{"id":"https://openalex.org/W4416549156","doi":"https://doi.org/10.1145/3719027.3765141","title":"RISC <scp>over</scp> : Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs","display_name":"RISC <scp>over</scp> : Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4416549156","doi":"https://doi.org/10.1145/3719027.3765141"},"language":null,"primary_location":{"id":"doi:10.1145/3719027.3765141","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765141","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108312147","display_name":"Fabian Thomas","orcid":"https://orcid.org/0009-0008-8029-0621"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Fabian Thomas","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0008-8029-0621","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5120373711","display_name":"Eric Garc\u00eda Arribas","orcid":"https://orcid.org/0009-0003-1608-0957"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Eric Garc\u00eda Arribas","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0003-1608-0957","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080501495","display_name":"Lorenz Hetterich","orcid":"https://orcid.org/0009-0007-1201-0299"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lorenz Hetterich","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0007-1201-0299","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114002017","display_name":"D Weber","orcid":"https://orcid.org/0009-0008-0213-5773"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Daniel Weber","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0008-0213-5773","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111124813","display_name":"L. O. Gerlach","orcid":"https://orcid.org/0009-0002-6684-2035"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Lukas Gerlach","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0002-6684-2035","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046503029","display_name":"Ruiyi Zhang","orcid":"https://orcid.org/0009-0007-9094-6412"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ruiyi Zhang","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0009-0007-9094-6412","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070469078","display_name":"Michael Schwarz","orcid":"https://orcid.org/0000-0001-6744-3410"},"institutions":[{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Michael Schwarz","raw_affiliation_strings":["CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany"],"raw_orcid":"https://orcid.org/0000-0001-6744-3410","affiliations":[{"raw_affiliation_string":"CISPA Helmholtz Center for Information Security, Saarbr\u00fccken, Saarland, Germany","institution_ids":["https://openalex.org/I4210128801"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.1712771,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3326","last_page":"3340"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9675999879837036,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9675999879837036,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11005","display_name":"Radiation Effects in Electronics","score":0.004600000102072954,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.00419999985024333,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5325999855995178},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4343999922275543},{"id":"https://openalex.org/keywords/reduced-instruction-set-computing","display_name":"Reduced instruction set computing","score":0.40049999952316284},{"id":"https://openalex.org/keywords/extensibility","display_name":"Extensibility","score":0.39890000224113464},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38199999928474426},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.3325999975204468}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.707099974155426},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5325999855995178},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.5234000086784363},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4343999922275543},{"id":"https://openalex.org/C126298526","wikidata":"https://www.wikidata.org/wiki/Q189376","display_name":"Reduced instruction set computing","level":3,"score":0.40049999952316284},{"id":"https://openalex.org/C32833848","wikidata":"https://www.wikidata.org/wiki/Q4115054","display_name":"Extensibility","level":2,"score":0.39890000224113464},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3977999985218048},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.397599995136261},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38199999928474426},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3637999892234802},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3325999975204468},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.321399986743927},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.30149999260902405},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2630999982357025},{"id":"https://openalex.org/C3018397939","wikidata":"https://www.wikidata.org/wiki/Q3644502","display_name":"Open source","level":3,"score":0.25209999084472656}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3719027.3765141","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3719027.3765141","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320306087","display_name":"Semiconductor Research Corporation","ror":"https://ror.org/047z4n946"},{"id":"https://openalex.org/F4320309327","display_name":"Google","ror":"https://ror.org/00njsd438"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W1613874182","https://openalex.org/W2158302200","https://openalex.org/W3007037833","https://openalex.org/W3205101829","https://openalex.org/W3209578033","https://openalex.org/W4327930474","https://openalex.org/W4384948664","https://openalex.org/W4385269960","https://openalex.org/W4388858498","https://openalex.org/W4404955115"],"related_works":[],"abstract_inverted_index":{"The":[0],"open":[1],"and":[2,13],"extensible":[3],"RISC-V":[4],"instruction":[5],"set":[6],"has":[7],"enabled":[8],"many":[9],"new":[10],"CPU":[11],"vendors":[12],"implementations,":[14],"but":[15],"most":[16],"commercial":[17],"CPUs":[18],"are":[19],"closed-source,":[20],"significantly":[21],"hindering":[22],"vulnerability":[23],"analysis\u2014especially":[24],"for":[25],"bugs":[26],"exploitable":[27],"from":[28],"unprivileged":[29],"user":[30],"space.":[31]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-11-23T00:00:00"}