{"id":"https://openalex.org/W6944809398","doi":"https://doi.org/10.21227/5bt0-8081","title":"\"\\u03bcRL: Discovering Transient Execution Vulnerabilities Using Reinforcement Learning\"","display_name":"\"\\u03bcRL: Discovering Transient Execution Vulnerabilities Using Reinforcement Learning\"","publication_year":2025,"publication_date":"2025-07-03","ids":{"openalex":"https://openalex.org/W6944809398","doi":"https://doi.org/10.21227/5bt0-8081"},"language":"en","primary_location":{"id":"doi:10.21227/5bt0-8081","is_oa":true,"landing_page_url":"https://doi.org/10.21227/5bt0-8081","pdf_url":null,"source":{"id":"https://openalex.org/S7407051695","display_name":"IEEE DataPort","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"dataset"},"type":"dataset","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.21227/5bt0-8081","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"M. Caner Tol","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"M. Caner Tol","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":null,"topics":[],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7254999876022339},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.7221999764442444},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.621399998664856},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.6065000295639038},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.5503000020980835},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.44670000672340393},{"id":"https://openalex.org/keywords/credence","display_name":"Credence","score":0.41609999537467957},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.3763999938964844},{"id":"https://openalex.org/keywords/transient","display_name":"Transient (computer programming)","score":0.33169999718666077}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8379999995231628},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7254999876022339},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.7221999764442444},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.621399998664856},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.6065000295639038},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.5503000020980835},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.44670000672340393},{"id":"https://openalex.org/C2779513410","wikidata":"https://www.wikidata.org/wiki/Q25351567","display_name":"Credence","level":2,"score":0.41609999537467957},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.39570000767707825},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.3763999938964844},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34779998660087585},{"id":"https://openalex.org/C2780799671","wikidata":"https://www.wikidata.org/wiki/Q17087362","display_name":"Transient (computer programming)","level":2,"score":0.33169999718666077},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.320499986410141},{"id":"https://openalex.org/C107598950","wikidata":"https://www.wikidata.org/wiki/Q259864","display_name":"Microarchitecture","level":2,"score":0.3151000142097473},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.2971999943256378},{"id":"https://openalex.org/C75949130","wikidata":"https://www.wikidata.org/wiki/Q848010","display_name":"Database transaction","level":2,"score":0.2831000089645386},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.28290000557899475},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.2759000062942505},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.27570000290870667},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2599000036716461},{"id":"https://openalex.org/C2778572836","wikidata":"https://www.wikidata.org/wiki/Q380933","display_name":"Space (punctuation)","level":2,"score":0.2596000134944916},{"id":"https://openalex.org/C2779478453","wikidata":"https://www.wikidata.org/wiki/Q6889748","display_name":"Modularity (biology)","level":2,"score":0.257999986410141},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.2554999887943268},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.25540000200271606},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.25290000438690186},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.25099998712539673},{"id":"https://openalex.org/C202491316","wikidata":"https://www.wikidata.org/wiki/Q272683","display_name":"Instruction set","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.21227/5bt0-8081","is_oa":true,"landing_page_url":"https://doi.org/10.21227/5bt0-8081","pdf_url":null,"source":{"id":"https://openalex.org/S7407051695","display_name":"IEEE DataPort","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"dataset"}],"best_oa_location":{"id":"doi:10.21227/5bt0-8081","is_oa":true,"landing_page_url":"https://doi.org/10.21227/5bt0-8081","pdf_url":null,"source":{"id":"https://openalex.org/S7407051695","display_name":"IEEE DataPort","issn_l":null,"issn":[],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"dataset"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.5790408849716187,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"\"We":[0],"propose":[1],"using":[2,56],"reinforcement":[3],"learning":[4,65,118],"to":[5,31,69,75,94,175,223],"address":[6],"the":[7,34,63,80,83,106,111,224],"challenges":[8],"of":[9,82,205],"discovering":[10],"microarchitectural":[11,140],"vulnerabilities,":[12,77],"such":[13,129],"as":[14,130],"Spectre":[15],"and":[16,38,154,165,216],"Meltdown,":[17],"which":[18],"exploit":[19],"subtle":[20,127],"interactions":[21],"in":[22],"modern":[23,159],"processors.":[24],"Traditional":[25],"methods":[26],"like":[27],"random":[28],"fuzzing":[29],"fail":[30],"efficiently":[32],"explore":[33],"vast":[35],"instruction":[36,71,177],"space":[37],"often":[39],"miss":[40],"vulnerabilities":[41],"that":[42,89,119,137,179],"manifest":[43],"under":[44],"specific":[45],"conditions.":[46],"To":[47],"overcome":[48],"this,":[49],"we":[50,109],"introduce":[51],"an":[52],"intelligent,":[53],"feedback-driven":[54],"approach":[55,125],"RL.":[57],"Our":[58],"RL":[59,90,170],"agents":[60],"interact":[61],"with":[62],"processor,":[64],"from":[66,202],"real-time":[67],"feedback":[68],"prioritize":[70],"sequences":[72,178,200],"more":[73,151],"likely":[74],"reveal":[76],"significantly":[78],"improving":[79],"efficiency":[81],"discovery":[84],"process.&nbsp;":[85],"&nbsp;We":[86],"also":[87],"demonstrate":[88],"systems":[91],"adapt":[92],"effectively":[93],"various":[95],"microarchitectures,":[96,168],"providing":[97],"a":[98,150,203],"scalable":[99],"solution":[100],"across":[101],"processor":[102],"generations.":[103],"By":[104],"automating":[105],"exploration":[107],"process,":[108],"reduce":[110],"need":[112],"for":[113,157],"human":[114],"intervention,":[115],"enabling":[116],"continuous":[117],"uncovers":[120],"hidden":[121],"vulnerabilities.":[122],"Additionally,":[123],"our":[124,169],"detects":[126],"signals,":[128],"timing":[131],"anomalies":[132],"or":[133,194],"unusual":[134],"cache":[135],"behavior,":[136],"may":[138],"indicate":[139],"weaknesses.":[141],"This":[142],"proposal":[143],"advances":[144],"hardware":[145],"security":[146],"testing":[147],"by":[148],"introducing":[149],"efficient,":[152],"adaptive,":[153],"systematic":[155],"framework":[156],"protecting":[158],"processors.When":[160],"unleashed":[161],"on":[162],"Intel":[163,206],"Skylake-X":[164],"Raptor":[166],"Lake":[167],"agent":[171],"was":[172],"indeed":[173],"able":[174],"generate":[176],"cause":[180],"significant":[181],"observable":[182],"byte":[183],"leakages":[184],"through":[185],"transient":[186],"execution":[187],"without":[188],"generating":[189],"any":[190],"$\\\\mu$code":[191],"assists,":[192],"faults":[193],"interrupts.":[195],"The":[196],"newly":[197],"identified":[198],"leaky":[199],"stem":[201],"variety":[204],"instructions,":[207],"e.g.":[208],"including":[209],"SERIALIZE,":[210],"VERR\\/VERW,":[211],"CLMUL,":[212],"MMX-x87":[213],"transitions,":[214],"LSL+RDSCP":[215],"LAR.":[217],"These":[218],"initial":[219],"results":[220],"give":[221],"credence":[222],"proposed":[225],"approach.&nbsp;\"":[226]},"counts_by_year":[],"updated_date":"2025-11-06T06:51:31.235846","created_date":"2025-10-10T00:00:00"}