264],"accessible":[265],"from":[266],"guests,":[268],"demonstrate":[271],"Foreshadow":[273],"attack":[274],"when":[275],"all":[276],"other":[277],"timers":[278],"unavailable":[280],"artificially":[282],"deteriorated.":[283],"Our":[284],"results":[285],"highlight":[286],"transparency":[288],"crucial":[290],"interacting":[293],"closely":[294],"internals.":[297]},"counts_by_year":[{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-25T14:56:36.534964","created_date":"2025-10-10T00:00:00"}