Academic Publications | Fabian Thomas

2026

InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

RISCy Cache Coherence: Timer-Free Architectural Cache Attacks via Instruction/Data Cache Incoherence

TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities

2025

ExfilState: Automated Discovery of Timer-Free Cache Side Channels on ARM CPUs

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

ShadowLoad: Injecting State into Hardware Prefetchers

2023

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks