Publications
AUG 12
Speculative Execution Attacks on RISC-V Silicon: A Comprehensive Study MAY 18
TDXRay: Microarchitectural Side-Channel Analysis of Intel TDX for Real-World Workloads MAY 18
Crucible: Retrofitting Commodity CPUs with Vulnerabilities via Transparent Software Emulation FEB 3
Zero-Store Elimination and its Implications on the SIKE Cryptosystem OCT 13
RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs AUG 13
SCASE: Automated Secret Recovery via Side-Channel-Assisted Symbolic Execution AUG 13
Confusing Value with Enumeration: Studying the Use of CVEs in Academia JUL 9
Taming the Linux Memory Allocator for Rapid Prototyping MAY 12
Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage APR 14
Lixom: Protecting Encryption Keys with Execute-Only Memory APR 14
Do Compilers Break Constant-time Guarantees? FEB 23
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting JAN 3
ShadowLoad: Injecting State into Hardware Prefetchers JAN 1
Peripheral Instinct: How External Devices Breach Browser Sandboxes DEC 9
No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks MAY 20
Efficient and Generic Microarchitectural Hash-Function Recovery MAY 20
CacheWarp: Software-based Fault Injection using Selective State Reset OCT 6
Reviving Meltdown 3a OCT 6
Indirect Meltdown: Building Novel Side-Channel Attacks from Transient-Execution Attacks OCT 6
A Rowhammer Reproduction Study Using the Blacksmith Fuzzer AUG 9
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels JUN 17
Hammulator: Simulate Now-Exploit Later MAY 22
A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs