Jonas Juffinger

Publications

2025
Not So Secure TSC

We show that AMD's SecureTSC feature can be used for co-location detection.

Jonas Juffinger, Sudheendra Raghav Neela, Daniel Gruss

ACNS'25, Munich, Germany, June 23-26, 2025
Secret Spilling Drive: Leaking User Behavior through SSD Contention

We show that a contention caused timing side-channel can leak websites visited by a victim with high accuracy.

Jonas Juffinger, Fabian Rauscher, Giuseppe La Manna, Daniel Gruss

NDSS'25, San Diego, CA, USA, February 23 - 28, 2025
KernelSnitch: Side-Channel Attacks on Kernel Data Structures

Lukas Maar, Jonas Juffinger, Thomas Steinbauer, Daniel Gruss, Stefan Mangard

NDSS'25, San Diego, CA, USA, February 23 - 28, 2025
2024
Presshammer: Rowhammer and Rowpress without Physical Address Information

We compare Rowhammer and Rowpress on various DRAM modules and show the first end-to-end Rowpress exploit.

Jonas Juffinger, Sudheendra Raghav Neela, Martin Heckel, Lukas Schwarz, Florian Adamsky, Daniel Gruss

DIMVA'24, EPFL in Lausanne, Switzerland, July 17 - 19, 2024
SUIT: Secure Undervolting with Instruction Traps

We developed a system that allows securely undervolting CPUs by trapping faulting instructions.

Jonas Juffinger, Stepan Kalinin, Daniel Gruss, Frank Mueller

ASPLOS'24, San Diego, CA, USA, April 27 - May 1, 2024 Artifacts Slides Recording
SnailLoad: Remote Network Latency Measurements Leak User Activity

Exploiting bottlenecks present on all Internet connections we infer the current network activity on someone else's Internet connection

Stefan Gast, Roland Czerny, Jonas Juffinger, Fabian Rauscher, Simone Franza, Daniel Gruss

USENIX Security Symposium'24, Philadelphia, PA, USA, August 14–16, 2024 Website Github Video CVE-2024-39920
JavaSQUIP: Remote Scheduler Contention Attacks

We show the SQUIP side channel from JavaScript without a timer using a microarchitectural bingo race.

Stefan Gast, Jonas Juffinger, Lukas Maar, Christoph Royer, Andreas Kogler Daniel Gruss

FC'24, Willemstad, Curaçao, March 4-8, 2024
IdleLeak: Exploiting Idle State Side Effects for Information Leakage

Using the tpause instruction to detect interrupts, we build a covert-channel and spy on user behavior.

Fabian Rauscher, Andreas Kogler, Jonas Juffinger, Daniel Gruss

NDSS'24, San Diego, CA, USA, February 26 - March 1, 2024
2023
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

With a MAC instead of ECC bits we are able to detect all data corruptions in DRAM and correct most.

Jonas Juffinger, Lukas Lamster, Andreas Kogler, Maria Eichlseder, Moritz Lipp, Daniel Gruss

S&P'23, San Francisco, California, USA, May 22–26, 2023 GitHub Trailer Recording Slides
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

By colliding victim with attacker controlled data in the CPU cache we can leak arbitrary data.

Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard

USENIX Security Symposium'23, Anaheim, CA, USA, August 9–11, 2023 Website GitHub CVE-2023-20583
PT-Guard: - Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks

We store a MAC in unused page table bits to detect and correct corruptions caused by Rowhammer.

Anish Saxena, Gururaj Saileshwar, Jonas Juffinger, Andreas Kogler, Daniel Gruss, Moinuddin Qureshi

IEEE IFIP DSN 2023, Porto, Portugal, June 27–30, 2023
SQUIP: Exploiting the Scheduler Queue Contention Side Channel

By measuring contention in AMD execution unit scheduler queues we can leak RSA keys.

Stefan Gast, Jonas Juffinger, Martin Schwarzl, Gururaj Saileshwar, Andreas Kogler, Simone Franza, Markus Köstl, Daniel Gruss

S&P'23, San Francisco, California, USA, May 22–26, 2023 CVE-2021-46778
2022
Half-Double: Hammering From the Next Row Over

We show a new Rohammer method that exploits a mitigation and build a novel exploit for Chromebooks.

Andreas Kogler, Jonas Juffinger, Salman Qazi, Yoongu Kim, Moritz Lipp, Nicolas Boichat, Eric Shiu, Mattias Nissler, Daniel Gruss

31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022 GitHub Recording Slides
2021
Master’s Thesis: Rowhammer Exploits are still possible

Using half-double Rowhammer we develop a novel privilege escalation exploit targeting a Chromebook.

Jonas Juffinger, Advisor: Daniel Gruss

Graz University of Technology IAIK, September 21, 2021
2018
Another Flip in the Wall of Rowhammer Defenses

With a new Rowhammer method and from Intel SGX we show a completely undetectable exploit.

Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom

S&P'18, San Francisco, California, USA, May 21–23, 2018

GitHub Recording

Talks — All Recordings

2025
Upcoming: Secret Spilling Drive: Leaking User Behavior through SSD Contention

Jonas Juffinger

NDSS'25, San Diego, USA, February 26 - 28, 2025
2024
Looking Back at 10 Years of Rowhammer Exploits

Jonas Juffinger, Andreas Kogler

hardwear.io, Amsterdam, Netherlands, Oktober 24 - 25, 2024

Slides Website
SUIT: Secure Undervolting with Instruction Traps

Daniel Gruss, Jonas Juffinger

RSTCON, Savannah, GA, USA, September 13 - 15, 2024

Slides Website
CPU Undervolting Hackathon at PEACHES

Jonas Juffinger

PEACHES'24, Schloss Dagstuhl, Germany, Aug 25 - 30, 2024
Presshammer: Rowhammer and Rowpress without Physical Address Information

Jonas Juffinger

DIMVA'24, EPFL in Lausanne, Switzerland, July 17 - 19, 2024

Slides
EDAMAME: Exploiting Drastically Absent Message Authentication for Meals at EPFL

Jonas Juffinger

DIMVA'24, EPFL in Lausanne, Switzerland, July 17 - 19, 2024

Slides
Exploiting RowPress and RowHammer and How To Defend Against It

Jonas Juffinger

SAFARI Live Seminar, ETH Zürich, Switzerland, July 16, 2024

Recording Slides Website
SUIT - Secure Undervolting with Instruction Traps

Jonas Juffinger, Stepan Kalinin

ASPLOS, San Diego, USA, April 27-May 1, 2024

Slides Lightning Talk Recording
Rowhammer - A Never Ending Story?

Jonas Juffinger

SpyCoDe Retreat at ISTA, Klosterneuburg, Austria, April 02, 2024

Slides
CPU Undervolting - Exploits and Potentials / SUIT

Jonas Juffinger

Research Seminar at TU Wien, Vienna, Austria, January 22, 2024

Slides
2023
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

Jonas Juffinger

hardwear.io, The Hague, Netherlands, November 2-3, 2023

Recording Slides Website
CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

Jonas Juffinger

S&P'23, San Francisco, California, USA, May 23, 2023

Recording Slides
2022
CSI:Rowhammer: Closing the Case of Half-Double and Beyond

Andreas Kogler, Jonas Juffinger

black hat Europe, London, United Kingdom, December 07, 2022

Recording Slides Website
Half-Double: Hammering From the Next Row Over

Jonas Juffinger

CSAW'22 Applied Research Competition, Valence, France, November 11, 2022
CSI:Rowhammer - Können wir Computer gleichzeitig sicherer und effizienter machen?

Daniel Gruss, Jonas Juffinger

IKT-SICHERHEITSKONFERENZ, Vienna, Austria, September 14-15, 2022
Half-Double: Hammering From the Next Row Over

Andreas Kogler, Jonas Juffinger

31st USENIX Security Symposium, Boston, MA, USA, August 10-12, 2022

Recording Slides Website

Reviewing

Reviewer for Usenix Security Artifact Evaluation: Distinguished reviewer award
Reviewer for Transactions on Dependable and Secure Computing
Sub-reviewer for NDSS Symposium
Sub-reviewer for Usenix Security
Sub-reviewer for CCS
Sub-reviewer for DRAMSec

Publications

Not So Secure TSC

Secret Spilling Drive: Leaking User Behavior through SSD Contention

KernelSnitch: Side-Channel Attacks on Kernel Data Structures

Presshammer: Rowhammer and Rowpress without Physical Address Information

SUIT: Secure Undervolting with Instruction Traps

SnailLoad: Remote Network Latency Measurements Leak User Activity

JavaSQUIP: Remote Scheduler Contention Attacks

IdleLeak: Exploiting Idle State Side Effects for Information Leakage

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

PT-Guard: - Protected Page Tables to Defend Against Breakthrough Rowhammer Attacks

SQUIP: Exploiting the Scheduler Queue Contention Side Channel

Half-Double: Hammering From the Next Row Over

Master’s Thesis: Rowhammer Exploits are still possible

Another Flip in the Wall of Rowhammer Defenses

Talks — All Recordings

Upcoming: Secret Spilling Drive: Leaking User Behavior through SSD Contention

Looking Back at 10 Years of Rowhammer Exploits

SUIT: Secure Undervolting with Instruction Traps

CPU Undervolting Hackathon at PEACHES

Presshammer: Rowhammer and Rowpress without Physical Address Information

EDAMAME: Exploiting Drastically Absent Message Authentication for Meals at EPFL

Exploiting RowPress and RowHammer and How To Defend Against It

SUIT - Secure Undervolting with Instruction Traps

Rowhammer - A Never Ending Story?

CPU Undervolting - Exploits and Potentials / SUIT

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer

CSI:Rowhammer: Closing the Case of Half-Double and Beyond

Half-Double: Hammering From the Next Row Over

CSI:Rowhammer - Können wir Computer gleichzeitig sicherer und effizienter machen?

Half-Double: Hammering From the Next Row Over

Reviewing

Reviewer for Usenix Security Artifact Evaluation: Distinguished reviewer award

Reviewer for Transactions on Dependable and Secure Computing

Sub-reviewer for NDSS Symposium

Sub-reviewer for Usenix Security

Sub-reviewer for CCS

Sub-reviewer for DRAMSec