Publications
- 2024
-
Presshammer: Rowhammer and Rowpress without Physical Address Information
We compare Rowhammer and Rowpress on various DRAM modules and show the first end-to-end Rowpress exploit.
DIMVA'24, EPFL in Lausanne, Switzerland, July 17 - 19, 2024 -
SUIT: Secure Undervolting with Instruction Traps
We developed a system that allows securely undervolting CPUs by trapping faulting instructions.
ASPLOS'24, San Diego, CA, USA, April 27 - May 1, 2024 Artifacts -
JavaSQUIP: Remote Scheduler Contention Attacks
We show the SQUIP side channel from JavaScript without a timer using a microarchitectural bingo race.
FC'24, Willemstad, Curaçao, March 4-8, 2024 -
IdleLeak: Exploiting Idle State Side Effects for Information Leakage
Using the tpause instruction to detect interrupts, we build a covert-channel and spy on user behavior.
NDSS'24, San Diego, CA, USA, February 26 - March 1, 2024 - 2023
-
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer
With a MAC instead of ECC bits we are able to detect all data corruptions in DRAM and correct most.
-
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
By colliding victim with attacker controlled data in the CPU cache we can leak arbitrary data.
-
PT-Guard: - Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks
We store a MAC in unused page table bits to detect and correct corruptions caused by Rowhammer.
IEEE IFIP DSN 2023, Porto, Portugal, June 27–30, 2023 -
SQUIP: Exploiting the Scheduler Queue Contention Side Channel
By measuring contention in AMD execution unit scheduler queues we can leak RSA keys.
S&P'23, San Francisco, California, USA, May 22–26, 2023 - 2022
-
Half-Double: Hammering From the Next Row Over
We show a new Rohammer method that exploits a mitigation and build a novel exploit for Chromebooks.
- 2021
-
Master’s Thesis: Rowhammer Exploits are still possible
Using half-double Rowhammer we develop a novel privilege escalation exploit targeting a Chromebook.
Graz University of Technology IAIK, September 21, 2021 - 2018
-
Another Flip in the Wall of Rowhammer Defenses
With a new Rowhammer method and from Intel SGX we show a completely undetectable exploit.
Talks
- 2024
-
Coming up: SUIT - Secure Undervolting with Instruction Traps
ASPLOS, San Diego, USA, April 27-May 1, 2024 -
Rowhammer - A Never Ending Story?
SpyCoDe Retreat at ISTA, Klosterneuburg, Austria, April 02, 2024 -
CPU Undervolting - Exploits and Potentials / SUIT
Research Seminar at TU Wien, Vienna, Austria, January 22, 2024 - 2023
- Savannah, GA
- 2022
-
Half-Double: Hammering From the Next Row Over
CSAW'22 Applied Research Competition, Valence, France, November 11, 2022 -
CSI:Rowhammer - Können wir Computer gleichzeitig sicherer und effizienter machen?
IKT-SICHERHEITSKONFERENZ, Vienna, Austria, September 14-15, 2022