{"id":"https://openalex.org/W4411471717","doi":"https://doi.org/10.1145/3695053.3731119","title":"SpecASan: Mitigating Transient Execution Attacks Using Speculative Address Sanitization","display_name":"SpecASan: Mitigating Transient Execution Attacks Using Speculative Address Sanitization","publication_year":2025,"publication_date":"2025-06-20","ids":{"openalex":"https://openalex.org/W4411471717","doi":"https://doi.org/10.1145/3695053.3731119"},"language":"en","primary_location":{"id":"doi:10.1145/3695053.3731119","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695053.3731119","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3695053.3731119","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 52nd Annual International Symposium on Computer Architecture","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3695053.3731119","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5118575363","display_name":"Saber Ganjisaffar","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Saber Ganjisaffar","raw_affiliation_strings":["Computer Science and Engineering Department, University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science and Engineering Department, University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118452816","display_name":"Esmaeil Mohmmadian Koruyeh","orcid":null},"institutions":[{"id":"https://openalex.org/I4210101778","display_name":"Samsung (United States)","ror":"https://ror.org/01bfbvm65","country_code":"US","type":"company","lineage":["https://openalex.org/I2250650973","https://openalex.org/I4210101778"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Esmaeil Mohmmadian Koruyeh","raw_affiliation_strings":["Samsung Research America, Mountain View, California, USA"],"affiliations":[{"raw_affiliation_string":"Samsung Research America, Mountain View, California, USA","institution_ids":["https://openalex.org/I4210101778"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5118397426","display_name":"Jason Zellmer","orcid":null},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Zellmer","raw_affiliation_strings":["University of California, Riverside, Riverside, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, CA, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046230478","display_name":"Hodjat Asghari Esfeden","orcid":"https://orcid.org/0000-0002-7200-6757"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Hodjat Asghari Esfeden","raw_affiliation_strings":["University of California, Riverside, Riverside, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, California, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005972298","display_name":"Chengyu Song","orcid":"https://orcid.org/0000-0001-6617-3068"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chengyu Song","raw_affiliation_strings":["University of California, Riverside, Riverside, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, California, USA","institution_ids":["https://openalex.org/I103635307"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5059614371","display_name":"Nael Abu\u2010Ghazaleh","orcid":"https://orcid.org/0000-0002-9485-5370"},"institutions":[{"id":"https://openalex.org/I103635307","display_name":"University of California, Riverside","ror":"https://ror.org/03nawhv43","country_code":"US","type":"education","lineage":["https://openalex.org/I103635307"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Nael Abu-Ghazaleh","raw_affiliation_strings":["University of California, Riverside, Riverside, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Riverside, Riverside, California, USA","institution_ids":["https://openalex.org/I103635307"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5118575363"],"corresponding_institution_ids":["https://openalex.org/I103635307"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.07055138,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"2032","last_page":"2045"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7320758700370789},{"id":"https://openalex.org/keywords/transient","display_name":"Transient (computer programming)","score":0.6297683715820312},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.528223991394043},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.1339643895626068}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7320758700370789},{"id":"https://openalex.org/C2780799671","wikidata":"https://www.wikidata.org/wiki/Q17087362","display_name":"Transient (computer programming)","level":2,"score":0.6297683715820312},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.528223991394043},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.1339643895626068}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3695053.3731119","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695053.3731119","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3695053.3731119","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 52nd Annual International Symposium on Computer Architecture","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3695053.3731119","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3695053.3731119","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3695053.3731119","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 52nd Annual International Symposium on Computer Architecture","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3692568356","display_name":null,"funder_award_id":"2212426","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3869146496","display_name":null,"funder_award_id":"CNS-2053383","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5578108637","display_name":"CNS Core: Medium: Real-time Energy-elastic GPUs for Embedded Autonomous Systems","funder_award_id":"1955650","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4411471717.pdf","grobid_xml":"https://content.openalex.org/works/W4411471717.grobid-xml"},"referenced_works_count":54,"referenced_works":["https://openalex.org/W1488058190","https://openalex.org/W1565369953","https://openalex.org/W1994759706","https://openalex.org/W2013716714","https://openalex.org/W2155851497","https://openalex.org/W2169875292","https://openalex.org/W2170382128","https://openalex.org/W2337480911","https://openalex.org/W2807403537","https://openalex.org/W2810584084","https://openalex.org/W2884163605","https://openalex.org/W2903910116","https://openalex.org/W2931030580","https://openalex.org/W2944616073","https://openalex.org/W2946772038","https://openalex.org/W2952322674","https://openalex.org/W2954241526","https://openalex.org/W2964281551","https://openalex.org/W2976763854","https://openalex.org/W2978325751","https://openalex.org/W2979547870","https://openalex.org/W2979633637","https://openalex.org/W2979849111","https://openalex.org/W2982776349","https://openalex.org/W2982848142","https://openalex.org/W2989861912","https://openalex.org/W3008383151","https://openalex.org/W3015216799","https://openalex.org/W3017008359","https://openalex.org/W3029114445","https://openalex.org/W3036557299","https://openalex.org/W3043595391","https://openalex.org/W3096372727","https://openalex.org/W3097783227","https://openalex.org/W3100860658","https://openalex.org/W3101300690","https://openalex.org/W3148444620","https://openalex.org/W3153564332","https://openalex.org/W3159033757","https://openalex.org/W3199976353","https://openalex.org/W3207150733","https://openalex.org/W3216915655","https://openalex.org/W4232120412","https://openalex.org/W4288086178","https://openalex.org/W4289038676","https://openalex.org/W4309073410","https://openalex.org/W4380881134","https://openalex.org/W4383221423","https://openalex.org/W4383221555","https://openalex.org/W4385324391","https://openalex.org/W4389166769","https://openalex.org/W4402264134","https://openalex.org/W4404954366","https://openalex.org/W4405183072"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W4391913857","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052"],"abstract_inverted_index":{"Transient":[0],"execution":[1,11,31,146],"attacks":[2,47],"(TEAs),":[3],"such":[4],"as":[5,48],"Spectre":[6,149],"and":[7,25,37,54,150,162,169],"Meltdown,":[8],"exploit":[9],"speculative":[10,30,86,89],"to":[12,75,84],"leak":[13],"sensitive":[14],"data":[15],"through":[16],"residual":[17],"microarchitectural":[18,112],"state.Traditional":[19],"defenses":[20],"often":[21],"incur":[22],"high":[23],"performance":[24,117,160],"hardware":[26,59,132,164],"costs":[27],"by":[28,130],"delaying":[29],"or":[32],"requiring":[33],"additional":[34],"shadow":[35],"structures":[36],"dynamic":[38],"information":[39],"flow":[40],"tracking.In":[41],"contrast,":[42],"our":[43,134],"approach":[44],"models":[45],"these":[46,56],"violations":[49],"of":[50,119,144],"software-defined":[51],"security":[52],"contracts":[53,57],"enforces":[55],"in":[58],"using":[60],"existing":[61],"features.We":[62],"introduce":[63],"Speculative":[64],"Address":[65],"Sanitization":[66],"(SpecASan),":[67],"which":[68],"leverages":[69],"ARM's":[70],"Memory":[71],"Tagging":[72],"Extension":[73],"(MTE)":[74],"extend":[76],"memory":[77],"safety":[78],"protection":[79],"from":[80],"the":[81,85,94,111,116],"committed":[82],"path":[83],"path.When":[87],"a":[88,141],"access":[90,99],"does":[91],"not":[92],"pass":[93],"MTE":[95],"tag":[96],"comparison,":[97],"this":[98,157],"is":[100],"delayed":[101],"until":[102],"speculation":[103],"resolves.This":[104],"ensures":[105],"that":[106,137],"only":[107],"validated":[108],"accesses":[109],"affect":[110],"state":[113],"while":[114],"preserving":[115],"benefits":[118],"speculation.When":[120],"combined":[121],"with":[122,158],"Control-Flow":[123],"Integrity":[124],"(CFI)":[125],"enforcement":[126],"mechanisms,":[127],"already":[128],"supported":[129],"some":[131],"implementations,":[133],"evaluation":[135],"shows":[136],"SpecASan":[138,155],"effectively":[139],"mitigates":[140],"broad":[142],"class":[143],"transient":[145],"attacks,":[147],"including":[148],"Microarchitectural":[151],"Data":[152],"Sampling":[153],"(MDS).Furthermore,":[154],"achieves":[156],"low":[159],"overhead":[161],"minimal":[163],"complexity,":[165],"highlighting":[166],"its":[167],"practicality":[168],"efficiency.":[170]},"counts_by_year":[],"updated_date":"2026-03-18T14:38:29.013473","created_date":"2025-10-10T00:00:00"}