At #BHASIA 2020 this year: 1. The Evil Alt-Ego by Trishita Tiwari 👩‍💻 et al blackhat.com/asia-20/briefi… 2. Page Cache Attacks with Trishita Tiwari 👩‍💻 Michael Schwarz Erik Kraft blackhat.com/asia-20/briefi… 3. Complexity killed Security (Friday Keynote) by me blackhat.com/asia-20/briefi… [1/2]

4. Store-to-Leak Forwarding by Claudio Canella Lukas Giner Michael Schwarz blackhat.com/asia-20/briefi… 5. ZombieLoad by Michael Schwarz Moritz Lipp blackhat.com/asia-20/briefi… [2/2]

Claudio Canella & Lukas Giner & Michael Schwarz will present ‘Store-to-Leak Forwarding: There and Back Again’ at #BHASIA and outline a countermeasure that prevents all known microarchitectural KASLR breaks, including Store-to-leak, Fallout, and DrK. ow.ly/DGeA50Bv8gL

See #PLATYPUS in action: breaking kernel address space layout randomization within seconds by observing the CPU's power consumption with RAPL. platypusattack.com

Congrats Richard Fellner! This is the guy who implemented the original KAISER/KPTI patch! Very talented in many ways but also kind and patient person. Sadly he does not want to continue with academia but prefers industry. PS: I can get you in touch with him if you want ;)

With #VoltPillager, we show that Intel #SGX is vulnerable to low-cost hardware fault injection attacks - and that SGX cannot protect against an attacker with physical access (like malicious cloud provider). More details: zt-chen.github.io/voltpillager/ Flavio Garcia George Zitai Chen

It was an incredible experience to work on #PLATYPUS as my master's thesis, and then continue working on it in my PhD and seeing it accepted! Moritz Lipp David Oswald Michael Schwarz Cat Easdon Claudio Canella Daniel Gruss

Finished my habilitation (venia docendi). Thus, my official title is now "Ass.Prof. Priv.-Doz. Dipl.-Ing. Dr.techn. BSc" (the "Priv.-Doz." is new). The habilitation thesis is now public on my website: gruss.cc/files/habil.pdf

Hey #graz and #german-speaking followers! If you're thinking about what to study, I'm giving a short talk in German @ 17:30 today: tugraz.webex.com/tugraz-de/j.ph… Kleine Zeitung

Claudio Canella & Michael Schwarz propose a new approach for automatically generating seccomp filters for Linux applications, and show the effectiveness of their new approach in preventing real-world exploits with only minimal overhead in #BHASIA Briefing ow.ly/Sz4s50DrBVP

Claudio Canella & Michael Schwarz propose a new approach for automatically generating seccomp filters for Linux applications, and show the effectiveness of their new approach in preventing real-world exploits with only minimal overhead in #BHASIA Briefing ow.ly/91EX50DK2BU

Enter Sandbox | At this #BHASIA Briefing Claudio Canella & Michael Schwarz propose a new approach for automatically generating seccomp filters for Linux applications, & show the effectiveness of their new approach in preventing real-world exploits. Learn more: bit.ly/2NY08TR

Walter Lasecki assaulted me. He pinned me against a bar, he put his hand up my skirt and his fingers in my underwear. He grabbed and twisted. He leaned in and insisted that I sleep with him. “It could be innocent,” he said.

I am honored to announce that our (ahmad, hamed, Michael Schwarz, Christian Rossow (@[email protected])) work on automatic discovery of side channels was accepted at USENIX Security '21. We developed Osiris, a fuzzer searching for instructions that can be abused as microarchitectural timing side channels. (1/3)

I'm very proud of my student Daniel Weber who invested a lot of time to turn his (already great) bachelor thesis into a paper. Having a first-author USENIX Security paper is an exceptional start for a PhD! x.com/weber_daniel/s…

Delighted to announce that our paper 'Rapid Prototyping for Microarchitectural Attacks' has been accepted at USENIX Security'22 #usesec22! Preprint at cattius.com/images/rapid-p…. /cc Michael Schwarz @marv0x90 Daniel Gruss Dynatrace

Happy to announce my first paper has been accepted at USENIX 2022! Andreas Kogler, Claudio Canella , Michael Schwarz, Daniel Gruss and I have an in-depth look at the remaining attack surface presented by LVI-Null and propose a targeted (creative😉) mitigation for LVI fixed CPUs ginerlukas.com/publications/p…

We've open-sourced our mitigation, LVINullify, on github.com/lvi-nullify/LV… Big thanks to all my co-authors for their hard work!

Proud to announce that our work on automatically generating Linux seccomp filters won the Best Paper Award at CCSW. Thanks again to my colleagues Mario Werner, Daniel Gruss, and Michael Schwarz for their help.

#FocalPoint: University of Michigan administrators were made aware of alleged academic bullying from then-Computer Science and Engineering at Michigan professor Daniel Genkin. He was later hired by Georgia Tech. Our investigation into previously-undisclosed allegations of abusive behavior against Genkin: michigandaily.com/news/focal-poi…