Publications
To Appear
Anatoly Shusterman, Zohar Avraham, Eliezer Croitoru, Yarden Haskal, Lachlan Kang, Dvir Levi, Yosef Meltser, Prateek Mittal, Yossi Oren and Yuval Yarom, Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality, IEEE TDSC, To Appear.
Michelle Graham, Katrina Falkner, Claudia Szabo and Yuval Yarom, Security Architecture Framework for Enterprises, Enterprise Information Systems, To Appear.
2021
Monjur Alam, Baki Yilmaz, Frank Werner, Niels Samwel, Alenka Zajic, Daniel Genkin, Yuval Yarom and Milos Prvulovic, Nonce@Once: A Single-Trace EM Side Channel Attack on Several Constant-Time Elliptic Curve Implementations in Mobile Platforms, Euro S&P, Sep 2021.
Anatoly Shusterman, Ayush Agarwal, Sioli O'Connell, Daniel Genkin, Yossi Oren and Yuval Yarom, Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses, USENIX Security, Aug 2021.
Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin and Yuval Yarom, CacheOut: Leaking Data on Intel CPUs via Cache Evictions, IEEE SP, Virtual, May 2021.
Ileana Buhan, Lejla Batina, Yuval Yarom and Patrick Schaumont, SoK: Design Tools for Side-Channel-Aware Implementations, ePrint 2021/497, Apr 2021.
Madura A. Shelton, Niels Samwel, Lejla Batina, Francesco Regazzoni, Markus Wagner and Yuval Yarom, Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers, NDSS, Feb 2021.
Daniel Genkin and Yuval Yarom, Whack-a-Meltdown: Microarchitectural Security Games, IEEE S&P Magazine 19(1), pp. 95–98, Jan 2021.
2020
Andrew Feutrill, Matthew Roughan, Yuval Yarom and Joshua Ross, A Queueing Solution to Reduce Delay in Processing of Disclosed Vulnerabilities, TPS-ISA, pp. 1–11, Dec 2020.
Diego F. Aranha, Felipe Rodrigues Novaes, Akira Takahashi, Mehdi Tibouchi and Yuval Yarom, LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage, CCS, pp. 225–242, Nov 2020.
Zhi Zhang, Yueqiang Cheng, Dongxi Liu, Surya Nepal, Zhi Wang and Yuval Yarom, PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses, MICRO, pp. 28–41, Oct 2020.
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz and Yuval Yarom, Spectre Attacks: Exploiting Speculative Execution, Communications of the ACM 63(7), pp. 93–101, Jul 2020.
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg and Raoul Strackx, Meltdown: Reading Kernel Memory from User Space, Communications of the ACM 63(6), pp. 45–56, Jun 2020.
Shaanan Cohney, Andrew Kwong, Shachar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen and Yuval Yarom, Pseudorandom Black Swans: Cache Attacks on CTR_DRBG, IEEE SP, pp. 875–892, May 2020.
Andrew Kwong, Daniel Genkin, Daniel Gruss and Yuval Yarom, RAMBleed: Reading Bits in Memory Without Accessing Them, IEEE SP, pp. 310–326, May 2020.
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss and Frank Piessens, LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection, IEEE SP, pp. 1452–1470, May 2020.
Michelle McClintock, Katrina Falkner, Claudia Szabo and Yuval Yarom, Enterprise Security Architecture: Mythology or Methodology?, ICEIS, pp. 679–689, May 2020. Best student paper award.
2019
Daniel Genkin, Romain Poussier, Rui Qi Sim, Yuval Yarom and Yuanjing Zhao, Cache vs. Key-Dependency: Side Channeling an Implementation of Pilsung, TCHES 2020(1), pp. 231–255, Nov 2019.
Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck and Yuval Yarom, Fallout: Leaking Data on Meltdown-resistant CPUs, CCS, pp. 769–784, London, United Kingdom, Nov 2019.
Anatoly Shusterman, Lachlan Kang, Yarden Haskal, Yosef Meltser, Prateek Mittal, Yossi Oren and Yuval Yarom, Robust Website Fingerprinting Through the Cache Occupancy Channel, USENIX Security, pp. 639–656, Santa Clara, CA, USA, Aug 2019.
Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom, The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations, IEEE SP, pp. 966–983, San Francisco, CA, USA, May 2019.
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz and Yuval Yarom, Spectre Attacks: Exploiting Speculative Execution, IEEE SP, pp. 19–37, San Francisco, CA, USA, May 2019. Distinguished paper award and NSA Best Scientific Cybersecurity Paper.
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom and Raoul Strackx, Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow, IEEE Micro 39(3), pp. 66–74, May 2019.
Qian Ge, Yuval Yarom, Tom Chothia and Gernot Heiser, Time Protection: the Missing OS Abstraction, EuroSys, pp. 1:1–1:17, Dresden, Germany, Mar 2019. Best paper award.
2018
Andrew Feutrill, Dinesha Ranathunga, Yuval Yarom and Matthew Roughan, The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay, CANDAR, pp. 1–10, Hida Takayama, Japan, Nov 2018.
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom and Mike Hamburg, Meltdown: Reading Kernel Memory from User Space, USENIX Security, pp. 973–990, Baltimore, MD, USA, Aug 2018. NSA Best Scientific Cybersecurity Paper Honorable Mention.
Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom and Raoul Strackx, Foreshadow: Extracting the Keys to the IntelSGX Kingdom with Transient Out-of-Order Execution, USENIX Security, pp. 991–1008, Baltimore, MD, USA, Aug 2018. IEEE Micro Top Pick.
Qian Ge, Yuval Yarom and Gernot Heiser, No Security Without Time protection: We Need a New hardware Software Contract, APSys, Jeju Island, Korea, Aug 2018. Best paper award.
Daniel Genkin, Lev Pachmanov, Eran Tromer and Yuval Yarom, Drive-by Key-Extraction Cache Attacks from Portable Code, ACNS, pp. 83–102, Leuven, Belgium, Jul 2018.
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl and Yuval Yarom, Another Flip in the Wall of Rowhammer Defenses, IEEE SP, pp. 489–505, San Francisco, CA, USA, May 2018.
Fergus Dall, Gabrielle De Micheli, Thomas Eisenbarth, Daniel Genkin, Nadia Heninger, Ahmad Moghimi and Yuval Yarom, CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks, TCHES 2018(2), pp. 171–191, May 2018.
Qian Ge, Yuval Yarom, David Cock and Gernot Heiser, A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware, JCEN 8(1), pp. 1–27, Apr 2018.
2017
Daniel Genkin, Luke Valenta and Yuval Yarom, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, CCS, pp. 845–858, Dallas, TX, US, Oct 2017.
Peter Pessl, Leon Groot Bruinderink and Yuval Yarom, To BLISS-B or not to be — Attacking StrongSwan's Implementation of Post-Quantum Signatures, CCS, pp. 1843–1855, Dallas, TX, USA, Oct 2017.
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom, Sliding Right Into Disaster: Left-to-Right Sliding Windows Leak, CHES, pp. 555–576, Taipei, Taiwan, Sep 2017.
Yang Su, Daniel Genkin, Damith C. Ranasinghe and Yuval Yarom, USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs, USENIX Security, pp. 1145–1161, Vancouver, BC, Canada, Aug 2017.
Yuval Yarom, Daniel Genkin and Nadia Heninger, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, JCEN 7(2), pp. 99–112, Jun 2017.
Paul Grubbs, Thomas Ristenpart and Yuval Yarom, Modifying an Enciphering Scheme after Deployment, EuroCrypt, pp. 499–527, Paris, France, Apr 2017.
Mike J. Wilkinson, Claudia Szabo, Caroline S. Ford, Yuval Yarom, Adam E. Croxford, Amanda Camp and Paul Gooding, Replacing Sanger with Next Generation Sequencing to improve coverage and quality of reference DNA barcodes for plants, Scientific Reports 7(46040), Apr 2017.
2016
Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop van de Pol and Yuval Yarom, Amplifying Side Channels Through Performance Degradation, ACSAC, pp. 422–435, Los Angeles, CA, USA, Dec 2016.
César Pereida García, Billy Bob Brumley and Yuval Yarom, “Make Sure DSA Signing Exponentiations Really are Constant-Time”, CCS, pp. 1639–1650, Vienna, Austria, Oct 2016.
Daniel Genkin, Lev Pachmanov, Itamar Pipman, Eran Tromer and Yuval Yarom, ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels, CCS, pp. 1626–1638, Vienna, Austria, Oct 2016.
Yuval Yarom, Daniel Genkin and Nadia Heninger, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, CHES, pp. 346–367, Santa Barbabra, CA, US, Aug 2016.
Leon Groot Bruinderink, Andreas Hülsing, Tanja Lange and Yuval Yarom, Flush, Gauss, and Reload — A Cache Attack on the BLISS Lattice-Based Signature Scheme, CHES, pp. 323–345, Santa Barbabra, CA, USA, Aug 2016.
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser and Ruby B. Lee, CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing, HPCA, pp. 406–418, Barcelona, Spain, Mar 2016.
2015
Gefei Li, Yuval Yarom and Damith C. Ranasinghe, Exploiting Transformations of the Galois Configuration to Improve Guess-and-Determine Attacks on NFSRs, ePrint 2015/1045, Oct 2015.
Yuval Yarom, Qian Ge, Fangfei Liu, Ruby B. Lee and Gernot Heiser, Mapping the Intel Last-Level Cache, ePrint 2015/905, Sep 2015.
Yuval Yarom, Gefei Li and Damith C. Ranasinghe, Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher, ACNS, pp. 370–385, New York, NY, USA, Jun 2015.
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser and Ruby B. Lee, Last-Level Cache Side-Channel Attacks are Practical, IEEE SP, pp. 605–622, San Jose, CA, USA, May 2015.
Joop van de Pol, Nigel P. Smart and Yuval Yarom, Just a Little Bit More, CT-RSA, pp. 3–21, San Francisco, CA, USA, Apr 2015.
2014
Naomi Benger, Joop van de Pol, Nigel P. Smart and Yuval Yarom, “Ooh Aah ... Just a Little Bit”: A Small Amount of Side Channel can go a Long Way, CHES, pp. 73–92, Busan, Korea, Sep 2014.
Yuval Yarom and Katrina Falkner, Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack, USENIX Security, pp. 719–732, San Diego, CA, USA, Aug 2014.
Yuval Yarom and Naomi Benger, Recovering OpenSSL ECDSA Nonces Using the Flush+Reload Cache Side-channel Attack, ePrint 2014/140, Feb 2014.
2012
Yuval Yarom, Katrina Falkner and David S. Munro, S-RVM: a Secure Design for a High-Performance Java Virtual Machine, VMIL, Tuscon, AZ, USA, Oct 2012.
2008
Henry Detmold, Anton van den Hengel, Anthony Dick, Alex Cichowski, Rhys Hill, Ekim Kocadag, Yuval Yarom, Katrina Falkner and David S. Munro, Estimating Camera Overlap in Large and Growing Networks, ICDSC, pp. 1–10, Stanford University, CA, USA, Sep 2008.
1995
Amnon Barak, Oren Laden and Yuval Yarom, The NOW MOSIX and its Preemptive Process Migration Scheme, IEEE TCOS Bulletin 7(2), 1995.
1994
Danny Dolev, Dalia Malkhi and Yuval Yarom, Warm Backup Using Snooping, SDNE, pp. 60–65, Prague, Czech Republic, Jun 1994.