Publications
- 2025
-
Not So Secure TSC
We show that AMD's SecureTSC feature can be used for co-location detection.
ACNS'25, Munich, Germany, June 23–26, 2025 -
Secret Spilling Drive: Leaking User Behavior through SSD Contention
We show that a contention caused timing side-channel can leak websites visited by a victim with high accuracy.
NDSS'25, San Diego, CA, USA, February 23–28, 2025 -
An Analysis of HMB-based SSD Rowhammer
We analyse SSDs' host memory buffers, how they react to bit flips and if they could hammer themself.
uASC'25, Bochum, Germany, February 19, 2025 -
KernelSnitch: Side-Channel Attacks on Kernel Data Structures
NDSS'25, San Diego, CA, USA, February 23–28, 2025 - 2024
-
Presshammer: Rowhammer and Rowpress without Physical Address Information
We compare Rowhammer and Rowpress on various DRAM modules and show the first end-to-end Rowpress exploit.
DIMVA'24, EPFL in Lausanne, Switzerland, July 17–19, 2024 -
SUIT: Secure Undervolting with Instruction Traps
We developed a system that allows securely undervolting CPUs by trapping faulting instructions.
-
SnailLoad: Remote Network Latency Measurements Leak User Activity
Exploiting bottlenecks present on all Internet connections we infer the current network activity on someone else's Internet connection
USENIX Security Symposium'24, Philadelphia, PA, USA, August 14–16, 2024 Website Github Video CVE-2024-39920 -
JavaSQUIP: Remote Scheduler Contention Attacks
We show the SQUIP side channel from JavaScript without a timer using a microarchitectural bingo race.
FC'24, Willemstad, Curaçao, March 4–8, 2024 -
IdleLeak: Exploiting Idle State Side Effects for Information Leakage
Using the tpause instruction to detect interrupts, we build a covert-channel and spy on user behavior.
NDSS'24, San Diego, CA, USA, February 26–March 1, 2024 - 2023
-
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer
With a MAC instead of ECC bits we are able to detect all data corruptions in DRAM and correct most.
-
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
By colliding victim with attacker controlled data in the CPU cache we can leak arbitrary data.
USENIX Security Symposium'23, Anaheim, CA, USA, August 9–11, 2023 Website GitHub CVE-2023-20583 -
PT-Guard: - Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks
We store a MAC in unused page table bits to detect and correct corruptions caused by Rowhammer.
IEEE IFIP DSN 2023, Porto, Portugal, June 27–30, 2023 -
SQUIP: Exploiting the Scheduler Queue Contention Side Channel
By measuring contention in AMD execution unit scheduler queues we can leak RSA keys.
S&P'23, San Francisco, California, USA, May 22–26, 2023 CVE-2021-46778 - 2022
-
Half-Double: Hammering From the Next Row Over
We show a new Rohammer method that exploits a mitigation and build a novel exploit for Chromebooks.
- 2021
-
Master’s Thesis: Rowhammer Exploits are still possible
Using half-double Rowhammer we develop a novel privilege escalation exploit targeting a Chromebook.
Graz University of Technology IAIK, September 21, 2021 - 2018
-
Another Flip in the Wall of Rowhammer Defenses
With a new Rowhammer method and from Intel SGX we show a completely undetectable exploit.
Talks — All Recordings
- 2025
-
Upcoming: Not So Secure TSC
ACNS'25, Munich, Germany, Juni 23–26, 2025 -
Upcoming: KernelSnitch: Leaking Kernel Heap Pointers by Exploiting Software-Induced Side-Channel Leakage of Kernel Hash Tables
black hat ASIA, Singapore, April 1–4, 2025 -
Secret Spilling Drive: Leaking User Behavior through SSD Contention
NDSS'25, San Diego, USA, February 26–28, 2025 -
An Analysis of HMB-based SSD Rowhammer
uASC'25, Bochum, Germany, February 19, 2025 - 2024
-
CPU Undervolting Hackathon at PEACHES
PEACHES'24, Schloss Dagstuhl, Germany, Aug 25–30, 2024 -
Presshammer: Rowhammer and Rowpress without Physical Address Information
DIMVA'24, EPFL in Lausanne, Switzerland, July 17–19, 2024 -
EDAMAME: Exploiting Drastically Absent Message Authentication for Meals at EPFL
DIMVA'24, EPFL in Lausanne, Switzerland, July 17–19, 2024 -
SUIT - Secure Undervolting with Instruction Traps
ASPLOS, San Diego, USA, April 27–May 1, 2024 -
Rowhammer - A Never Ending Story?
SpyCoDe Retreat at ISTA, Klosterneuburg, Austria, April 02, 2024 -
CPU Undervolting - Exploits and Potentials / SUIT
Research Seminar at TU Wien, Vienna, Austria, January 22, 2024 - 2023
- 2022
-
Half-Double: Hammering From the Next Row Over
CSAW'22 Applied Research Competition, Valence, France, November 11, 2022 -
CSI:Rowhammer - Können wir Computer gleichzeitig sicherer und effizienter machen?
IKT-SICHERHEITSKONFERENZ, Vienna, Austria, September 14–15, 2022
Reviewing
Reviewer for Usenix Security Artifact Evaluation: Distinguished reviewer award
Reviewer for Transactions on Dependable and Secure Computing
Sub-reviewer for NDSS Symposium
Sub-reviewer for Usenix Security
Sub-reviewer for CCS
Sub-reviewer for DRAMSec