{"id":"https://openalex.org/W3214159282","doi":"https://doi.org/10.1109/sp46215.2023.10179297","title":"Practical Timing Side-Channel Attacks on Memory Compression","display_name":"Practical Timing Side-Channel Attacks on Memory Compression","publication_year":2023,"publication_date":"2023-05-01","ids":{"openalex":"https://openalex.org/W3214159282","doi":"https://doi.org/10.1109/sp46215.2023.10179297","mag":"3214159282"},"language":"en","primary_location":{"id":"doi:10.1109/sp46215.2023.10179297","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179297","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5051619555","display_name":"Martin Schwarzl","orcid":"https://orcid.org/0009-0002-3760-1929"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":true,"raw_author_name":"Martin Schwarzl","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084497101","display_name":"Pietro Borrello","orcid":"https://orcid.org/0000-0001-8684-5503"},"institutions":[{"id":"https://openalex.org/I861853513","display_name":"Sapienza University of Rome","ror":"https://ror.org/02be6w209","country_code":"IT","type":"education","lineage":["https://openalex.org/I861853513"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Pietro Borrello","raw_affiliation_strings":["Sapienza University of Rome"],"affiliations":[{"raw_affiliation_string":"Sapienza University of Rome","institution_ids":["https://openalex.org/I861853513"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071514906","display_name":"Gururaj Saileshwar","orcid":"https://orcid.org/0000-0003-3542-2548"},"institutions":[{"id":"https://openalex.org/I1304085615","display_name":"Nvidia (United Kingdom)","ror":"https://ror.org/02kr42612","country_code":"GB","type":"company","lineage":["https://openalex.org/I1304085615","https://openalex.org/I4210127875"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Gururaj Saileshwar","raw_affiliation_strings":["NVIDIA Research"],"affiliations":[{"raw_affiliation_string":"NVIDIA Research","institution_ids":["https://openalex.org/I1304085615"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084685268","display_name":"Hanna M\u00fcller","orcid":"https://orcid.org/0000-0002-4942-6673"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Hanna M\u00fcller","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070469078","display_name":"Michael Schwarz","orcid":"https://orcid.org/0000-0001-6744-3410"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Schwarz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security"],"affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5066874310","display_name":"Daniel Gruss","orcid":"https://orcid.org/0000-0002-7977-3246"},"institutions":[{"id":"https://openalex.org/I4092182","display_name":"Graz University of Technology","ror":"https://ror.org/00d7xrm67","country_code":"AT","type":"education","lineage":["https://openalex.org/I4092182"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Daniel Gruss","raw_affiliation_strings":["Graz University of Technology"],"affiliations":[{"raw_affiliation_string":"Graz University of Technology","institution_ids":["https://openalex.org/I4092182"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5051619555"],"corresponding_institution_ids":["https://openalex.org/I4092182"],"apc_list":null,"apc_paid":null,"fwci":1.7457,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.86973443,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1186","last_page":"1203"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8193314671516418},{"id":"https://openalex.org/keywords/side-channel-attack","display_name":"Side channel attack","score":0.6776983737945557},{"id":"https://openalex.org/keywords/compression-ratio","display_name":"Compression ratio","score":0.5790677666664124},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.5331211686134338},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.4857843220233917},{"id":"https://openalex.org/keywords/data-compression","display_name":"Data compression","score":0.4778582453727722},{"id":"https://openalex.org/keywords/latency","display_name":"Latency (audio)","score":0.45085495710372925},{"id":"https://openalex.org/keywords/compression","display_name":"Compression (physics)","score":0.4478703737258911},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3891753554344177},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35071277618408203},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3358156681060791},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.20111364126205444},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.10322058200836182}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8193314671516418},{"id":"https://openalex.org/C49289754","wikidata":"https://www.wikidata.org/wiki/Q2267081","display_name":"Side channel attack","level":3,"score":0.6776983737945557},{"id":"https://openalex.org/C25797200","wikidata":"https://www.wikidata.org/wiki/Q828137","display_name":"Compression ratio","level":3,"score":0.5790677666664124},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.5331211686134338},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.4857843220233917},{"id":"https://openalex.org/C78548338","wikidata":"https://www.wikidata.org/wiki/Q2493","display_name":"Data compression","level":2,"score":0.4778582453727722},{"id":"https://openalex.org/C82876162","wikidata":"https://www.wikidata.org/wiki/Q17096504","display_name":"Latency (audio)","level":2,"score":0.45085495710372925},{"id":"https://openalex.org/C180016635","wikidata":"https://www.wikidata.org/wiki/Q2712821","display_name":"Compression (physics)","level":2,"score":0.4478703737258911},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3891753554344177},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35071277618408203},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3358156681060791},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.20111364126205444},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.10322058200836182},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.0},{"id":"https://openalex.org/C159985019","wikidata":"https://www.wikidata.org/wiki/Q181790","display_name":"Composite material","level":1,"score":0.0},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.0},{"id":"https://openalex.org/C171146098","wikidata":"https://www.wikidata.org/wiki/Q124192","display_name":"Automotive engineering","level":1,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C511840579","wikidata":"https://www.wikidata.org/wiki/Q12757","display_name":"Internal combustion engine","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/sp46215.2023.10179297","is_oa":false,"landing_page_url":"https://doi.org/10.1109/sp46215.2023.10179297","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE Symposium on Security and Privacy (SP)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":70,"referenced_works":["https://openalex.org/W131431941","https://openalex.org/W1427174644","https://openalex.org/W1533145153","https://openalex.org/W1535015034","https://openalex.org/W1555558540","https://openalex.org/W1571203384","https://openalex.org/W1934458198","https://openalex.org/W1997775274","https://openalex.org/W2011408938","https://openalex.org/W2024171325","https://openalex.org/W2096449544","https://openalex.org/W2128985333","https://openalex.org/W2132064685","https://openalex.org/W2147758029","https://openalex.org/W2149425139","https://openalex.org/W2294648786","https://openalex.org/W2296391043","https://openalex.org/W2337480911","https://openalex.org/W2394798459","https://openalex.org/W2497845670","https://openalex.org/W2516668814","https://openalex.org/W2537031054","https://openalex.org/W2538893033","https://openalex.org/W2546922927","https://openalex.org/W2575293099","https://openalex.org/W2612454599","https://openalex.org/W2612687770","https://openalex.org/W2613534458","https://openalex.org/W2766540688","https://openalex.org/W2775990858","https://openalex.org/W2926085716","https://openalex.org/W2955155286","https://openalex.org/W2962832225","https://openalex.org/W2963047853","https://openalex.org/W2963311060","https://openalex.org/W2963674831","https://openalex.org/W2963804422","https://openalex.org/W2964118667","https://openalex.org/W2964206587","https://openalex.org/W2978325751","https://openalex.org/W2984643661","https://openalex.org/W3000462278","https://openalex.org/W3007037833","https://openalex.org/W3011243356","https://openalex.org/W3016801111","https://openalex.org/W3021358986","https://openalex.org/W3048076421","https://openalex.org/W3048197573","https://openalex.org/W3049709743","https://openalex.org/W3112409568","https://openalex.org/W3130297174","https://openalex.org/W3137537256","https://openalex.org/W3155543450","https://openalex.org/W3195691903","https://openalex.org/W4285719527","https://openalex.org/W4288057752","https://openalex.org/W4294877146","https://openalex.org/W4299301436","https://openalex.org/W6628261430","https://openalex.org/W6631841752","https://openalex.org/W6632032960","https://openalex.org/W6633448724","https://openalex.org/W6712189027","https://openalex.org/W6720296912","https://openalex.org/W6720892955","https://openalex.org/W6731801182","https://openalex.org/W6753302588","https://openalex.org/W6777023048","https://openalex.org/W6782130387","https://openalex.org/W6796961280"],"related_works":["https://openalex.org/W2161302774","https://openalex.org/W4383723869","https://openalex.org/W4384298135","https://openalex.org/W4383722264","https://openalex.org/W2388481516","https://openalex.org/W3007688875","https://openalex.org/W1723410974","https://openalex.org/W3209669196","https://openalex.org/W2110517301","https://openalex.org/W3123970444"],"abstract_inverted_index":{"Compression":[0],"algorithms":[1],"have":[2],"side":[3,15,36],"channels":[4],"due":[5],"to":[6,62,188],"their":[7],"data-dependent":[8],"operations.":[9],"So":[10],"far,":[11],"only":[12,202],"the":[13,20,29,64,104,149,171,175,190,199],"compression-ratio":[14],"channel":[16,37],"was":[17],"exploited,":[18],"e.g.,":[19],"compressed":[21],"data":[22,115,196],"size.In":[23],"this":[24],"paper,":[25],"we":[26,110,123,135,152,165],"present":[27],"Decomp+Time,":[28],"first":[30],"memory-compression":[31],"attack":[32,65],"exploiting":[33],"a":[34,44,94,130,145,180,205],"timing":[35,84],"in":[38,89,117,144],"compression":[39,60,193],"algorithms.":[40],"While":[41],"Decomp+Time":[42,75,92],"affects":[43],"much":[45],"broader":[46],"set":[47],"of":[48,96,192],"applications":[49],"than":[50],"prior":[51],"work.":[52],"A":[53],"key":[54],"challenge":[55],"is":[56,186,201],"precisely":[57],"crafting":[58],"attacker-controlled":[59],"payloads":[61,76],"enable":[63],"with":[66,139,155],"sufficient":[67],"resolution.":[68],"Our":[69],"evolutionary":[70],"fuzzer,":[71],"Comprezzor,":[72,109],"finds":[73],"effective":[74],"that":[77,82,113],"optimize":[78],"latency":[79],"differences":[80],"such":[81],"decompression":[83],"can":[85],"even":[86,197],"be":[87],"exploited":[88],"remote":[90,131,206],"attacks.":[91],"has":[93],"capacity":[95],"9.73":[97],"kB/s":[98],"locally,":[99],"and":[100],"10.72":[101],"bit/min":[102,126,157],"across":[103],"internet":[105],"(14":[106],"hops).":[107],"Using":[108],"develop":[111],"attacks":[112],"leak":[114,124,136,153,166],"bytewise":[116],"four":[118],"different":[119],"case":[120],"studies:":[121],"First,":[122],"1.50":[125],"from":[127,142,159,170],"Memcached":[128],"on":[129,162,179,194],"PHP":[132],"script.":[133],"Second,":[134],"database":[137],"records":[138],"2.69":[140],"bit/min,":[141],"PostgreSQL":[143],"Python-Flask":[146],"application,":[147],"over":[148],"internet.":[150],"Third,":[151],"secrets":[154],"49.14":[156],"locally":[158],"ZRAM-compressed":[160],"pages":[161],"Linux.":[163],"Fourth,":[164],"internal":[167],"heap":[168],"pointers":[169],"V8":[172],"engine":[173],"within":[174],"Google":[176],"Chrome":[177],"browser":[178],"system":[181],"using":[182],"ZRAM.":[183],"Thus,":[184],"it":[185],"important":[187],"re-evaluate":[189],"use":[191],"sensitive":[195],"if":[198],"application":[200],"reachable":[203],"via":[204],"interface.":[207]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}