Publications
To Appear
, Website Fingerprinting Through the Cache Occupancy Channel and its Real World Practicality, IEEE TDSC, To Appear.
2020
, LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage, CCS, Nov 2020.
, PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses, MICRO, Oct 2020.
, Spectre Attacks: Exploiting Speculative Execution, Communications of the ACM 63(7), pp. 93–101, Jul 2020.
, Meltdown: Reading Kernel Memory from User Space, Communications of the ACM 63(6), pp. 45–56, Jun 2020.
, Pseudorandom Black Swans: Cache Attacks on CTR_DRBG, IEEE SP, pp. 875–892, May 2020.
, RAMBleed: Reading Bits in Memory Without Accessing Them, IEEE SP, pp. 310–326, May 2020.
, LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection, IEEE SP, pp. 1452–1470, May 2020.
, Enterprise Security Architecture: Mythology or Methodology?, ICEIS, pp. 679–689, May 2020. Best student paper award.
, CacheOut: Leaking Data on Intel CPUs via Cache Evictions, Online http://cacheoutattack.com, Jan 2020.
2019
, Rosita: Towards Automatic Elimination of Power-Analysis Leakage in Ciphers, ePrint 2019/1445, Dec 2019.
, Cache vs. Key-Dependency: Side Channeling an Implementation of Pilsung, TCHES 2020(1), pp. 231–255, Nov 2019.
, Fallout: Leaking Data on Meltdown-resistant CPUs, CCS, pp. 769–784, London, United Kingdom, Nov 2019.
, Robust Website Fingerprinting Through the Cache Occupancy Channel, USENIX Security, pp. 639–656, Santa Clara, CA, USA, Aug 2019.
, Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow, IEEE Micro 39(3), pp. 66–74, May 2019.
, The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations, IEEE SP, pp. 966–983, San Francisco, CA, USA, May 2019.
, Spectre Attacks: Exploiting Speculative Execution, IEEE SP, pp. 19–37, San Francisco, CA, USA, May 2019. Distinguished paper award.
, Time Protection: the Missing OS Abstraction, EuroSys, pp. 1:1–1:17, Dresden, Germany, Mar 2019. Best paper award.
2018
, The Effect of Common Vulnerability Scoring System Metrics on Vulnerability Exploit Delay, CANDAR, Hida Takayama, Japan, Nov 2018.
, Meltdown: Reading Kernel Memory from User Space, USENIX Security, pp. 973–990, Baltimore, MD, USA, Aug 2018.
, Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution, USENIX Security, pp. 991–1008, Baltimore, MD, USA, Aug 2018.
, No Security Without Time protection: We Need a New hardware Software Contract, APSys, Jeju Island, Korea, Aug 2018. Best paper award.
, Drive-by Key-Extraction Cache Attacks from Portable Code, ACNS, pp. 83–102, Leuven, Belgium, Jul 2018.
, CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks, TCHES 2018(2), pp. 171–191, May 2018.
, Another Flip in the Wall of Rowhammer Defenses, IEEE SP, pp. 489–505, San Francisco, CA, USA, May 2018.
, A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware, JCEN 8(1), pp. 1–27, Apr 2018.
2017
, May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519, CCS, pp. 845–858, Dallas, TX, US, Oct 2017.
, To BLISS-B or not to be — Attacking StrongSwan's Implementation of Post-Quantum Signatures, CCS, pp. 1843–1855, Dallas, TX, USA, Oct 2017.
, Sliding Right Into Disaster: Left-to-right sliding windows leak, CHES, pp. 555–576, Taipei, Taiwan, Sep 2017.
, USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs, USENIX Security, pp. 1145–1161, Vancouver, BC, Canada, Aug 2017.
, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, JCEN 7(2), pp. 99–112, Jun 2017.
, Modifying an Enciphering Scheme after Deployment, EuroCrypt, pp. 499–527, Paris, France, Apr 2017.
, Replacing Sanger with Next Generation Sequencing to improve coverage and quality of reference DNA barcodes for plants, Scientific Reports 7(46040), Apr 2017.
2016
, Amplifying Side Channels Through Performance Degradation, ACSAC, pp. 422–435, Los Angeles, CA, USA, Dec 2016.
, “Make Sure DSA Signing Exponentiations Really are Constant-Time”, CCS, pp. 1639–1650, Vienna, Austria, Oct 2016.
, ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels, CCS, pp. 1626–1638, Vienna, Austria, Oct 2016.
, CacheBleed: A Timing Attack on OpenSSL Constant Time RSA, CHES, pp. 346–367, Santa Barbabra, CA, US, Aug 2016.
, Flush, Gauss, and Reload — A Cache Attack on the BLISS Lattice-Based Signature Scheme, CHES, pp. 323–345, Santa Barbabra, CA, USA, Aug 2016.
, CATalyst: Defeating Last-Level Cache Side Channel Attacks in Cloud Computing, HPCA, pp. 406–418, Barcelona, Spain, Mar 2016.
2015
, Exploiting Transformations of the Galois Configuration to Improve Guess-and-Determine Attacks on NFSRs, ePrint 2015/1045, Oct 2015.
, Mapping the Intel Last-Level Cache, ePrint 2015/905, Sep 2015.
, Evaluation and Cryptanalysis of the Pandaka Lightweight Cipher, ACNS, pp. 370–385, New York, NY, USA, Jun 2015.
, Last-Level Cache Side-Channel Attacks are Practical, IEEE SP, pp. 605–622, San Jose, CA, USA, May 2015.
, Just a Little Bit More, CT-RSA, pp. 3–21, San Francisco, CA, USA, Apr 2015.
2014
, “Ooh Aah ... Just a Little Bit”: A small amount of side channel can go a long way, CHES, pp. 73–92, Busan, Korea, Sep 2014.
, Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack, USENIX Security, pp. 719–732, San Diego, CA, USA, Aug 2014.
, Recovering OpenSSL ECDSA Nonces Using the Flush+Reload Cache Side-channel Attack, ePrint 2014/140, Feb 2014.
2012
, S-RVM: a Secure Design for a High-Performance Java Virtual Machine, VMIL, Tuscon, AZ, USA, Oct 2012.
2008
, Estimating Camera Overlap in Large and Growing Networks, ICDSC, pp. 1–10, Stanford University, CA, USA, Sep 2008.
1995
, The NOW MOSIX and its Preemptive Process Migration Scheme, IEEE TCOS Bulletin 7(2), 1995.
1994
, Warm Backup Using Snooping, SDNE, pp. 60–65, Prague, Czech Republic, Jun 1994.