{"id":"https://openalex.org/W2889624678","doi":"https://doi.org/10.1145/3243734.3243861","title":"An Exploratory Analysis of Microcode as a Building Block for System Defenses","display_name":"An Exploratory Analysis of Microcode as a Building Block for System Defenses","publication_year":2018,"publication_date":"2018-10-15","ids":{"openalex":"https://openalex.org/W2889624678","doi":"https://doi.org/10.1145/3243734.3243861","mag":"2889624678"},"language":"en","primary_location":{"id":"doi:10.1145/3243734.3243861","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243861","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5043751748","display_name":"Benjamin Kollenda","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Benjamin Kollenda","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025038293","display_name":"Philipp Koppe","orcid":null},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Philipp Koppe","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044241451","display_name":"Marc Fyrbiak","orcid":"https://orcid.org/0000-0002-4266-7108"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Marc Fyrbiak","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086672265","display_name":"Christian Kison","orcid":"https://orcid.org/0000-0002-5830-7692"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Kison","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5041748332","display_name":"Christof Paar","orcid":"https://orcid.org/0000-0001-8681-2277"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christof Paar","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056790702","display_name":"Thorsten Holz","orcid":"https://orcid.org/0000-0002-2783-1264"},"institutions":[{"id":"https://openalex.org/I904495901","display_name":"Ruhr University Bochum","ror":"https://ror.org/04tsk2644","country_code":"DE","type":"education","lineage":["https://openalex.org/I904495901"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Thorsten Holz","raw_affiliation_strings":["Ruhr-Universit\u00e4t Bochum, Bochum, Germany"],"affiliations":[{"raw_affiliation_string":"Ruhr-Universit\u00e4t Bochum, Bochum, Germany","institution_ids":["https://openalex.org/I904495901"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5043751748"],"corresponding_institution_ids":["https://openalex.org/I904495901"],"apc_list":null,"apc_paid":null,"fwci":0.9773,"has_fulltext":false,"cited_by_count":11,"citation_normalized_percentile":{"value":0.82005532,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1649","last_page":"1666"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.9933000206947327,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9923999905586243,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microcode","display_name":"Microcode","score":0.9678756594657898},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8467270135879517},{"id":"https://openalex.org/keywords/x86","display_name":"x86","score":0.8336372375488281},{"id":"https://openalex.org/keywords/firmware","display_name":"Firmware","score":0.6565502882003784},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4584817886352539},{"id":"https://openalex.org/keywords/instruction-set","display_name":"Instruction set","score":0.43434298038482666},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.42196139693260193},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.3790411949157715},{"id":"https://openalex.org/keywords/parallel-computing","display_name":"Parallel computing","score":0.30518972873687744},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.2633036971092224},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.1580900251865387}],"concepts":[{"id":"https://openalex.org/C22174128","wikidata":"https://www.wikidata.org/wiki/Q175869","display_name":"Microcode","level":2,"score":0.9678756594657898},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8467270135879517},{"id":"https://openalex.org/C170723468","wikidata":"https://www.wikidata.org/wiki/Q182933","display_name":"x86","level":3,"score":0.8336372375488281},{"id":"https://openalex.org/C67212190","wikidata":"https://www.wikidata.org/wiki/Q104851","display_name":"Firmware","level":2,"score":0.6565502882003784},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4584817886352539},{"id":"https://openalex.org/C202491316","wikidata":"https://www.wikidata.org/wiki/Q272683","display_name":"Instruction set","level":2,"score":0.43434298038482666},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.42196139693260193},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.3790411949157715},{"id":"https://openalex.org/C173608175","wikidata":"https://www.wikidata.org/wiki/Q232661","display_name":"Parallel computing","level":1,"score":0.30518972873687744},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.2633036971092224},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.1580900251865387}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3243734.3243861","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3243734.3243861","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/9","score":0.6200000047683716,"display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":53,"referenced_works":["https://openalex.org/W1485629610","https://openalex.org/W1488986397","https://openalex.org/W1548146360","https://openalex.org/W1591211019","https://openalex.org/W1605557845","https://openalex.org/W1613874182","https://openalex.org/W1691322864","https://openalex.org/W1878544538","https://openalex.org/W1947621832","https://openalex.org/W1964281299","https://openalex.org/W1969338270","https://openalex.org/W1992741024","https://openalex.org/W2003619630","https://openalex.org/W2004456327","https://openalex.org/W2009801020","https://openalex.org/W2033593513","https://openalex.org/W2036033615","https://openalex.org/W2052897520","https://openalex.org/W2057820700","https://openalex.org/W2061354941","https://openalex.org/W2064452120","https://openalex.org/W2065540707","https://openalex.org/W2080313875","https://openalex.org/W2101699859","https://openalex.org/W2102902405","https://openalex.org/W2109219878","https://openalex.org/W2111760587","https://openalex.org/W2112243402","https://openalex.org/W2112968990","https://openalex.org/W2117798902","https://openalex.org/W2121468041","https://openalex.org/W2123034525","https://openalex.org/W2124360577","https://openalex.org/W2132271754","https://openalex.org/W2134633067","https://openalex.org/W2156858199","https://openalex.org/W2168843528","https://openalex.org/W2171264329","https://openalex.org/W2350778671","https://openalex.org/W2460232746","https://openalex.org/W2492446575","https://openalex.org/W2496999134","https://openalex.org/W2550858797","https://openalex.org/W2572561587","https://openalex.org/W2612687770","https://openalex.org/W2722741879","https://openalex.org/W2751428564","https://openalex.org/W2753091892","https://openalex.org/W2766313665","https://openalex.org/W2775990858","https://openalex.org/W2914503388","https://openalex.org/W4239035626","https://openalex.org/W6863951927"],"related_works":["https://openalex.org/W1966431236","https://openalex.org/W608147619","https://openalex.org/W2026551898","https://openalex.org/W1984676852","https://openalex.org/W4252104358","https://openalex.org/W2062160093","https://openalex.org/W2025981307","https://openalex.org/W1998626163","https://openalex.org/W2056006243","https://openalex.org/W2039978824"],"abstract_inverted_index":{"Microcode":[0],"is":[1,61,68],"an":[2],"abstraction":[3],"layer":[4],"used":[5],"by":[6,54],"modern":[7,104],"x86":[8,23,119],"processors":[9],"that":[10,86],"interprets":[11],"user-visible":[12],"CISC":[13],"instructions":[14],"to":[15,21,28,173,188],"hardware-internal":[16],"RISC":[17],"instructions.":[18],"The":[19],"capability":[20],"update":[22,163],"microcode":[24,57,60,113,162,172,181],"enables":[25],"a":[26,115,148,152,160,175],"vendor":[27],"modify":[29],"CPU":[30],"behavior":[31],"in-field,":[32],"and":[33,49,63,66,88,107,136,165,183,190],"thus":[34],"patch":[35],"erroneous":[36],"microarchitectural":[37],"processes":[38],"or":[39],"even":[40],"implement":[41],"new":[42,82],"features.":[43],"Most":[44],"prominently,":[45],"the":[46,90,184],"recent":[47],"Spectre":[48],"Meltdown":[50],"vulnerabilities":[51],"were":[52],"mitigated":[53],"Intel":[55],"via":[56],"updates.":[58],"Unfortunately,":[59],"proprietary":[62,94],"closed":[64],"source,":[65],"there":[67],"little":[69],"publicly":[70,195],"available":[71],"information":[72],"on":[73,97,114],"its":[74],"inner":[75],"workings.":[76],"In":[77],"this":[78],"paper,":[79],"we":[80,101,157],"present":[81,147],"reverse":[83],"engineering":[84],"results":[85,193],"extend":[87,191],"complement":[89],"public":[91],"knowledge":[92],"of":[93,151],"microcode.":[95,144],"Based":[96],"these":[98],"novel":[99],"insights,":[100],"show":[102,158],"how":[103,123,159],"system":[105,125],"defenses":[106,127],"tools":[108],"can":[109,140,168],"be":[110,141,169],"realized":[111,142],"in":[112,143,171],"commercial,":[116],"off-the-shelf":[117],"AMD":[118],"CPU.":[120],"We":[121,145],"demonstrate":[122],"well-established":[124],"security":[126],"such":[128],"as":[129],"timing":[130],"attack":[131],"mitigations,":[132],"hardware-assisted":[133],"address":[134],"sanitization,":[135],"instruction":[137],"set":[138],"randomization":[139],"also":[146],"proof-of-concept":[149],"implementation":[150],"microcode-assisted":[153],"instrumentation":[154],"framework.":[155],"Finally,":[156],"secure":[161],"mechanism":[164],"enclave":[166],"functionality":[167],"implemented":[170],"realize":[174],"small":[176],"trusted":[177],"execution":[178],"environment.":[179],"All":[180],"programs":[182],"whole":[185],"infrastructure":[186],"needed":[187],"reproduce":[189],"our":[192],"are":[194],"available.":[196]},"counts_by_year":[{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}