🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by Mathé Hertogh Sander Wiebing Cristiano Giuffrida: vusec.net/projects/slam

New paper with Pietro Borrello Daniele Cono D'Elia Davide Balzarotti Leonardo Querzoni Cristiano Giuffrida! "Predictive Context-sensitive Fuzzing" introduces compile time context sensitivity to fuzzing w/ selective prioritization using dataflow diversity. Will appear at NDSS24, get it at download.vusec.net/papers/pcsfuzz…

Excited to announce the CfP for #EuroSec2024 — please submit your finest ideas! Deadline: February 14, 2024. #EuroSecWorkshop #Eurosys2024 secopera.eu/eurosec-2024/

Do you have any interesting work in progress in systems security? Negative results? Cool student projects? EuroSec is the perfect place to present it, and offers an excuse to visit Athens and attend EuroSys. Deadline February 14. secopera.eu/eurosec-2024/

How do synchronization primitives work during speculative execution? THEY DON'T! Disclosing #GhostRace (paper USENIX Security). We turn all arch. race-free critical regions of OS/Hypervisors into Speculative Race Conditions. Joint work VUSec IBM Research: vusec.net/projects/ghost…

Branch History Injection (BHI) is back! Disclosing Native BHI, bypassing deployed Spectre-v2/BHI mitigations (e.g., eBPF=off) to leak arbitrary kernel/host memory (e.g., root password hash below). Joint work by Sander Wiebing alvise Herbert Bos Cristiano Giuffrida: vusec.net/projects/nativ…

Do you love low-level systems hacking? And would you like to work at a top systems security research group in Amsterdam? At VUSec, we have a number of PhD and PostDoc positions available: workingat.vu.nl/vacancies/phd-…

Our SafeFetch paper USENIX Security is online! Thanks to an optimized in-kernel cache, SafeFetch provides comprehensive protection against double-fetch bugs at a fraction of the cost of prior solutions. Joint work by Duta Victor, Mitchel, Cristiano Giuffrida: download.vusec.net/papers/safefet…

Today at #SP24, Floris Gorter presents Sticky Tags. We uncover performance/security issues in prior ARM MTE schemes based on random tagging (+ a new speculative oracle) and show how to address them with a new deterministic MTE scheme for spatial memory safety: download.vusec.net/papers/stickyt…

For the first time, 2 Association for Computing Machinery flagship conferences in computer systems are colocated in Europe: Rotterdam🎒🚲🌷 ACM ASPLOS'25: asplos-conference.org/asplos-2025-ca… ACM EuroSys'25: 2025.eurosys.org TU Delft UGent Vrije Universiteit Amsterdam (inactief) ACM SIGOPS SIGARCH @sigplan EuroSys 2025

Congratulations to studsec for becoming the first the first Student CyberSecurity Association registered in the Netherlands! And happy to see so many members doing well in our Computer Security Master! linkedin.com/posts/vustudse…

Groetjes uit Rotterdam! The kickoff of the joint #ASPLOS25 / #EuroSys25 conference is less than a day away! Feeling excited? Have you begun your trip yet? If you are already here, did you visit the banks of Nieuwe Maas river? Or catch up with the famous Rotterdam Gnome?

Feeling overwhelmed with everything happening around #ASPLOS25 / #EuroSys25? We've got you covered! For quick access to all vital conference links, bookmark our Linktree page: linktr.ee/EuroSysConf

After two days packed with workshops and tutorials, it's time for the main attraction! The registration desk for #ASPLOS25 / #EuroSys25 is open and ready to welcome you!

It will be a busy first day morning here at #ASPLOS25 / #EuroSys25! We start with a joint plenary session at 9:00am. Following, we have two keynotes by Martin Maas (Google DeepMind) and Gernot Heiser (Univ. of New South Wales), plus our joint awards ceremony.

Looking for the full schedule / conference proceedings / social media links for #ASPLOS25 / #EuroSys25? Everything is here: linktr.ee/EuroSysConf

With #EuroSys25 and #ASPLOS25 now concluded, it's time to bid you farewell! For us, the last 3 days have been intense, but incredibly fulfilling at the same time. We hope you enjoyed the conferences as much as we did.

As #EuroSys25, we would also like to extend our gratitude to our co-organizers at #ASPLOS25. With record attendance of >1100 researchers, our common endeavour has been a massive success, and a point of reference for the future. Looking forward to our next joint event! 🤝🙌💪

[1/3] Turns out those old MDS gadgets have new life... In our latest paper at IEEE S&P , we show how attackers can construct PRELOAD+TIME, a new cache side-channel which takes advantage of these 'half-Spectre' gadgets.

Spectre v2 is back again! Disclosing "Training Solo": 3 new self-training attack classes, 2 end-to-end exploits, and 2 new hardware issues that break domain isolation even when implemented perfectly. Joint work by Sander Wiebing Cristiano Giuffrida: vusec.net/projects/train…