BibBase razavi, k

2025 (9)

McSee: Evaluating Advanced Rowhammer Attacks and Defenses via Automated DRAM Traffic Analysis. Jattke, P., Marazzi, M., Solt, F., Wipfli, M., Gloor, S., & Razavi, K. In USENIX Security, August 2025.

McSee: Evaluating Advanced Rowhammer Attacks and Defenses via Automated DRAM Traffic Analysis [pdf]

Paper

McSee: Evaluating Advanced Rowhammer Attacks and Defenses via Automated DRAM Traffic Analysis [link]

URL link bibtex 38 downloads

@inproceedings{jattke_mcsee_2025,
	title = {{McSee: Evaluating Advanced Rowhammer Attacks and Defenses via Automated DRAM Traffic Analysis}},
	url = {Paper=https://comsec-files.ethz.ch/papers/mcsee_sec25.pdf URL=https://comsec.ethz.ch/mcsee},
	booktitle = {{USENIX Security}},
	author = {Jattke, Patrick and Marazzi, Michele and Solt, Flavien and Wipfli, Max and Gloor, Stefan and Razavi, Kaveh},
	month = aug,
	year = {2025},
	keywords = {dir\_dram, type\_tier1}
}

Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions. Rüegge, S., Wikner, J., & Razavi, K. In USENIX Security, August 2025. Intel Bounty Reward, BlackHat USA

Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions [pdf]

Paper

Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions [link]

URL link bibtex 194 downloads

@inproceedings{rueegge_bprc_2025,
	title = {{Branch Privilege Injection: Compromising Spectre v2 Hardware Mitigations by Exploiting Branch Predictor Race Conditions}},
	url = {Paper=https://comsec-files.ethz.ch/papers/bprc_sec25.pdf URL=https://comsec.ethz.ch/bprc},
	booktitle = {{USENIX Security}},
	note = {Intel Bounty Reward, BlackHat USA},
	author = {Rüegge, Sandro and Wikner, Johannes and Razavi, Kaveh},
	month = aug,
	year = {2025},
	keywords = {dir\_microarch, proj\_promise, type\_tier1}
}

Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection. Bölcskei, M., Solt, F., Ceesay-Seitz, K., & Razavi, K. In USENIX Security, August 2025. ETH medal

Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection [pdf]

Paper

Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection [link]

URL link bibtex 310 downloads

@inproceedings{boelcskei_encarsia_2025,
	title = {{Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection}},
	url = {Paper=https://comsec-files.ethz.ch/papers/encarsia_sec25.pdf URL=https://comsec.ethz.ch/encarsia},
	booktitle = {{USENIX Security}},
	note = {ETH medal},
	author = {Bölcskei, Matej and Solt, Flavien and Ceesay-Seitz, Katharina and Razavi, Kaveh},
	month = aug,
	year = {2025},
	keywords = {dir\_designsec, proj\_promise, type\_tier1}
}

Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands. de Ridder, F., Jattke, P., & Razavi, K. In USENIX Security, August 2025.

Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands [pdf]

Paper

Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands [link]

URL link bibtex 193 downloads

@inproceedings{deridder_posthammer_2025,
	title = {{Posthammer: Pervasive Browser-based Rowhammer Attacks with Postponed Refresh Commands}},
	url = {Paper=https://comsec-files.ethz.ch/papers/posthammer_sec25.pdf URL=https://comsec.ethz.ch/posthammer},
	booktitle = {{USENIX Security}},
	author = {de Ridder, Finn and Jattke, Patrick and Razavi, Kaveh},
	month = aug,
	year = {2025},
	keywords = {dir\_dram, proj\_efcl, type\_tier1}
}

Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz. Solt, F., & Razavi, K. In USENIX Security, August 2025.

Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz [pdf]

Paper

Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz [link]

URL link bibtex 253 downloads

@inproceedings{solt_mirtl_2025,
	title = {{Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz}},
	url = {Paper=https://comsec-files.ethz.ch/papers/mirtl_sec25.pdf URL=https://comsec.ethz.ch/mirtl},
	booktitle = {{USENIX Security}},
	author = {Solt, Flavien and Razavi, Kaveh},
	month = aug,
	year = {2025},
	keywords = {dir\_designsec, proj\_promise, type\_tier1}
}

Rubicon: Precise Microarchitectural Attacks with Page-Granular Massaging. Bölcskei, M., Jattke, P., Wikner, J., & Razavi, K. In EuroS&P, July 2025.

Rubicon: Precise Microarchitectural Attacks with Page-Granular Massaging [pdf]

Paper

Rubicon: Precise Microarchitectural Attacks with Page-Granular Massaging [link]

URL link bibtex 165 downloads

@inproceedings{boelcskei_rubicon_2025,
	title = {{Rubicon: Precise Microarchitectural Attacks with Page-Granular Massaging}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/rubicon_eurosp25.pdf URL=https://comsec.ethz.ch/rubicon},
	booktitle = {{EuroS\&P}},
	author = {Bölcskei, Matej and Jattke, Patrick and Wikner, Johannes and Razavi, Kaveh},
	month = jul,
	year = {2025},
	keywords = {dir\_os, dir\_dram, type\_conf}
}

Softhammer: Exploiting Rowhammer Bit Flips without Crashing. de Ridder, F., Jattke, P., & Razavi, K. In DRAMSec, June 2025.

Softhammer: Exploiting Rowhammer Bit Flips without Crashing [pdf]

Paper link bibtex 1 download

@inproceedings{deridder_softhammer_2025,
	title = {{Softhammer: Exploiting Rowhammer Bit Flips without Crashing}},
	url = {Paper=https://comsec-files.ethz.ch/papers/softhammer_dramsec25.pdf},
	booktitle = {{DRAMSec}},
	author = {de Ridder, Finn and Jattke, Patrick and Razavi, Kaveh},
	month = jun,
	year = {2025},
	keywords = {dir\_dram, type\_workshop}
}

Breaking the Barrier: Post-Barrier Spectre Attacks. Wikner, J., & Razavi, K. In S&P, May 2025. Distinguished Paper Award, Google VRP Patch Rewards Program

Breaking the Barrier: Post-Barrier Spectre Attacks [pdf]

Paper

Breaking the Barrier: Post-Barrier Spectre Attacks [link]

URL link bibtex 253 downloads

@inproceedings{wikner_ibpb_2025,
	title = {{Breaking the Barrier: Post-Barrier Spectre Attacks}},
	url = {Paper=https://comsec-files.ethz.ch/papers/ibpb_sp25.pdf URL=https://comsec.ethz.ch/breaking-the-barrier},
	booktitle = {{S\&P}},
	note = {Distinguished Paper Award, Google VRP Patch Rewards Program},
    author = {Wikner, Johannes and Razavi, Kaveh},
	month = may,
	year = {2025},
	keywords = {dir\_microarch, proj\_promise, type\_conf, type\_tier1}
}

REFault: A Fault Injection Platform for Rowhammer Research on DDR5 Memory. Gloor, S., Jattke, P., & Razavi, K. In uASC, February 2025. Best Paper Award

REFault: A Fault Injection Platform for Rowhammer Research on DDR5 Memory [pdf]

Paper link bibtex 45 downloads

@inproceedings{gloor_refault_2025,
	title = {{REFault: A Fault Injection Platform for Rowhammer Research on DDR5 Memory}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/refault_uasc25.pdf},
	booktitle = {{uASC}},
	note = {Best Paper Award},
	author = {Gloor, Stefan and Jattke, Patrick and Razavi, Kaveh},
	month = feb,
	year = {2025},
	keywords = {dir\_dram, type\_conf}
}

2024 (8)

𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity. Ceesay-Seitz, K., Solt, F., & Razavi, K. In CCS, October 2024.

𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity [pdf]

Paper

𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity [link]

URL link bibtex 185 downloads

@inproceedings{ceesay-seitz_ucfi_2024,
	title = {{𝜇CFI: Formal Verification of Microarchitectural Control-flow Integrity}},
	url = {Paper=https://comsec-files.ethz.ch/papers/mucfi_ccs24.pdf URL=https://comsec.ethz.ch/mucfi},
	booktitle = {{CCS}},
	author = {Ceesay-Seitz, Katharina and Solt, Flavien and Razavi, Kaveh},
	month = oct,
	year = {2024},
	keywords = {dir\_designsec, proj\_promise, type\_tier1}
}

HybriDIFT: Scalable Memory-Aware Dynamic Information Flow Tracking for Hardware. Solt, F., & Razavi, K. In ICCAD, October 2024.

HybriDIFT: Scalable Memory-Aware Dynamic Information Flow Tracking for Hardware [pdf]

Paper

HybriDIFT: Scalable Memory-Aware Dynamic Information Flow Tracking for Hardware [link]

URL link bibtex 74 downloads

@inproceedings{solt_hybridift_2024,
    title={{HybriDIFT: Scalable Memory-Aware Dynamic Information Flow Tracking for Hardware}},
	url = {Paper=https://comsec-files.ethz.ch/papers/hybridift_iccad24.pdf URL=https://comsec.ethz.ch/hybridift},
    author={Solt, Flavien and Razavi, Kaveh},
    booktitle={{ICCAD}},
    month = oct,
    year={2024},
    keywords = {dir\_designsec, proj\_promise, type\_tier1}
}

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms. Jattke, P., Wipfli, M., Solt, F., Marazzi, M., Bölcskei, M., & Razavi, K. In USENIX Security, August 2024. Award for the best BSc thesis

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms [pdf]

Paper

ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms [link]

URL link bibtex 209 downloads

@inproceedings{jattke_zenhammer_2024,
	title = {{ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/zenhammer_sec24.pdf URL=https://comsec.ethz.ch/zenhammer},
	booktitle = {{USENIX Security}},
	note = {Award for the best BSc thesis},
	author = {Jattke, Patrick and Wipfli, Max and Solt, Flavien and Marazzi, Michele and Bölcskei, Matej and Razavi, Kaveh},
	month = aug,
	year = {2024},
	keywords = {dir\_dram, proj\_promise, proj\_nccr, type\_conf, type\_tier1}
}

Cascade: CPU Fuzzing via Intricate Program Generation. Solt, F., Ceesay-Seitz, K., & Razavi, K. In USENIX Security, August 2024.

Cascade: CPU Fuzzing via Intricate Program Generation [pdf]

Paper

Cascade: CPU Fuzzing via Intricate Program Generation [link]

URL link bibtex 404 downloads

@inproceedings{solt_cascade_2024,
	title = {{Cascade: CPU Fuzzing via Intricate Program Generation}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/cascade_sec24.pdf URL=https://comsec.ethz.ch/cascade},
	booktitle = {{USENIX Security}},
	author = {Solt, Flavien and Ceesay-Seitz, Katharina and Razavi, Kaveh},
	month = aug,
	year = {2024},
	keywords = {dir\_designsec, proj\_lastbug, proj\_promise, type\_tier1}
}

SpyHammer: Understanding and Exploiting RowHammer Under Fine-Grained Temperature Variations. Orosa, L., Rührmair, U., Giray Yağlikçi, A., Luo, H., Olgun, A., Jattke, P., Patel, M., Kim, J. S., Razavi, K., & Mutlu, O. IEEE Access. 2024.

SpyHammer: Understanding and Exploiting RowHammer Under Fine-Grained Temperature Variations [pdf]

Paper link bibtex 32 downloads

@article{orosa_spyhammer,
  author={Orosa, Lois and Rührmair, Ulrich and Giray Yağlikçi, A. and Luo, Haocong and Olgun, Ataberk and Jattke, Patrick and Patel, Minesh and Kim, Jeremie S. and Razavi, Kaveh and Mutlu, Onur},
  journal={IEEE Access}, 
  title={{SpyHammer: Understanding and Exploiting RowHammer Under Fine-Grained Temperature Variations}}, 
  url = {Paper=https://comsec-files.ethz.ch/papers/spyhammer_access24.pdf},
  year={2024},
  keywords={dir\_dram},
}

PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location. Marazzi, M., Jattke, P., Zibung, J., & Razavi, K. In DIMVA, July 2024.

PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location [pdf]

Paper

PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location [link]

URL link bibtex 78 downloads

@inproceedings{marazzi_payride_2024,
	title = {{PayRide: Secure Transport e-Ticketing with Untrusted Smartphone Location}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/payride_dimva24.pdf URL=https://comsec.ethz.ch/freeride},
	booktitle = {{DIMVA}},
	author = {Marazzi, Michele and Jattke, Patrick and Zibung, Jason and Razavi, Kaveh},
	month = jul,
	year = {2024},
	keywords = {dir\_os, proj\_promise, proj\_nccr, type\_conf}
}

HiFi-DRAM: Enabling High-fidelity DRAM Research by Uncovering Sense Amplifiers with IC Imaging. Marazzi, M., Sachsenweger, T., Solt, F., Zeng, P., Takashi, K., Yarema, M., & Razavi, K. In ISCA, July 2024. Nominated for the Best Paper Award

HiFi-DRAM: Enabling High-fidelity DRAM Research by Uncovering Sense Amplifiers with IC Imaging [pdf]

Paper

HiFi-DRAM: Enabling High-fidelity DRAM Research by Uncovering Sense Amplifiers with IC Imaging [link]

URL link bibtex 100 downloads

@inproceedings{marazzi_hifidram_2024,
	title = {{HiFi-DRAM: Enabling High-fidelity DRAM Research by Uncovering Sense Amplifiers with IC Imaging}}, 
	url = {Paper=https://comsec-files.ethz.ch/papers/hifidram_isca24.pdf URL=https://comsec.ethz.ch/hifi-dram},
	booktitle = {{ISCA}},
	note = {Nominated for the Best Paper Award},
    author = {Marazzi, Michele and Sachsenweger, Tristan and Solt, Flavien and Zeng, Peng and Takashi, Kubo and Yarema, Maksym and Razavi, Kaveh},
	month = jul,
	year = {2024},
	keywords = {dir\_dram, proj\_promise, proj\_nccr, type\_conf, type\_tier1}
}

RISC-H: Rowhammer Attacks on RISC-V. Marazzi, M., & Razavi, K. In DRAMSec, June 2024.

RISC-H: Rowhammer Attacks on RISC-V [pdf]

Paper link bibtex 21 downloads

@inproceedings{marazzi_risch_2024,
	title = {{RISC-H: Rowhammer Attacks on RISC-V}},
	url = {Paper=https://comsec-files.ethz.ch/papers/risc-h_dramsec24.pdf},
	booktitle = {{DRAMSec}},
	author = {Marazzi, Michele and Razavi, Kaveh},
	month = June,
	year = {2024},
	keywords = {dir\_dram, proj\_promise, proj\_nccr, type\_workshop}
}

2023 (4)

Phantom: Exploiting Decoder-detectable Mispredictions. Wikner, J., Trujillo, D., & Razavi, K. In MICRO, October 2023. Best Paper Award, ETH medal

Phantom: Exploiting Decoder-detectable Mispredictions [pdf]

Paper

Phantom: Exploiting Decoder-detectable Mispredictions [link]

URL link bibtex 340 downloads

@inproceedings{wikner_phantom_2023,
	title = {{Phantom: Exploiting Decoder-detectable Mispredictions}},
	url = {Paper=https://comsec-files.ethz.ch/papers/phantom_micro23.pdf URL=https://comsec.ethz.ch/research/microarch/inception},
	booktitle = {{MICRO}},
	note = {Best Paper Award, ETH medal},
	author = {Wikner, Johannes and Trujillo, Daniël and Razavi, Kaveh},
	month = oct,
	year = {2023},
	keywords = {dir\_microarch, type\_tier1, proj\_promise}
}

Inception: Exposing New Attack Surfaces with Training in Transient Execution. Trujillo, D., Wikner, J., & Razavi, K. In USENIX Security, August 2023. ETH medal

Inception: Exposing New Attack Surfaces with Training in Transient Execution [pdf]

Paper

Inception: Exposing New Attack Surfaces with Training in Transient Execution [link]

URL link bibtex 234 downloads

@inproceedings{trujillo_inception_2023,
	title = {{Inception: Exposing New Attack Surfaces with Training in Transient Execution}},
	url = {Paper=https://comsec-files.ethz.ch/papers/inception_sec23.pdf URL=https://comsec.ethz.ch/research/microarch/inception},
	booktitle = {{USENIX Security}},
	note = {ETH medal},
	author = {Trujillo, Daniël and Wikner, Johannes and Razavi, Kaveh},
	month = aug,
	year = {2023},
	keywords = {dir\_microarch, dir\_os, type\_tier1, proj\_promise}
}

BLASTER: Characterizing the Blast Radius of Rowhammer. Lang, Z., Jattke, P., Marazzi, M., & Razavi, K. In DRAMSec, June 2023. Award for the best BSc thesis

BLASTER: Characterizing the Blast Radius of Rowhammer [pdf]

Paper link bibtex 68 downloads

@inproceedings{lang_blaster_2023,
	title = {{BLASTER}: {Characterizing} the {Blast} {Radius} of {Rowhammer}},
	url = {Paper=https://comsec-files.ethz.ch/papers/blaster_dramsec23.pdf},
	booktitle = {{DRAMSec}},
	note = {Award for the best BSc thesis},
	author = {Lang, Zhenrong and Jattke, Patrick and Marazzi, Michele and Razavi, Kaveh},
	month = June,
	year = {2023},
	keywords = {dir\_dram, proj\_promise, proj\_nccr, type\_workshop}
}

REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations. Marazzi, M., Solt, F., Jattke, P., Takashi, K., & Razavi, K. In S&P, May 2023. Patent pending

REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations [pdf]

Paper

REGA: Scalable Rowhammer Mitigation with Refresh-Generating Activations [link]

URL link bibtex 168 downloads

@inproceedings{marazzi_rega_2023,
	title = {{REGA}: {Scalable} {Rowhammer} {Mitigation} with {Refresh-Generating} {Activations}},
	url = {Paper=https://comsec-files.ethz.ch/papers/rega_sp23.pdf URL=https://comsec.ethz.ch/research/dram/rega},
	booktitle = {{S\&P}},
	note = {Patent pending},
	author = {Marazzi, Michele and Solt, Flavien and Jattke, Patrick and Takashi, Kubo and Razavi, Kaveh},
	month = may,
	year = {2023},
	keywords = {dir\_dram, proj\_promise, proj\_nccr, type\_conf, type\_tier1}
}

2022 (8)

RemembERR: Leveraging Microprocessor Errata for Design Testing and Validation. Solt, F., Jattke, P., & Razavi, K. In MICRO, October 2022.

RemembERR: Leveraging Microprocessor Errata for Design Testing and Validation [pdf]

Paper

RemembERR: Leveraging Microprocessor Errata for Design Testing and Validation [link]

URL link bibtex 74 downloads

@inproceedings{solt_rememberr_2022,
	title = {{RemembERR: Leveraging Microprocessor Errata for Design Testing and Validation}},
	url = {Paper=https://comsec-files.ethz.ch/papers/rememberr_micro22.pdf URL=https://comsec.ethz.ch/research/hardware-design-security/rememberr},
	booktitle = {{MICRO}},
	author = {Solt, Flavien and Jattke, Patrick and Razavi, Kaveh},
	month = oct,
	year = {2022},
	keywords = {dir\_designsec, proj\_lastbug, proj\_promise, proj\_nccr, type\_tier1}
}

Retbleed: Arbitrary Speculative Code Execution with Return Instructions. Wikner, J., & Razavi, K. In USENIX Security, August 2022. Intel Bounty Reward, CSAW Europe finalist

Retbleed: Arbitrary Speculative Code Execution with Return Instructions [pdf]

Paper

Retbleed: Arbitrary Speculative Code Execution with Return Instructions [link]

URL link bibtex 133 downloads

@inproceedings{wikner_retbleed_2022,
	title = {{Retbleed: Arbitrary Speculative Code Execution with Return Instructions}},
	url = {Paper=https://comsec-files.ethz.ch/papers/retbleed_sec22.pdf URL=https://comsec.ethz.ch/research/microarch/retbleed},
	booktitle = {{USENIX Security}},
	author = {Wikner, Johannes and Razavi, Kaveh},
	note = {Intel Bounty Reward, CSAW Europe finalist},
	month = aug,
	year = {2022},
	keywords = {dir\_microarch, dir\_os, type\_tier1, proj\_promise}
}

CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL. Solt, F., Gras, B., & Razavi, K. In USENIX Security, August 2022. Patent pending

CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL [pdf]

Paper

CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL [link]

URL link bibtex 80 downloads

@inproceedings{solt_cellift_2022,
	title = {{CellIFT: Leveraging Cells for Scalable and Precise Dynamic Information Flow Tracking in RTL}},
	url = {Paper=https://comsec-files.ethz.ch/papers/cellift_sec22.pdf URL=https://comsec.ethz.ch/cellift},
	booktitle = {{USENIX Security}},
	author = {Solt, Flavien and Gras, Ben and Razavi, Kaveh},
	note = {Patent pending},
	month = aug,
	year = {2022},
	keywords = {dir\_designsec, proj\_lastbug, proj\_promise, type\_tier1}
}

Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks. Wikner, J., Giuffrida, C., Bos, H., & Razavi, K. In WOOT, May 2022. Mozilla Bounty Reward

Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks [pdf]

Paper

Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks [link]

URL link bibtex 169 downloads

@inproceedings{wikner_spring_2022,
	title = {{Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks}},
	url = {Paper=https://comsec-files.ethz.ch/papers/spring_woot22.pdf URL=https://comsec.ethz.ch/research/microarch/spring},
	booktitle = {{WOOT}},
	note = {Mozilla Bounty Reward},
	author = {Wikner, Johannes and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2022},
	keywords = {dir\_microarch, dir\_os, type\_workshop}
}

ProTRR: Principled yet Optimal In-DRAM Target Row Refresh. Marazzi, M., Jattke, P., Solt, F., & Razavi, K. In S&P, May 2022. Top Picks in Hardware and Embedded Security, ETH Spark Award Nomination, CSAW Europe finalist

ProTRR: Principled yet Optimal In-DRAM Target Row Refresh [pdf]

Paper

ProTRR: Principled yet Optimal In-DRAM Target Row Refresh [link]

URL link bibtex 56 downloads

@inproceedings{marazzi_protrr_2022,
	title = {{ProTRR}: {Principled} yet {Optimal} {In-DRAM} {Target Row Refresh}},
	url = {Paper=https://comsec-files.ethz.ch/papers/protrr_sp22.pdf URL=https://comsec.ethz.ch/research/dram/protrr},
	booktitle = {{S\&P}},
	note = {Top Picks in Hardware and Embedded Security, ETH Spark Award Nomination, CSAW Europe finalist},
	author = {Marazzi, Michele and Jattke, Patrick and Solt, Flavien and Razavi, Kaveh},
	month = may,
	year = {2022},
	keywords = {dir\_dram, proj\_mfs, proj\_nccr, type\_conf, type\_tier1}
}

Blacksmith: Scalable Rowhammering in the Frequency Domain. Jattke, P., van der Veen, V., Frigo, P., Gunter, S., & Razavi, K. In S&P, May 2022.

Blacksmith: Scalable Rowhammering in the Frequency Domain [pdf]

Paper

Blacksmith: Scalable Rowhammering in the Frequency Domain [link]

URL link bibtex 317 downloads

@inproceedings{jattke_blacksmith_2022,
	title = {{Blacksmith}: {Scalable} {Rowhammering} in the {Frequency} {Domain}},
	url = {Paper=https://comsec-files.ethz.ch/papers/blacksmith_sp22.pdf URL=https://comsec.ethz.ch/research/dram/blacksmith},
	booktitle = {{S\&P}},
	author = {Jattke, Patrick and van der Veen, Victor and Frigo, Pietro and Gunter, Stijn and Razavi, Kaveh},
	month = may,
	year = {2022},
	keywords = {dir\_dram, proj\_mfs, proj\_nccr, type\_conf, type\_tier1}
}

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel. Johannesmeyer, B., Koschel, J., Razavi, K., Bos, H., & Giuffrida, C. In NDSS, April 2022.

Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel [pdf]

Paper link bibtex 593 downloads

@inproceedings{johannesmeyer_kasper_2022,
	title = {Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel},
	url = {Paper=https://comsec-files.ethz.ch/papers/kasper_ndss22.pdf},
	booktitle = {{NDSS}},
	author = {Johannesmeyer, Brian and Koschel, Jakob and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = apr,
	year = {2022},
	keywords = {dir\_microarch, dir\_os type\_conf, type\_tier1}
}

DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels. Bacs, A., Musaev, S., Razavi, K., Giuffrida, C., & Bos, H. In FAST, February 2022.

DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels [pdf]

Paper link bibtex 142 downloads

@inproceedings{dupefs_bacs_2022,
	title = {DupeFS: Leaking Data Over the Network With Filesystem Deduplication Side Channels},
	url = {Paper=https://comsec-files.ethz.ch/papers/dupefs_fast22.pdf},
	booktitle = {{FAST}},
	author = {Bacs, Andrei and Musaev, Saidgani and Razavi, Kaveh and Giuffrida, Cristiano and Bos, Herbert},
	month = feb,
	year = {2022},
	keywords = {dir\_os, dir\_peripheral, type\_conf, type\_tier1}
}

2021 (4)

Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications. Hassan, H., Tugrul, Y. C., Kim, J. S., van der Veen, V., Razavi, K., & Mutlu, O. In MICRO, October 2021.

Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications [pdf]

Paper link bibtex 15 downloads

@inproceedings{hassan_utrr_2021,
	title = {Uncovering In-DRAM RowHammer Protection Mechanisms:A New Methodology, Custom RowHammer Patterns, and Implications},
	url = {Paper=https://comsec-files.ethz.ch/papers/utrr_micro21.pdf},
	booktitle = {{MICRO}},
	author = {Hassan, Hasan and Tugrul, Yahya Can and Kim, Jeremie S. and van der Veen, Victor and Razavi, Kaveh and Mutlu, Onur},
	month = oct,
	year = {2021},
	keywords = {dir\_dram, proj\_mfs, type\_conf, type\_tier1}
}

SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript. de Ridder, F., Frigo, P., Vannacci, E., Bos, H., Giuffrida, C., & Razavi, K. In USENIX Security, August 2021. Pwnie Nomination for the Most Underhyped Research

SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript [pdf]

Paper

SMASH: Synchronized Many-sided Rowhammer Attacks from JavaScript [link]

URL link bibtex 862 downloads

@inproceedings{deridder_smash_2021,
	title = {{SMASH}: {Synchronized} {Many-sided} {Rowhammer} {Attacks} from {JavaScript}},
	url = {Paper=https://comsec-files.ethz.ch/papers/smash_sec21.pdf URL=https://comsec.ethz.ch/research/dram/smash},
	booktitle = {{USENIX Security}},
	author = {de Ridder, Finn and Frigo, Pietro and Vannacci, Emanuele and Bos, Herbert and Giuffrida, Cristiano and Razavi, Kaveh},
	note = {Pwnie Nomination for the Most Underhyped Research},
	month = aug,
	year = {2021},
	keywords = {dir\_dram, dir\_microarch, proj\_mfs, type\_mscthesis, type\_conf, type\_tier1}
}

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations. Orosa, L., Wang, Y., Sadrosadati, M., Kim, J., Patel, M., Puddu, I., Luo, H. L., Razavi, K., Luna, J. G., Hassan, H., Ghiasi, N. M., Ghose, S., & Mutlu, O. In ISCA, June 2021.

CODIC: A Low-Cost Substrate for Enabling Custom In-DRAM Functionalities and Optimizations [pdf]

Paper link bibtex 4 downloads

@inproceedings{orosa_lois_2021,
	title = {{CODIC}: A {Low-Cost} {Substrate} for {Enabling} {Custom} {In-DRAM} {Functionalities} and {Optimizations}},
	url = {Paper=https://comsec-files.ethz.ch/papers/codic_isca21.pdf},
	booktitle = {{ISCA}},
	author = {Orosa, Lois and Wang, Yaohua and Sadrosadati, Mohammad and Kim, Jeremie and Patel, Minesh and Puddu, Ivan and Luo, Haocong Luo and Razavi, Kaveh and Luna, Juan Gomez and Hassan, Hasan and Ghiasi, Nika Mansouri and Ghose, Saugata and Mutlu, Onur},
	month = Jun,
	year = {2021},
	keywords = {dir\_dram, type\_conf, type\_tier1}
}

CrossTalk: Speculative Data Leaks Across Cores Are Real. Ragab, H., Milburn, A., Razavi, K., Bos, H., & Giuffrida, C. In S&P, May 2021. Intel Bounty Reward

CrossTalk: Speculative Data Leaks Across Cores Are Real [pdf]

Paper link bibtex 565 downloads

@inproceedings{ragab_crosstalk_2021,
	title = {{CrossTalk}: Speculative Data Leaks Across Cores Are Real},
	url = {Paper=https://comsec-files.ethz.ch/papers/crosstalk_sp21.pdf},
	booktitle = {{S\&P}},
	author = {Ragab, Hany and Milburn, Alyssa and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = May,
	note = {Intel Bounty Reward},
	year = {2021},
	keywords = {dir\_microarch, type\_conf, type\_press, type\_tier1}
}

2020 (9)

Speculative Probing: Hacking Blind in the Spectre Era. Goktas, E., Razavi, K., Portokalidis, G., Bos, H., & Giuffrida, C. In CCS, November 2020. Pwnie Award for the Most Innovative Research

Speculative Probing: Hacking Blind in the Spectre Era [pdf]

Paper link bibtex 712 downloads

@inproceedings{goktas_speculative_2020,
	title = {Speculative {Probing}: {Hacking} {Blind} in the {Spectre} {Era}},
	url = {Paper=https://comsec-files.ethz.ch/papers/blindside_ccs20.pdf},
	booktitle = {{CCS}},
	author = {Goktas, Enes and Razavi, Kaveh and Portokalidis, Georgios and Bos, Herbert and Giuffrida, Cristiano},
	note = {Pwnie Award for the Most Innovative Research},
	month = nov,
	year = {2020},
	keywords = {dir\_microarch, dir\_os, proj\_mfs, type\_conf, type\_tier1}
}

SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions. Konoth, R. K., Fischer, B., Fokkink, W., Athanasopoulos, E., Razavi, K., & Bos, H. In EuroS&P, September 2020. Best Paper Award, US Patent App. 17/775,322

SecurePay: Strengthening Two-Factor Authentication for Arbitrary Transactions [pdf]

Paper link bibtex 101 downloads

@inproceedings{konoth_securepay_2020,
	title = {{SecurePay}: {Strengthening} {Two}-{Factor} {Authentication} for {Arbitrary} {Transactions}},
	url = {https://comsec-files.ethz.ch/papers/securepay_eurosp20.pdf},
	booktitle = {{EuroS\&P}},
	author = {Konoth, Radhesh Krishnan and Fischer, Björn and Fokkink, Wan and Athanasopoulos, Elias and Razavi, Kaveh and Bos, Herbert},
	note = {Best Paper Award, US Patent App. 17/775,322},
	month = sep,
	year = {2020},
	keywords = {dir\_os, type\_award, proj\_mfs, type\_conf}
}

TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs. Koschel, J., Giuffrida, C., Bos, H., & Razavi, K. In EuroS&P, September 2020.

TagBleed: Breaking KASLR on the Isolated Kernel Address Space using Tagged TLBs [pdf]

Paper link bibtex 50 downloads

@inproceedings{koschel_tagbleed_2020,
	title = {{TagBleed}: {Breaking} {KASLR} on the Isolated Kernel Address Space using Tagged {TLBs}},
	url = {https://comsec-files.ethz.ch/papers/tagbleed_eurosp20.pdf},
	booktitle = {{EuroS\&P}},
	author = {Koschel, Jakob and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = sep,
	year = {2020},
	keywords = {dir\_microarch, dir\_os, proj\_mfs, type\_conf}
}

ParmeSan: Sanitizer-guided Greybox Fuzzing. Österlund, S., Razavi, K., Bos, H., & Giuffrida, C. In USENIX Security, August 2020.

ParmeSan: Sanitizer-guided Greybox Fuzzing [pdf]

Paper link bibtex 81 downloads

@inproceedings{osterlund_parmesan_2020,
	title = {{ParmeSan}: {Sanitizer}-guided {Greybox} {Fuzzing}},
	url = {https://comsec-files.ethz.ch/papers/parmesan_sec20.pdf},
	booktitle = {{USENIX} {Security}},
	author = {Österlund, Sebastian and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2020},
	keywords = {type\_conf, type\_tier1}
}

Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User’s Device. Scoccia, G. L., Kanj, I., Malavolta, I., & Razavi, K. In MOBILESOFT, July 2020. Best Paper Award

Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User’s Device [pdf]

Paper link bibtex 9 downloads

@inproceedings{scoccia_leave_2020,
	title = {Leave my {Apps} {Alone}! {A} {Study} on how {Android} {Developers} {Access} {Installed} {Apps} on {User}’s {Device}},
	url = {https://comsec-files.ethz.ch/papers/iam_mobilesoft20.pdf},
	booktitle = {{MOBILESOFT}},
	author = {Scoccia, Gian Luca and Kanj, Ibrahim and Malavolta, Ivano and Razavi, Kaveh},
	month = jul,
	year = {2020},
	note = {Best Paper Award},
	keywords = {dir\_os, type\_award, type\_conf, type\_press}
}

Stratus: Clouds with Microarchitectural Resource Management. Razavi, K., & Trivedi, A. In HotCloud, July 2020.

Stratus: Clouds with Microarchitectural Resource Management [pdf]

Paper link bibtex 15 downloads

@inproceedings{razavi_stratus_2020,
	title = {{Stratus}: Clouds with Microarchitectural Resource Management},
	url = {https://comsec-files.ethz.ch/papers/stratus_hotcloud20.pdf},
	booktitle = {{HotCloud}},
	author = {Razavi, Kaveh and Trivedi, Animesh},
	month = jul,
	year = {2020},
	keywords = {dir\_microarch, dir\_dram, dir\_peripheral, dir\_os, proj_mfs, type\_conf}
}

TRRespass: Exploiting the Many Sides of Target Row Refresh. Frigo, P., Vannacci, E., Hassan, H., van der Veen, V., Mutlu, O., Giuffrida, C., Bos, H., & Razavi, K. In S&P, May 2020. Best Paper Award, Pwnie Award for the Most Innovative Research, Honorable Mention in IEEE MICRO Top Picks

TRRespass: Exploiting the Many Sides of Target Row Refresh [pdf]

Paper link bibtex 988 downloads

@inproceedings{frigo_trrespass_2020,
	title = {{TRRespass}: {Exploiting} the {Many} {Sides} of {Target} {Row} {Refresh}},
	url = {https://comsec-files.ethz.ch/papers/trrespass_sp20.pdf},
	booktitle = {{S\&P}},
	author = {Frigo, Pietro and Vannacci, Emanuele and Hassan, Hasan and van der Veen, Victor and Mutlu, Onur and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	note = {Best Paper Award, Pwnie Award for the Most Innovative Research, Honorable Mention in IEEE MICRO Top Picks},
	month = may,
	year = {2020},
	keywords = {dir\_dram, proj\_mfs, type\_conf, type\_press, type\_tier1, type\_award}
}

NetCAT: Practical Cache Attacks from the Network. Kurth, M., Gras, B., Andriesse, D., Giuffrida, C., Bos, H., & Razavi, K. In S&P, May 2020. Intel Bounty Reward, Pwnie Award Nomination for the Most Innovative Research

NetCAT: Practical Cache Attacks from the Network [pdf]

Paper link bibtex 400 downloads

@inproceedings{kurth_netcat_2020,
	title = {{NetCAT}: {Practical} {Cache} {Attacks} from the {Network}},
	url = {https://comsec-files.ethz.ch/papers/netcat_sp20.pdf},
	booktitle = {{S\&P}},
	author = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2020},
	note = {Intel Bounty Reward, Pwnie Award Nomination for the Most Innovative Research},
	keywords = {dir\_microarch, dir\_peripheral, proj\_mfs, type\_conf, type\_mscthesis, type\_press, type\_tier1}
}

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures. Gras, B., Giuffrida, C., Kurth, M., Bos, H., & Razavi, K. In NDSS, February 2020.

ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures [pdf]

Paper

Slides link bibtex 70 downloads

@inproceedings{gras_absynthe_2020,
	title = {{ABSynthe}: {Automatic} {Blackbox} {Side}-channel {Synthesis} on {Commodity} {Microarchitectures}},
	url = {Paper=https://comsec-files.ethz.ch/papers/absynthe_ndss20.pdf Slides=https://comsec-files.ethz.ch/papers/absynthe_ndss20_pres.pdf},
	booktitle = {{NDSS}},
	author = {Gras, Ben and Giuffrida, Cristiano and Kurth, Michael and Bos, Herbert and Razavi, Kaveh},
	month = feb,
	year = {2020},
	keywords = {dir\_microarch, proj\_mfs, type\_conf, type\_tier1}
}

2019 (2)

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks. Cojocar, L., Razavi, K., Giuffrida, C., & Bos, H. In S&P, May 2019. Best Practical Paper Award, Pwnie Award Nomination for the Most Innovative Research

Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks [pdf]

Paper

Slides link bibtex 428 downloads

@inproceedings{cojocar_exploiting_2019,
	title = {Exploiting {Correcting} {Codes}: {On} the {Effectiveness} of {ECC} {Memory} {Against} {Rowhammer} {Attacks}},
	url = {Paper=https://comsec-files.ethz.ch/papers/eccploit_sp19.pdf Slides=https://www.ieee-security.org/TC/SP2019/SP19-Slides-pdfs/Lucian_Cojocar_Exploiting_Correcting_Codes_slides-ecc-new.pdf},
	booktitle = {{S\&P}},
	author = {Cojocar, Lucian and Razavi, Kaveh and Giuffrida, Cristiano and Bos, Herbert},
	month = may,
	year = {2019},
	note = {Best Practical Paper Award, Pwnie Award Nomination for the Most Innovative Research},
	keywords = {dir\_dram, proj\_mfs, type\_award, type\_conf, type\_press, type\_tier1}
}

RIDL: Rogue In-flight Data Load. van Schaik, S., Milburn, A., Österlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., & Giuffrida, C. In S&P, May 2019. DCSRP Award, Intel Bounty Reward, Pwnie Award Nomination for the Most Innovative Research, CSAW Best Paper Award Runner-up

Paper

Slides

Web link bibtex 120 downloads

@inproceedings{van_schaik_ridl_2019,
	title = {{RIDL}: {Rogue} {In}-flight {Data} {Load}},
	url = {Paper=https://mdsattacks.com/files/ridl.pdf Slides=https://mdsattacks.com/slides/slides.html Web=https://mdsattacks.com},
	booktitle = {{S\&P}},
	author = {van Schaik, Stephan and Milburn, Alyssa and Österlund, Sebastian and Frigo, Pietro and Maisuradze, Giorgi and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = may,
	year = {2019},
	note = {DCSRP Award, Intel Bounty Reward, Pwnie Award Nomination for the Most Innovative Research, CSAW Best Paper Award Runner-up},
	keywords = {dir\_microarch, proj\_mfs, type\_award, type\_conf, type\_press, type\_tier1}
}

2018 (7)

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks. Konoth, R. K., Oliverio, M., Tatar, A., Andriesse, D., Bos, H., Giuffrida, C., & Razavi, K. In OSDI, October 2018. US Patent App. 16/059,357

ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks [pdf]

Paper link bibtex 45 downloads

@inproceedings{konoth_zebram:_2018,
	title = {{ZebRAM}: {Comprehensive} and {Compatible} {Software} {Protection} {Against} {Rowhammer} {Attacks}},
	url = {https://comsec-files.ethz.ch/papers/zebram_osdi18.pdf},
	booktitle = {{OSDI}},
	author = {Konoth, Radhesh Krishnan and Oliverio, Marco and Tatar, Andrei and Andriesse, Dennis and Bos, Herbert and Giuffrida, Cristiano and Razavi, Kaveh},
	month = oct,
    note = {US Patent App. 16/059,357},
	year = {2018},
	keywords = {dir\_dram, dir\_os, proj\_mfs, type\_conf, type\_tier1, type\_top}
}

Defeating Software Mitigations against Rowhammer: A Surgical Precision Hammer. Tatar, A., Giuffrida, C., Bos, H., & Razavi, K. In RAID, September 2018. Best Paper Award

Defeating Software Mitigations against Rowhammer: A Surgical Precision Hammer [pdf]

Paper link bibtex 50 downloads

@inproceedings{tatar_defeating_2018,
	title = {Defeating {Software} {Mitigations} against {Rowhammer}: {A} {Surgical} {Precision} {Hammer}},
	url = {https://comsec-files.ethz.ch/papers/hammertime_raid18.pdf},
	booktitle = {{RAID}},
	author = {Tatar, Andrei and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = sep,
	year = {2018},
	note = {Best Paper Award},
	keywords = {dir\_dram, proj\_mfs, type\_award, type\_conf, type\_mscthesis}
}

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. Gras, B., Razavi, K., Bos, H., & Giuffrida, C. In USENIX Security, August 2018. Pwnie Award Nomination for the Most Innovative Research

Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks [pdf]

Paper link bibtex 519 downloads

@inproceedings{gras_translation_2018,
	title = {Translation {Leak}-aside {Buffer}: {Defeating} {Cache} {Side}-channel {Protections} with {TLB} {Attacks}},
	url = {https://comsec-files.ethz.ch/papers/tlbleed_sec18.pdf},
	booktitle = {{USENIX} {Security}},
	author = {Gras, Ben and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = aug,
	year = {2018},
	note = {Pwnie Award Nomination for the Most Innovative Research},
	keywords = {dir\_microarch, type\_award, type\_conf, type\_press, type\_tier1}
}

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think. van Schaik, S., Giuffrida, C., Bos, H., & Razavi, K. In USENIX Security, August 2018.

Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think [pdf]

Paper link bibtex 98 downloads

@inproceedings{van_schaik_malicious_2018,
	title = {Malicious {Management} {Unit}: {Why} {Stopping} {Cache} {Attacks} in {Software} is {Harder} {Than} {You} {Think}},
	url = {https://comsec-files.ethz.ch/papers/xlate_sec18.pdf},
	booktitle = {{USENIX} {Security}},
	author = {van Schaik, Stephan and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = aug,
	year = {2018},
	keywords = {dir\_microarch, type\_conf, type\_mscthesis, type\_tier1}
}

GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM. van der Veen, V., Lindorfer, M., Fratantonio, Y., Padmanabha Pillai, H., Vigna, G., Kruegel, C., Bos, H., & Razavi, K. In DIMVA, June 2018. Pwnie Award Nomination for the Best Privilege Escalation Bug

GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM [pdf]

Paper link bibtex 98 downloads

@inproceedings{van_der_veen_guardion:_2018,
	title = {{GuardION}: {Practical} {Mitigation} of {DMA}-based {Rowhammer} {Attacks} on {ARM}},
	url = {https://comsec-files.ethz.ch/papers/dimva2018.pdf},
	booktitle = {{DIMVA}},
	author = {van der Veen, Victor and Lindorfer, Martina and Fratantonio, Yanick and Padmanabha Pillai, Harikrishnan and Vigna, Giovanni and Kruegel, Christopher and Bos, Herbert and Razavi, Kaveh},
	month = jun,
	year = {2018},
	note = {Pwnie Award Nomination for the Best Privilege Escalation Bug},
	keywords = {dir\_dram, dir\_os, type\_award, type\_conf, type\_press}
}

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU. Frigo, P., Giuffrida, C., Bos, H., & Razavi, K. In S&P, May 2018. Pwnie Award Nomination for the Most Innovative Research

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU [pdf]

Paper link bibtex 170 downloads

@inproceedings{frigo_grand_2018,
	title = {Grand {Pwning} {Unit}: {Accelerating} {Microarchitectural} {Attacks} with the {GPU}},
	url = {https://comsec-files.ethz.ch/papers/glitch_sp18.pdf},
	booktitle = {{S\&P}},
	author = {Frigo, Pietro and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = may,
	year = {2018},
	note = {Pwnie Award Nomination for the Most Innovative Research},
	keywords = {dir\_dram, type\_award, type\_conf, type\_mscthesis, type\_press, type\_tier1}
}

Throwhammer: Rowhammer Attacks over the Network and Defenses. Tatar, A., Konoth, R. K., Athanasopoulos, E., Giuffrida, C., Bos, H., & Razavi, K. In USENIX ATC, July 2018. Pwnie Award Nomination for the Most Innovative Research

Throwhammer: Rowhammer Attacks over the Network and Defenses [pdf]

Paper link bibtex 343 downloads

@inproceedings{tatar_throwhammer:_2018,
	title = {Throwhammer: {Rowhammer} {Attacks} over the {Network} and {Defenses}},
	url = {https://comsec-files.ethz.ch/papers/throwhammer_atc18.pdf},
	booktitle = {{USENIX} {ATC}},
	author = {Tatar, Andrei and Konoth, Radhesh Krishnan and Athanasopoulos, Elias and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},
	month = jul,
	year = {2018},
	note = {Pwnie Award Nomination for the Most Innovative Research},
	keywords = {dir\_dram, dir\_peripheral, type\_award, type\_conf, type\_press}
}

2017 (6)

Secure Page Fusion with VUsion. Oliverio, M., Razavi, K., Bos, H., & Giuffrida, C. In SOSP, October 2017.

Paper

Slides

Poster link bibtex 85 downloads

@inproceedings{oliverio_secure_2017,
	title = {Secure {Page} {Fusion} with {VUsion}},
	url = {Paper=https://comsec-files.ethz.ch/papers/vusion_sosp17.pdf Slides=https://docs.google.com/presentation/d/1Erf1r9gCtkj-JuCBT7BW93W7YjGiplkO8GHAAT56W9s/edit#slide=id.p3 Poster=https://comsec-files.ethz.ch/papers/vusion_sosp17_poster.pdf},
	booktitle = {{SOSP}},
	author = {Oliverio, Marco and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = oct,
	year = {2017},
	keywords = {dir\_dram, dir\_microarch, dir\_os, type\_conf, type\_tier1}
}

Understanding Rack-Scale Disaggregated Storage. Legtchenko, S., Williams, H., Razavi, K., Donnelly, A., Black, R., Douglas, A., Cheriere, N., Fryer, D., Mast, K., Brown, A. D., Klimovic, A., Slowey, A., & Rowstron, A. In HotStorage, July 2017.

Understanding Rack-Scale Disaggregated Storage [pdf]

Paper link bibtex

@inproceedings{legtchenko_understanding_2017,
	title = {Understanding {Rack}-{Scale} {Disaggregated} {Storage}},
	url = {https://comsec-files.ethz.ch/papers/hotstorage17-paper-legtchenko.pdf},
	booktitle = {{HotStorage}},
	author = {Legtchenko, Sergey and Williams, Hugh and Razavi, Kaveh and Donnelly, Austin and Black, Richard and Douglas, Andrew and Cheriere, Nathanael and Fryer, Daniel and Mast, Kai and Brown, Angela Demke and Klimovic, Ana and Slowey, Andy and Rowstron, Antony},
	month = jul,
	year = {2017},
	keywords = {type\_conf}
}

Off-the-shelf Embedded Devices as Platforms for Security Research. Cojocar, L., Razavi, K., & Bos, H. In EuroSec, April 2017.

Off-the-shelf Embedded Devices as Platforms for Security Research [pdf]

Paper link bibtex 19 downloads

@inproceedings{cojocar_ssd_2017,
	title = {{Off-the-shelf Embedded Devices as Platforms for Security Research}},
	url = {https://comsec-files.ethz.ch/papers/ssd_eurosec17.pdf},
	booktitle = {{EuroSec}},
	author = {Cojocar, Lucian and Razavi, Kaveh and Bos, Herbert},
	month = apr,
	year = {2017},
	keywords = {dir\_peripheral, type\_workshop}
}

RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches. van Schaik, S., Razavi, K., Gras, B., Bos, H., & Giuffrida, C. In EuroSec, April 2017.

RevAnC: A Framework for Reverse Engineering Hardware Page Table Caches [pdf]

Paper link bibtex 173 downloads

@inproceedings{van_schaik_revanc:_2017,
	title = {{RevAnC}: {A} {Framework} for {Reverse} {Engineering} {Hardware} {Page} {Table} {Caches}},
	url = {https://comsec-files.ethz.ch/papers/revanc_eurosec17.pdf},
	booktitle = {{EuroSec}},
	author = {van Schaik, Stephan and Razavi, Kaveh and Gras, Ben and Bos, Herbert and Giuffrida, Cristiano},
	month = apr,
	year = {2017},
	keywords = {dir\_microarch, type\_mscthesis, type\_workshop}
}

Reverse Engineering Hardware Page Table Caches Using Side-Channel Attacks on the MMU. van Schaik, S., Razavi, K., Gras, B., Bos, H., & Giuffrida, C. Technical Report IR-CS-51, VU Amsterdam, February 2017.

Reverse Engineering Hardware Page Table Caches Using Side-Channel Attacks on the MMU [pdf]

Paper link bibtex 7 downloads

@techreport{van_schaik_reverse_2017,
	title = {Reverse {Engineering} {Hardware} {Page} {Table} {Caches} {Using} {Side}-{Channel} {Attacks} on the {MMU}},
	url = {https://comsec-files.ethz.ch/papers/revanc_ir-cs-77.pdf},
	number = {IR-CS-51},
	institution = {VU Amsterdam},
	author = {van Schaik, Stephan and Razavi, Kaveh and Gras, Ben and Bos, Herbert and Giuffrida, Cristiano},
	month = feb,
	year = {2017},
	keywords = {dir\_microarch}
}

ASLR on the Line: Practical Cache Attacks on the MMU. Gras, B., Razavi, K., Bosman, E., Bos, H., & Giuffrida, C. In NDSS, February 2017. Pwnie Award for the Most Innovative Research, DCSRP Award

ASLR on the Line: Practical Cache Attacks on the MMU [pdf]

Paper

Slides link bibtex 309 downloads

@inproceedings{gras_aslr_2017,
	title = {{ASLR} on the {Line}: {Practical} {Cache} {Attacks} on the {MMU}},
	url = {Paper=https://comsec-files.ethz.ch/papers/anc_ndss17.pdf Slides=https://comsec-files.ethz.ch/papers/anc_ndss17_talk.pdf},
	booktitle = {{NDSS}},
	author = {Gras, Ben and Razavi, Kaveh and Bosman, Erik and Bos, Herbert and Giuffrida, Cristiano},
	month = feb,
	year = {2017},
	note = {Pwnie Award for the Most Innovative Research, DCSRP Award},
	keywords = {dir\_microarch, type\_award, type\_conf, type\_press, type\_tier1}
}

2016 (5)

Flip Feng Shui: Rowhammering the VM's Isolation. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. In Black Hat Europe, November 2016.

Flip Feng Shui: Rowhammering the VM's Isolation [pdf]

Paper link bibtex 77 downloads

@inproceedings{razavi_flip_2016,
	title = {Flip {Feng} {Shui}: {Rowhammering} the {VM}'s {Isolation}},
	url = {https://comsec-files.ethz.ch/papers/flip-feng-shui_bheu16.pdf},
	booktitle = {Black {Hat} {Europe}},
	author = {Razavi, Kaveh and Gras, Ben and Bosman, Erik and Preneel, Bart and Giuffrida, Cristiano and Bos, Herbert},
	month = nov,
	year = {2016},
	keywords = {dir\_dram, dir\_os, type\_conf}
}

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms. van der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C., Vigna, G., Bos, H., Razavi, K., & Giuffrida, C. In CCS, October 2016. Pwnie Award for the Best Privilege Escalation Bug, Android Security Reward, CSAW Best Paper Award, DCSRP Award

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms [pdf]

Paper link bibtex 250 downloads

@inproceedings{van_der_veen_drammer:_2016,
	title = {Drammer: {Deterministic} {Rowhammer} {Attacks} on {Mobile} {Platforms}},
	url = {https://comsec-files.ethz.ch/papers/drammer.pdf},
	booktitle = {{CCS}},
	author = {van der Veen, Victor and Fratantonio, Yanick and Lindorfer, Martina and Gruss, Daniel and Maurice, Clementine and Vigna, Giovanni and Bos, Herbert and Razavi, Kaveh and Giuffrida, Cristiano},
	month = oct,
	year = {2016},
	note = {Pwnie Award for the Best Privilege Escalation Bug, Android Security Reward, CSAW Best Paper Award, DCSRP Award},
	keywords = {dir\_dram, dir\_os, type\_award, type\_conf, type\_press, type\_tier1}
}

Flip Feng Shui: Hammering a Needle in the Software Stack. Razavi, K., Gras, B., Bosman, E., Preneel, B., Giuffrida, C., & Bos, H. In USENIX Security, August 2016. Pwnie Award Nomination for the Best Cryptographic Attack

Flip Feng Shui: Hammering a Needle in the Software Stack [pdf]

Paper

Slides link bibtex 132 downloads

@inproceedings{razavi_flip_2016-1,
	title = {Flip {Feng} {Shui}: {Hammering} a {Needle} in the {Software} {Stack}},
	url = {Paper=https://comsec-files.ethz.ch/papers/flip-feng-shui_sec16.pdf Slides=https://comsec-files.ethz.ch/papers/flip-feng-shui_sec16_pres.pdf},
	booktitle = {{USENIX} {Security}},
	author = {Razavi, Kaveh and Gras, Ben and Bosman, Erik and Preneel, Bart and Giuffrida, Cristiano and Bos, Herbert},
	month = aug,
	year = {2016},
	note = {Pwnie Award Nomination for the Best Cryptographic Attack},
	keywords = {dir\_dram, dir\_os, type\_award, type\_conf, type\_press, type\_tier1}
}

Over the Edge: Silently Owning Windows 10's Secure Browser. Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. In Black Hat USA, July 2016.

Over the Edge: Silently Owning Windows 10's Secure Browser [pdf]

Paper link bibtex 52 downloads

@inproceedings{bosman_over_2016,
	title = {Over the {Edge}: {Silently} {Owning} {Windows} 10's {Secure} {Browser}},
	url = {https://comsec-files.ethz.ch/papers/over-the-edge_bhusa16.pdf},
	booktitle = {Black {Hat} {USA}},
	author = {Bosman, E. and Razavi, K. and Bos, H. and Giuffrida, C.},
	month = jul,
	year = {2016},
	keywords = {dir\_dram, dir\_os, type\_ast, type\_conf}
}

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector. Bosman, E., Razavi, K., Bos, H., & Giuffrida, C. In S&P, May 2016. Pwnie Award for the Most Innovative Research

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector [pdf]

Paper link bibtex 112 downloads

@inproceedings{bosman_dedup_2016,
	title = {Dedup {Est} {Machina}: {Memory} {Deduplication} as an {Advanced} {Exploitation} {Vector}},
	url = {https://comsec-files.ethz.ch/papers/dedup-est-machina_sp16.pdf},
	booktitle = {{S\&P}},
	author = {Bosman, Erik and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},
	month = may,
	year = {2016},
	note = {Pwnie Award for the Most Innovative Research},
	keywords = {dir\_dram, dir\_os, type\_award, type\_conf, type\_press, type\_tier1}
}

2015 (6)

Prebaked uVMs: Scalable, Instant VM Startup for IaaS Clouds. Razavi, K., Kolk, G. V. D., & Kielmann, T. In ICDCS, October 2015.

Prebaked uVMs: Scalable, Instant VM Startup for IaaS Clouds [pdf]

Paper link bibtex 2 downloads

@inproceedings{razavi_prebaked_2015,
	title = {Prebaked {uVMs}: {Scalable}, {Instant} {VM} {Startup} for {IaaS} {Clouds}},
	url = {https://comsec-files.ethz.ch/papers/icdcs15.pdf},
	booktitle = {{ICDCS}},
	author = {Razavi, K. and Kolk, G. V. D. and Kielmann, T.},
	month = oct,
	year = {2015},
	keywords = {type\_conf}
}

CAIN: Silently Breaking ASLR in the Cloud. Barresi, A., Razavi, K., Payer, M., & Gross, T. R. In WOOT, August 2015.

CAIN: Silently Breaking ASLR in the Cloud [pdf]

Paper link bibtex 9 downloads

@inproceedings{barresi_cain:_2015,
	title = {{CAIN}: {Silently} {Breaking} {ASLR} in the {Cloud}},
	url = {https://comsec-files.ethz.ch/papers/woot15.pdf},
	booktitle = {{WOOT}},
	author = {Barresi, Antonio and Razavi, Kaveh and Payer, Mathias and Gross, Thomas R.},
	month = aug,
	year = {2015},
	keywords = {dir\_os, type\_conf, type\_sidechannel}
}

Fast and Scalable Virtual Machine Deployment. Razavi, K. Ph.D. Thesis, VU Amsterdam, August 2015. Nominated for the Roger Needham award
link bibtex

@phdthesis{razavi_fast_2015,
	type = {{PhD} {Thesis}},
	title = {Fast and {Scalable} {Virtual} {Machine} {Deployment}},
	school = {VU Amsterdam},
	author = {Razavi, Kaveh},
	month = aug,
	year = {2015},
	note = {Nominated for the Roger Needham award},
	keywords = {type\_thesis}
}

R2C2: A Network Stack for Rack-scale Computers. Costa, P., Ballani, H., Razavi, K., & Kash, I. In SIGCOMM, August 2015.

R2C2: A Network Stack for Rack-scale Computers [pdf]

Paper link bibtex 2 downloads

@inproceedings{costa_r2c2:_2015,
	title = {{R2C2}: {A} {Network} {Stack} for {Rack}-scale {Computers}},
	url = {https://comsec-files.ethz.ch/papers/sigcomm15.pdf},
	booktitle = {{SIGCOMM}},
	author = {Costa, Paolo and Ballani, Hitesh and Razavi, Kaveh and Kash, Ian},
	month = aug,
	year = {2015},
	keywords = {type\_conf, type\_tier1}
}

Scaling VM Deployment in an Open Source Cloud Stack. Razavi, K., Costache, S., Gardiman, A., Verstoep, K., & Kielmann, T. In ScienceCloud, June 2015.

Scaling VM Deployment in an Open Source Cloud Stack [pdf]

Paper link bibtex

@inproceedings{razavi_scaling_2015,
	title = {Scaling {VM} {Deployment} in an {Open} {Source} {Cloud} {Stack}},
	url = {https://comsec-files.ethz.ch/papers/sciencecloud15.pdf},
	booktitle = {{ScienceCloud}},
	author = {Razavi, Kaveh and Costache, Stefania and Gardiman, Andrea and Verstoep, Kees and Kielmann, Thilo},
	month = jun,
	year = {2015},
	keywords = {type\_workshop}
}

Kangaroo: A Tenant-Centric Software-Defined Cloud Infrastructure. Razavi, K., Ion, A., Tato, G., Jeong, K., Figueiredo, R., Pierre, G., & Kielmann, T. In IC2E, March 2015.

Kangaroo: A Tenant-Centric Software-Defined Cloud Infrastructure [pdf]

Paper link bibtex 1 download

@inproceedings{razavi_kangaroo:_2015,
	title = {Kangaroo: {A} {Tenant}-{Centric} {Software}-{Defined} {Cloud} {Infrastructure}},
	url = {https://comsec-files.ethz.ch/papers/ic2e15.pdf},
	booktitle = {{IC2E}},
	author = {Razavi, K. and Ion, A. and Tato, G. and Jeong, K. and Figueiredo, R. and Pierre, G. and Kielmann, T.},
	month = mar,
	year = {2015},
	keywords = {type\_conf}
}

2014 (1)

Squirrel: Scatter Hoarding VM Image Contents on IaaS Compute Nodes. Razavi, K., Ion, A., & Kielmann, T. In HPDC, June 2014.

Squirrel: Scatter Hoarding VM Image Contents on IaaS Compute Nodes [pdf]

Paper link bibtex 4 downloads

@inproceedings{razavi_squirrel_2014,
	title = {Squirrel: {Scatter} {Hoarding} {VM} {Image} {Contents} on {IaaS} {Compute} {Nodes}},
	url = {https://comsec-files.ethz.ch/papers/hpdc14.pdf},
	booktitle = {{HPDC}},
	author = {Razavi, Kaveh and Ion, Ana and Kielmann, Thilo},
	month = jun,
	year = {2014},
	keywords = {type\_conf}
}

2013 (3)

Scalable Virtual Machine Deployment Using VM Image Caches. Razavi, K., & Kielmann, T. In SC, October 2013.

Scalable Virtual Machine Deployment Using VM Image Caches [pdf]

Paper link bibtex 5 downloads

@inproceedings{razavi_scalable_2013,
	title = {Scalable {Virtual} {Machine} {Deployment} {Using} {VM} {Image} {Caches}},
	url = {https://comsec-files.ethz.ch/papers/sc13.pdf},
	booktitle = {{SC}},
	author = {Razavi, Kaveh and Kielmann, Thilo},
	month = oct,
	year = {2013},
	keywords = {type\_conf}
}

Reducing VM Startup Time and Storage Costs by VM Image Content Consolidation. Razavi, K., Razorea, L. M., & Kielmann, T. In DIHC, September 2013.

Reducing VM Startup Time and Storage Costs by VM Image Content Consolidation [pdf]

Paper link bibtex 4 downloads

@inproceedings{razavi_reducing_2013,
	title = {Reducing {VM} {Startup} {Time} and {Storage} {Costs} by {VM} {Image} {Content} {Consolidation}},
	url = {https://comsec-files.ethz.ch/papers/dihc13.pdf},
	booktitle = {{DIHC}},
	author = {Razavi, Kaveh and Razorea, Liviu Mihai and Kielmann, Thilo},
	month = sep,
	year = {2013},
	keywords = {type\_workshop}
}

ConPaaS: An Integrated Runtime Environment for Elastic Cloud Applications. Pierre, G., Kielmann, T., Rocca, E., Razavi, K, IJff, B., Fernandez, H., Figueiredo, R., Uta, A., Vintila, A., Oprescu, A., Schuett, T., Berlin, M., Artac, M., & Cernivec, A. In HPDC (poster), August 2013.

ConPaaS: An Integrated Runtime Environment for Elastic Cloud Applications [pdf]

Paper link bibtex 4 downloads

@inproceedings{pierre_conpaas_2013,
	title = {{ConPaaS}: {An} {Integrated} {Runtime} {Environment} for {Elastic} {Cloud} {Applications}},
	url = {https://comsec-files.ethz.ch/papers/hpdc13-conpaas-poster.pdf},
	booktitle = {{HPDC} (poster)},
	author = {Pierre, G. and Kielmann, T. and Rocca, E. and Razavi, K and IJff, B. and Fernandez, H. and Figueiredo, R. and Uta, A. and Vintila, A. and Oprescu, A. and Schuett, T. and Berlin, M. and Artac, M. and Cernivec, A.},
	month = aug,
	year = {2013},
	keywords = {type\_poster}
}