Academic Publications

ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

ShadowLoad: Injecting State into Hardware Prefetchers

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

Reviving Meltdown 3a

Hammulator: Simulate Now – Exploit Later