About

Lukas Gerlach

PhD Candidate CISPA Helmholtz Center for Information Security

I am a PhD candidate at CISPA Helmholtz Center for Information Security in the research group of Dr. Michael Schwarz, where I started in 2023. My research focuses on microarchitectural security, exploring vulnerabilities in modern and emerging CPU architectures.

I work on automated security analysis techniques to discover and understand processor vulnerabilities, with publications at IEEE S&P, USENIX Security, and other top venues. My research spans RISC-V security, automated reverse-engineering of CPU internals, side-channel attacks on trusted execution environments, and compiler-induced cryptographic vulnerabilities.

Blog

May 26, 2026 How do Cache Attacks Against AES Work? 6 min

Publications

2026

USENIX Security Speculative Execution Attacks on RISC-V Silicon: A Comprehensive Study

IEEE S&P TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads

IEEE S&P Crucible: Retrofitting Commodity CPUs with Vulnerabilities via Transparent Software Emulation

uASC Zero-Store Elimination and its Implications on the SIKE Cryptosystem

2025

CCS RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

USENIX Security SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution

USENIX Security Confusing Value with Enumeration: Studying the Use of CVEs in Academia

DIMVA Taming the Linux Memory Allocator for Rapid Prototyping

S&P Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

FC Lixom: Protecting Encryption Keys with Execute-Only Memory

FC Do Compilers Break Constant-time Guarantees?

NDSS Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting

ASPLOS ShadowLoad: Injecting State into Hardware Prefetchers

WWW Peripheral Instinct: How External Devices Breach Browser Sandboxes

2024

ACSAC No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks

IEEE S&P Efficient and Generic Microarchitectural Hash-Function Recovery

USENIX Security CacheWarp: Software-based Fault Injection using Selective State Reset

2023

ESORICS Reviving Meltdown 3a

ESORICS Indirect Meltdown: Building Novel Side-Channel Attacks from Transient-Execution Attacks

ESORICS A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

USENIX Security Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

DRAMSec Hammulator: Simulate Now-Exploit Later

IEEE S&P A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs

Talks

2023

DEC 7 A Security RISC? The State of Microarchitectural Attacks on RISC-V · Blackhat EU

DEC 2 Rowhammer Revisited: From Exploration to Exploitation and Mitigation · m0leCon 2023