{"id":"https://openalex.org/W2985509521","doi":"https://doi.org/10.1109/tse.2019.2953709","title":"oo7: Low-Overhead Defense Against Spectre Attacks via Program Analysis","display_name":"oo7: Low-Overhead Defense Against Spectre Attacks via Program Analysis","publication_year":2019,"publication_date":"2019-11-15","ids":{"openalex":"https://openalex.org/W2985509521","doi":"https://doi.org/10.1109/tse.2019.2953709","mag":"2985509521"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2019.2953709","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2019.2953709","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100741951","display_name":"Guanhua Wang","orcid":"https://orcid.org/0000-0003-1393-5326"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Guanhua Wang","raw_affiliation_strings":["National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088928000","display_name":"Sudipta Chattopadhyay","orcid":"https://orcid.org/0000-0002-4843-5391"},"institutions":[{"id":"https://openalex.org/I152815399","display_name":"Singapore University of Technology and Design","ror":"https://ror.org/05j6fvn87","country_code":"SG","type":"education","lineage":["https://openalex.org/I152815399"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Sudipta Chattopadhyay","raw_affiliation_strings":["Singapore University of Technology and Design, Singapore"],"affiliations":[{"raw_affiliation_string":"Singapore University of Technology and Design, Singapore","institution_ids":["https://openalex.org/I152815399"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054525399","display_name":"Ivan Gotovchits","orcid":"https://orcid.org/0000-0002-6787-236X"},"institutions":[{"id":"https://openalex.org/I74973139","display_name":"Carnegie Mellon University","ror":"https://ror.org/05x2bcf33","country_code":"US","type":"education","lineage":["https://openalex.org/I74973139"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ivan Gotovchits","raw_affiliation_strings":["Carnegie Mellon University, Pittsburgh, PA, USA"],"affiliations":[{"raw_affiliation_string":"Carnegie Mellon University, Pittsburgh, PA, USA","institution_ids":["https://openalex.org/I74973139"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5049237676","display_name":"Tulika Mitra","orcid":"https://orcid.org/0000-0003-4136-4188"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Tulika Mitra","raw_affiliation_strings":["National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060115298","display_name":"Abhik Roychoudhury","orcid":"https://orcid.org/0000-0002-7127-1137"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Abhik Roychoudhury","raw_affiliation_strings":["National University of Singapore, Singapore"],"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5100741951"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":4.6306,"has_fulltext":false,"cited_by_count":71,"citation_normalized_percentile":{"value":0.95864636,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"47","issue":"11","first_page":"2504","last_page":"2519"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10502","display_name":"Advanced Memory and Neural Computing","score":0.9830999970436096,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7985027432441711},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.6240264177322388},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.6238234043121338},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.48148810863494873},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.45508626103401184},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.39892977476119995},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.29873207211494446},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.06498262286186218}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7985027432441711},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.6240264177322388},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.6238234043121338},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.48148810863494873},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.45508626103401184},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.39892977476119995},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.29873207211494446},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.06498262286186218}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2019.2953709","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2019.2953709","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320709","display_name":"National Research Foundation Singapore","ror":"https://ror.org/03cpyc314"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":29,"referenced_works":["https://openalex.org/W17195072","https://openalex.org/W1427174644","https://openalex.org/W1555915743","https://openalex.org/W1954816054","https://openalex.org/W2028261441","https://openalex.org/W2036853599","https://openalex.org/W2514974017","https://openalex.org/W2604507227","https://openalex.org/W2664885055","https://openalex.org/W2725179571","https://openalex.org/W2803913377","https://openalex.org/W2810584084","https://openalex.org/W2868863044","https://openalex.org/W2884364581","https://openalex.org/W2900935390","https://openalex.org/W2903725623","https://openalex.org/W2903910116","https://openalex.org/W2913670734","https://openalex.org/W2962986039","https://openalex.org/W2963311060","https://openalex.org/W3015465581","https://openalex.org/W4289105799","https://openalex.org/W4293360601","https://openalex.org/W6628261430","https://openalex.org/W6640822829","https://openalex.org/W6751303311","https://openalex.org/W6753251892","https://openalex.org/W6753807672","https://openalex.org/W6758592430"],"related_works":["https://openalex.org/W4240253816","https://openalex.org/W3096456556","https://openalex.org/W2169584677","https://openalex.org/W2979513934","https://openalex.org/W4232954277","https://openalex.org/W1713081424","https://openalex.org/W2127315869","https://openalex.org/W1523769955","https://openalex.org/W2245390655","https://openalex.org/W4379536100"],"abstract_inverted_index":{"The":[0,10],"Spectre":[1,75,150,191],"vulnerability":[2,15],"in":[3,13,20,42,83],"modern":[4],"processors":[5,21],"has":[6],"been":[7],"widely":[8],"reported.":[9],"key":[11,96],"insight":[12],"this":[14,60],"is":[16,98,208],"that":[17,72],"speculative":[18,126,204],"execution":[19],"can":[22,49,73,132,153],"be":[23,51],"misused":[24],"to":[25,99,120,173,202,211],"access":[26],"the":[27,32,38,90,101,162],"secrets.":[28],"Subsequently,":[29],"even":[30],"though":[31],"speculatively":[33],"executed":[34],"instructions":[35],"are":[36],"squashed,":[37],"secret":[39],"may":[40],"linger":[41],"micro-architectural":[43],"states":[44],"such":[45],"as":[46],"cache,":[47],"and":[48,86,107,117,125],"potentially":[50,79],"accessed":[52],"by":[53,77,92,193],"an":[54],"attacker":[55],"via":[56],"side":[57],"channels.":[58],"In":[59],"paper,":[61],"we":[62],"propose":[63],"<italic":[64,129,170],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[65,130,143,171],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">oo7</i>":[66,131,172],",":[67,145],"a":[68,165],"static":[69],"analysis":[70,105,119],"approach":[71,207],"mitigate":[74],"attacks":[76],"detecting":[78],"vulnerable":[80,199],"code":[81,138],"snippets":[82],"program":[84,176],"binaries":[85,177],"protecting":[87],"them":[88],"against":[89,190],"attack":[91,192],"patching":[93],"them.":[94,158],"Our":[95,206],"contribution":[97],"balance":[100],"concerns":[102],"of":[103,157,164],"effectiveness,":[104],"time":[106],"run-time":[108],"overheads.":[109],"We":[110,159,187],"employ":[111],"control":[112],"flow":[113],"extraction,":[114],"taint":[115],"analysis,":[116],"address":[118],"detect":[121,133,155],"tainted":[122],"conditional":[123,200],"branches":[124,201],"memory":[127],"accesses.":[128],"all":[134],"fifteen":[135],"purpose-built":[136],"Spectre-vulnerable":[137],"patterns":[139],"<xref":[140],"ref-type=\"bibr\"":[141],"rid=\"ref1\"":[142],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">[1]</xref>":[144],"whereas":[146],"Microsoft":[147],"compiler":[148],"with":[149],"mitigation":[151],"option":[152],"only":[154,197],"two":[156],"also":[160],"report":[161],"results":[163],"large-scale":[166],"study":[167],"on":[168,218],"applying":[169],"over":[174],"500":[175],"(average":[178],"binary":[179],"size":[180],"261":[181],"KB)":[182],"from":[183],"different":[184],"real-world":[185],"projects.":[186],"protect":[188],"programs":[189],"selectively":[194],"inserting":[195],"fences":[196],"at":[198],"prevent":[203],"execution.":[205],"experimentally":[209],"observed":[210],"incur":[212],"around":[213],"5.9":[214],"percent":[215],"performance":[216],"overheads":[217],"SPECint":[219],"benchmarks.":[220]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":16},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":17},{"year":2021,"cited_by_count":7},{"year":2020,"cited_by_count":7},{"year":2019,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}