\n\n \n\n \n\n \n \n\n \n\n \n \n\n \n\n \n

\n generated by\n \n $\"bibbase.org\"\n$ \n \n

\n \n\n

\n\n

\n \n Group by\n \n \n
- \n Year\n
- \n Author\n
- \n Type\n
- \n Keyword\n
- \n Downloads\n
\n
\n \n \n \n \n
- \n \n Expand/Collapse All\n \n
- \n \n Download BibTeX\n \n
- \n \n RSS Feed\n \n
\n

\n\n\n

\n\n Excellent! Next you can\n create a new website with this list, or\n embed it in an existing web page by copying & pasting\n any of the following snippets.\n\n

\n JavaScript\n (easiest)\n

\n            <script src=\"https://bibbase.org/show?bib=https%3A%2F%2Fdownload.vusec.net%2Fpapers%2Fzotero.php%3Ftag%3Dtype_award%20||%20type_press%26full%3D%26format%3Dbibtex%26sort%3Ddate&theme=default&jsonp=1&showSearch=1&owner=none&filter=keywords:type_paper,&jsonp=1\"></script>\n

\n\n PHP\n

\n            <?php\n            $contents = file_get_contents(\"https://bibbase.org/show?bib=https%3A%2F%2Fdownload.vusec.net%2Fpapers%2Fzotero.php%3Ftag%3Dtype_award%20||%20type_press%26full%3D%26format%3Dbibtex%26sort%3Ddate&theme=default&jsonp=1&showSearch=1&owner=none&filter=keywords:type_paper,\");\n            print_r($contents);\n            ?>\n

\n\n iFrame\n (not recommended)\n

\n            <iframe src=\"https://bibbase.org/show?bib=https%3A%2F%2Fdownload.vusec.net%2Fpapers%2Fzotero.php%3Ftag%3Dtype_award%20||%20type_press%26full%3D%26format%3Dbibtex%26sort%3Ddate&theme=default&jsonp=1&showSearch=1&owner=none&filter=keywords:type_paper,\"></iframe>\n

\n\n

\n For more details see the documention.\n

\n\n

\n\n This is a preview! To use this list on your own web site\n or create a new web site from it,\n create a free account. The file will be added\n and you will be able to edit it in the File Manager.\n We will show you instructions once you've created your account.\n

\n\n

To the site owner:

\n\n

Action required! Mendeley is changing its\n API. In order to keep using Mendeley with BibBase past April\n 14th, you need to:\n

renew the authorization for BibBase on Mendeley, and
update the BibBase URL\n in your page the same way you did when you initially set up\n this page.\n

\n\n

\n \n \n Fix it now\n

\n\n

\n\n\n

\n \n \n

\n \n 2023\n \n \n (4)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Uncontained: Uncovering Container Confusion in the Linux Kernel.\n \n \n \n \n\n\n \n Koschel, J.; Borrello, P.; D'Elia, D. C.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In USENIX Security, August 2023. \n Distinguished Artifact Award, Pwnie Award Nomination for Best Privilege Escalation\n\n\n\n
\n\n\n\n \n \n $\"Uncontained:$ Paper\n \n \n \n $\"Uncontained:$ Web\n \n \n \n $\"Uncontained:$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 207 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n $\"Artifacts$ \n \n $\"Artifacts$ \n \n $\"Results$ \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{koschel_uncontained_2023,\n\ttitle = {Uncontained: {Uncovering} {Container} {Confusion} in the {Linux} {Kernel}},\n\turl = {Paper=https://download.vusec.net/papers/uncontained_sec23.pdf Web=https://vusec.net/projects/uncontained Code=https://github.com/vusec/uncontained},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Koschel, Jakob and Borrello, Pietro and D'Elia, Daniele Cono and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2023},\n\tnote = {Distinguished Artifact Award, Pwnie Award Nomination for Best Privilege Escalation},\n\tkeywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\\_sanitizer, proj\\_allocamelus, proj\\_intersect, proj\\_memo, proj\\_theseus, proj\\_tropics, research\\_uncontained, type\\_ae, type\\_award, type\\_conf, type\\_paper, type\\_tier1, type\\_top, type\\_uncontained},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Let Me Unwind That For You: Exceptions to Backward-Edge Protection.\n \n \n \n \n\n\n \n Duta, V.; Freyer, F.; Pagani, F.; Muench, M.; and Giuffrida, C.\n\n\n \n\n\n\n In NDSS, February 2023. \n Intel Bounty Reward\n\n\n\n
\n\n\n\n \n \n $\"Let$ Paper\n \n \n \n $\"Let$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 100 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{duta_let_2023,\n\ttitle = {Let {Me} {Unwind} {That} {For} {You}: {Exceptions} to {Backward}-{Edge} {Protection}},\n\turl = {Paper=https://download.vusec.net/papers/chop_ndss23.pdf Code=https://github.com/chop-project/chop},\n\tbooktitle = {{NDSS}},\n\tauthor = {Duta, Victor and Freyer, Fabian and Pagani, Fabio and Muench, Marius and Giuffrida, Cristiano},\n\tmonth = feb,\n\tyear = {2023},\n\tnote = {Intel Bounty Reward},\n\tkeywords = {class\\_binary, proj\\_intersect, proj\\_memo, proj\\_offcore, proj\\_theseus, proj\\_tropics, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Specification and Verification of Side-channel Security for Open-source Processors via Leakage Contracts.\n \n \n \n \n\n\n \n Wang, Z.; Mohr, G.; von Gleissenthall, K.; Reineke, J.; and Guarnieri, M.\n\n\n \n\n\n\n In CCS, 2023. \n Distinguished Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Specification$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n \n \n abstract \n \n\n \n \n \n 8 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{wang_specification_2023,\n\ttitle = {Specification and {Verification} of {Side}-channel {Security} for {Open}-source {Processors} via {Leakage} {Contracts}},\n\turl = {https://gleissen.github.io/papers/ccs2023.pdf},\n\tabstract = {Leakage contracts have recently been proposed as a new security abstraction at the Instruction Set Architecture (ISA) level. Such contracts aim to faithfully capture the information processors may leak through side effects of their microarchitectural implementations. However, so far, we lack a verification methodology to check that a processor actually satisfies a given leakage contract. In this paper, we address this problem by developing LeaVe, the first tool for verifying register-transfer-level (RTL) processor designs against ISA-level leakage contracts. To this end, we introduce a decoupling theorem that separates security and functional correctness concerns when verifying contract satisfaction. LeaVe leverages this decoupling to make verification of contract satisfaction practical. To scale to realistic processor designs LeaVe further employs inductive reasoning on relational abstractions. Using LeaVe, we precisely characterize the side-channel security guarantees provided by three open-source RISC-V processors, thereby obtaining the first contract satisfaction proofs for RTL processor designs.},\n\turldate = {2023-07-27},\n\tbooktitle = {{CCS}},\n\tauthor = {Wang, Zilong and Mohr, Gideon and von Gleissenthall, Klaus and Reineke, Jan and Guarnieri, Marco},\n\tyear = {2023},\n\tnote = {Distinguished Paper Award},\n\tkeywords = {Computer Science - Cryptography and Security, type\\_award, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Randomized Testing of Byzantine Fault Tolerant Algorithms.\n \n \n \n \n\n\n \n Winter, L.; Buse, F.; De Graaf, D.; v. Gleissenthall, K.; and Ozkan, B. K.\n\n\n \n\n\n\n In OOPSLA, 2023. \n Distinguished Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Randomized$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 4 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n\n\n\n

@inproceedings{winter_randomized_2023,\n\ttitle = {Randomized {Testing} of {Byzantine} {Fault} {Tolerant} {Algorithms}},\n\turl = {https://gleissen.github.io/papers/byzzfuzz.pdf},\n\tbooktitle = {{OOPSLA}},\n\tauthor = {Winter, Levin and Buse, Florena and De Graaf, Daan and v. Gleissenthall, Klaus and Ozkan, Burcu Kulahcioglu},\n\tyear = {2023},\n\tnote = {Distinguished Paper Award},\n\tkeywords = {type\\_award, type\\_paper},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2022\n \n \n (3)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Branch History Injection: On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks.\n \n \n \n \n\n\n \n Barberis, E.; Frigo, P.; Muench, M.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In USENIX Security, August 2022. \n Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward\n\n\n\n
\n\n\n\n \n \n $\"Branch$ Paper\n \n \n \n $\"Branch$ Web\n \n \n \n $\"Branch$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 572 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n $\"Artifacts$ \n \n $\"Artifacts$ \n \n $\"Results$ \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{barberis_branch_2022,\n\ttitle = {Branch {History} {Injection}: {On} the {Effectiveness} of {Hardware} {Mitigations} {Against} {Cross}-{Privilege} {Spectre}-v2 {Attacks}},\n\turl = {Paper=http://download.vusec.net/papers/bhi-spectre-bhb_sec22.pdf Web=https://www.vusec.net/projects/bhi-spectre-bhb Code=https://github.com/vusec/bhi-spectre-bhb},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Barberis, Enrico and Frigo, Pietro and Muench, Marius and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2022},\n\tnote = {Pwnie Award Nomination for Epic Achievement, Intel Bounty Reward},\n\tkeywords = {artifacts:available, artifacts:functional, artifacts:reproduced, class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_theseus, proj\\_tropics, proj\\_unicore, type\\_ae, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Spring: Spectre Returning in the Browser with Speculative Load Queuing and Deep Stacks.\n \n \n \n \n\n\n \n Wikner, J.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In WOOT, May 2022. \n Mozilla Bounty Reward\n\n\n\n
\n\n\n\n \n \n $\"Spring:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 131 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{wikner_spring_2022,\n\ttitle = {Spring: {Spectre} {Returning} in the {Browser} with {Speculative} {Load} {Queuing} and {Deep} {Stacks}},\n\turl = {Paper=http://download.vusec.net/papers/spring_woot22.pdf},\n\tbooktitle = {{WOOT}},\n\tauthor = {Wikner, Johannes and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = may,\n\tyear = {2022},\n\tnote = {Mozilla Bounty Reward},\n\tkeywords = {class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_tropics, type\\_award, type\\_bounty, type\\_mscthesis, type\\_paper, type\\_top, type\\_workshop},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n BLACKSMITH: Scalable Rowhammering in the Frequency Domain.\n \n \n \n \n\n\n \n Jattke, P.; van der Veen, V.; Frigo, P.; Gunter, S.; and Razavi, K.\n\n\n \n\n\n\n In S&P, May 2022. \n \n\n\n\n
\n\n\n\n \n \n $\"BLACKSMITH:$ Paper\n \n \n \n $\"BLACKSMITH:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 290 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{jattke_blacksmith_2022,\n\ttitle = {{BLACKSMITH}: {Scalable} {Rowhammering} in the {Frequency} {Domain}},\n\turl = {Paper=https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf Press=https://bit.ly/3H395l5},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Jattke, Patrick and van der Veen, Victor and Frigo, Pietro and Gunter, Stijn and Razavi, Kaveh},\n\tmonth = may,\n\tyear = {2022},\n\tkeywords = {class\\_rowhammer, type\\_conf, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2021\n \n \n (5)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Rage Against the Machine Clear: A Systematic Analysis of Machine Clears and Their Implications for Transient Execution Attacks.\n \n \n \n \n\n\n \n Ragab, H.; Barberis, E.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In USENIX Security, August 2021. \n Distinguished Paper Award, Intel Bounty Reward, Mozilla Bounty Reward, Pwnie Award Nomination for Most Innovative Research, Pwnie Award Nomination for Best Privilege Escalation Bug, Pwnie Award Nomination for Best Client-Side Bug, Pwnie Award Nomination for Epic Achievement, DCSR Paper Award, CSAW Best Paper Award Runner-up\n\n\n\n
\n\n\n\n \n \n $\"Rage$ Paper\n \n \n \n $\"Rage$ Web\n \n \n \n $\"Rage$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 296 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{ragab_rage_2021,\n\ttitle = {Rage {Against} the {Machine} {Clear}: {A} {Systematic} {Analysis} of {Machine} {Clears} and {Their} {Implications} for {Transient} {Execution} {Attacks}},\n\turl = {Paper=https://download.vusec.net/papers/fpvi-scsb_sec21.pdf Web=https://www.vusec.net/projects/fpvi-scsb Code=https://github.com/vusec/fpvi-scsb},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Ragab, Hany and Barberis, Enrico and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2021},\n\tnote = {Distinguished Paper Award, Intel Bounty Reward, Mozilla Bounty Reward, Pwnie Award Nomination for Most Innovative Research, Pwnie Award Nomination for Best Privilege Escalation Bug, Pwnie Award Nomination for Best Client-Side Bug, Pwnie Award Nomination for Epic Achievement, DCSR Paper Award, CSAW Best Paper Award Runner-up},\n\tkeywords = {class\\_sidechannels, proj\\_intersect, proj\\_offcore, proj\\_react, proj\\_unicore, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n SMASH: Synchronized Many-sided Rowhammer Attacks From JavaScript.\n \n \n \n \n\n\n \n de Ridder, F.; Frigo, P.; Vannacci, E.; Bos, H.; Giuffrida, C.; and Razavi, K.\n\n\n \n\n\n\n In USENIX Security, August 2021. \n Pwnie Award Nomination for Most Under-Hyped Research, Best Faculty of Science Master Thesis Award\n\n\n\n
\n\n\n\n \n \n $\"SMASH:$ Paper\n \n \n \n $\"SMASH:$ Web\n \n \n \n $\"SMASH:$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 797 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{de_ridder_smash_2021,\n\ttitle = {{SMASH}: {Synchronized} {Many}-sided {Rowhammer} {Attacks} {From} {JavaScript}},\n\turl = {Paper=https://download.vusec.net/papers/smash_sec21.pdf Web=https://www.vusec.net/projects/smash Code=https://github.com/vusec/smash},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {de Ridder, Finn and Frigo, Pietro and Vannacci, Emanuele and Bos, Herbert and Giuffrida, Cristiano and Razavi, Kaveh},\n\tmonth = aug,\n\tyear = {2021},\n\tnote = {Pwnie Award Nomination for Most Under-Hyped Research, Best Faculty of Science Master Thesis Award},\n\tkeywords = {class\\_rowhammer, proj\\_offcore, proj\\_panta, proj\\_react, proj\\_unicore, type\\_award, type\\_conf, type\\_csec, type\\_mscthesis, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n CrossTalk: Speculative Data Leaks Across Cores Are Real.\n \n \n \n \n\n\n \n Ragab, H.; Milburn, A.; Razavi, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In S&P, May 2021. \n Intel Bounty Reward\n\n\n\n
\n\n\n\n \n \n $\"CrossTalk:$ Paper\n \n \n \n $\"CrossTalk:$ Web\n \n \n \n $\"CrossTalk:$ Code\n \n \n \n $\"CrossTalk:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 541 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{ragab_crosstalk_2021,\n\ttitle = {{CrossTalk}: {Speculative} {Data} {Leaks} {Across} {Cores} {Are} {Real}},\n\turl = {Paper=https://download.vusec.net/papers/crosstalk_sp21.pdf Web=https://www.vusec.net/projects/crosstalk Code=https://github.com/vusec/ridl Press=https://bit.ly/3frdRuV},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Ragab, Hany and Milburn, Alyssa and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = may,\n\tyear = {2021},\n\tnote = {Intel Bounty Reward},\n\tkeywords = {class\\_sidechannels, proj\\_binrec, proj\\_offcore, proj\\_panta, proj\\_panta\\_list, proj\\_react, proj\\_unicore, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Who's Debugging the Debuggers? Exposing Debug Information Bugs in Optimized Binaries.\n \n \n \n \n\n\n \n Di Luna, G. A.; Italiano, D.; Massarelli, L.; Österlund, S.; Giuffrida, C.; and Querzoni, L.\n\n\n \n\n\n\n In ASPLOS, April 2021. \n Distinguished Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Who's$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 111 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n Artifact Evaluation Badges:\n \n $\"Artifacts$ \n \n $\"Results$ \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{di_luna_whos_2021,\n\ttitle = {Who's {Debugging} the {Debuggers}? {Exposing} {Debug} {Information} {Bugs} in {Optimized} {Binaries}},\n\turl = {https://download.vusec.net/papers/debug2_asplos21.pdf},\n\tbooktitle = {{ASPLOS}},\n\tauthor = {Di Luna, Giuseppe Antonio and Italiano, Davide and Massarelli, Luca and Österlund, Sebastian and Giuffrida, Cristiano and Querzoni, Leonardo},\n\tmonth = apr,\n\tyear = {2021},\n\tnote = {Distinguished Paper Award},\n\tkeywords = {artifacts:functional, artifacts:reproduced, class\\_testing, proj\\_react, proj\\_securecode, type\\_ae, type\\_award, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade.\n \n \n \n \n\n\n \n Vassena, M.; Disselkoen, C.; von Gleissenthall, K.; Cauligi, S.; Ghokan Kici, R.; Jhala, R.; Tullsen, D.; and Stefan, D.\n\n\n \n\n\n\n In POPL, January 2021. \n Distinguished Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Automatically$ Paper\n \n \n \n $\"Automatically$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 20 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{vassena_automatically_2021,\n\ttitle = {Automatically {Eliminating} {Speculative} {Leaks} from {Cryptographic} {Code} with {Blade}},\n\turl = {Paper=http://goto.ucsd.edu/~gleissen/papers/blade.pdf Code=https://github.com/plsyssec/lucet-blade},\n\tbooktitle = {{POPL}},\n\tauthor = {Vassena, Marco and Disselkoen, Craig and von Gleissenthall, Klaus and Cauligi, Sunjay and Ghokan Kici, Rami and Jhala, Ranjit and Tullsen, Dean and Stefan, Deian},\n\tmonth = jan,\n\tyear = {2021},\n\tnote = {Distinguished Paper Award},\n\tkeywords = {class\\_sidechannels, type\\_award, type\\_conf, type\\_paper, type\\_tier1, type\\_top, verification},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2020\n \n \n (3)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Speculative Probing: Hacking Blind in the Spectre Era.\n \n \n \n \n\n\n \n Goktas, E.; Razavi, K.; Portokalidis, G.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In CCS, November 2020. \n Pwnie Award for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Speculative$ Paper\n \n \n \n $\"Speculative$ Web\n \n \n \n $\"Speculative$ Code\n \n \n \n $\"Speculative$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 677 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{goktas_speculative_2020,\n\ttitle = {Speculative {Probing}: {Hacking} {Blind} in the {Spectre} {Era}},\n\turl = {Paper=https://download.vusec.net/papers/blindside_ccs20.pdf Web=https://www.vusec.net/projects/blindside Code=https://github.com/vusec/blindside Press=https://bit.ly/3c4MkhU},\n\tbooktitle = {{CCS}},\n\tauthor = {Goktas, Enes and Razavi, Kaveh and Portokalidis, Georgios and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = nov,\n\tyear = {2020},\n\tnote = {Pwnie Award for Most Innovative Research},\n\tkeywords = {class\\_sidechannels, proj\\_offcore, proj\\_panta, proj\\_panta\\_list, proj\\_react, proj\\_unicore, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n NetCAT: Practical Cache Attacks from the Network.\n \n \n \n \n\n\n \n Kurth, M.; Gras, B.; Andriesse, D.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In S&P, May 2020. \n Intel Bounty Reward, Pwnie Award Nomination for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"NetCAT:$ Paper\n \n \n \n $\"NetCAT:$ Slides\n \n \n \n $\"NetCAT:$ Web\n \n \n \n $\"NetCAT:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 367 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{kurth_netcat_2020,\n\ttitle = {{NetCAT}: {Practical} {Cache} {Attacks} from the {Network}},\n\turl = {Paper=https://download.vusec.net/papers/netcat_sp20.pdf Slides=https://download.vusec.net/slides/netcat_sp20.pdf Web=https://www.vusec.net/projects/netcat Press=https://bit.ly/2LULskB},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Kurth, Michael and Gras, Ben and Andriesse, Dennis and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = may,\n\tyear = {2020},\n\tnote = {Intel Bounty Reward, Pwnie Award Nomination for Most Innovative Research},\n\tkeywords = {class\\_sidechannels, proj\\_offcore, proj\\_panta, proj\\_react, proj\\_unicore, proj\\_vici, type\\_award, type\\_bounty, type\\_conf, type\\_csec, type\\_cve\\_assigned, type\\_mscthesis, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n TRRespass: Exploiting the Many Sides of Target Row Refresh.\n \n \n \n \n\n\n \n Frigo, P.; Vannacci, E.; Hassan, H.; van der Veen, V.; Mutlu, O.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In S&P, May 2020. \n Best Paper Award, Pwnie Award for Most Innovative Research, IEEE Micro Top Picks Honorable Mention, DCSR Paper Award\n\n\n\n
\n\n\n\n \n \n $\"TRRespass:$ Paper\n \n \n \n $\"TRRespass:$ Slides\n \n \n \n $\"TRRespass:$ Web\n \n \n \n $\"TRRespass:$ Code\n \n \n \n $\"TRRespass:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 858 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{frigo_trrespass_2020,\n\ttitle = {{TRRespass}: {Exploiting} the {Many} {Sides} of {Target} {Row} {Refresh}},\n\turl = {Paper=https://download.vusec.net/papers/trrespass_sp20.pdf Slides=https://download.vusec.net/slides/trrespass_sp20.pdf Web=https://www.vusec.net/projects/trrespass Code=https://github.com/vusec/trrespass Press=https://bit.ly/2UXWKJ4},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Frigo, Pietro and Vannacci, Emanuele and Hassan, Hasan and van der Veen, Victor and Mutlu, Onur and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = may,\n\tyear = {2020},\n\tnote = {Best Paper Award, Pwnie Award for Most Innovative Research, IEEE Micro Top Picks Honorable Mention, DCSR Paper Award},\n\tkeywords = {class\\_rowhammer, proj\\_offcore, proj\\_panta, proj\\_react, proj\\_unicore, proj\\_vici, type\\_award, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2019\n \n \n (3)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n SoK: Benchmarking Flaws in Systems Security.\n \n \n \n \n\n\n \n van der Kouwe, E.; Heiser, G.; Andriesse, D.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In EuroS&P, June 2019. \n \n\n\n\n
\n\n\n\n \n \n $\"SoK:$ Paper\n \n \n \n $\"SoK:$ Slides\n \n \n \n $\"SoK:$ Web\n \n \n \n $\"SoK:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 148 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_der_kouwe_sok_2019,\n\ttitle = {{SoK}: {Benchmarking} {Flaws} in {Systems} {Security}},\n\turl = {Paper=https://download.vusec.net/papers/benchmarking-crimes_eurosp19.pdf  Slides=https://www.vusec.net/wp-content/uploads/2019/06/Benchmarking-Flaws-in-Systems-Security-EuroSP2019.pdf Web=https://www.vusec.net/projects/benchmarking-crimes Press=https://bit.ly/3knxXIk},\n\tbooktitle = {{EuroS}\\&{P}},\n\tauthor = {van der Kouwe, Erik and Heiser, Gernot and Andriesse, Dennis and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = jun,\n\tyear = {2019},\n\tkeywords = {class\\_sanitizer, class\\_sok, proj\\_binrec, proj\\_panta, proj\\_react, proj\\_securecode, proj\\_unicore, proj\\_vici, type\\_conf, type\\_csec, type\\_paper, type\\_press, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks.\n \n \n \n \n\n\n \n Cojocar, L.; Razavi, K.; Giuffrida, C.; and Bos, H.\n\n\n \n\n\n\n In S&P, May 2019. \n Best Practical Paper Award, Pwnie Award Nomination for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Exploiting$ Paper\n \n \n \n $\"Exploiting$ Slides\n \n \n \n $\"Exploiting$ Web\n \n \n \n $\"Exploiting$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 362 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{cojocar_exploiting_2019,\n\ttitle = {Exploiting {Correcting} {Codes}: {On} the {Effectiveness} of {ECC} {Memory} {Against} {Rowhammer} {Attacks}},\n\turl = {Paper=https://download.vusec.net/papers/eccploit_sp19.pdf Slides=https://www.ieee-security.org/TC/SP2019/SP19-Slides-pdfs/Lucian_Cojocar_Exploiting_Correcting_Codes_slides-ecc-new.pdf Web=https://www.vusec.net/projects/eccploit Press=https://bit.ly/2UcucNv},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Cojocar, Lucian and Razavi, Kaveh and Giuffrida, Cristiano and Bos, Herbert},\n\tmonth = may,\n\tyear = {2019},\n\tnote = {Best Practical Paper Award, Pwnie Award Nomination for Most Innovative Research},\n\tkeywords = {class\\_rowhammer, proj\\_panta, proj\\_react, proj\\_unicore, proj\\_vici, type\\_award, type\\_conf, type\\_csec, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n RIDL: Rogue In-flight Data Load.\n \n \n \n \n\n\n \n van Schaik, S.; Milburn, A.; Österlund, S.; Frigo, P.; Maisuradze, G.; Razavi, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In S&P, May 2019. \n Intel Bounty Reward (Highest To Date), Pwnie Award Nomination for Most Innovative Research, CSAW Best Paper Award Runner-up, DCSR Paper Award\n\n\n\n
\n\n\n\n \n \n $\"RIDL:$ Paper\n \n \n \n $\"RIDL:$ Slides\n \n \n \n $\"RIDL:$ Web\n \n \n \n $\"RIDL:$ Code\n \n \n \n $\"RIDL:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 108 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_schaik_ridl_2019,\n\ttitle = {{RIDL}: {Rogue} {In}-flight {Data} {Load}},\n\turl = {Paper=https://mdsattacks.com/files/ridl.pdf Slides=https://mdsattacks.com/slides/slides.html Web=https://mdsattacks.com Code=https://github.com/vusec/ridl Press=http://mdsattacks.com},\n\tbooktitle = {S\\&{P}},\n\tauthor = {van Schaik, Stephan and Milburn, Alyssa and Österlund, Sebastian and Frigo, Pietro and Maisuradze, Giorgi and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = may,\n\tyear = {2019},\n\tnote = {Intel Bounty Reward (Highest To Date), Pwnie Award Nomination for Most Innovative Research, CSAW Best Paper Award Runner-up, DCSR Paper Award},\n\tkeywords = {class\\_sidechannels, proj\\_offcore, proj\\_panta, proj\\_panta\\_list, proj\\_react, proj\\_unicore, proj\\_vici, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2018\n \n \n (5)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Defeating Software Mitigations against Rowhammer: A Surgical Precision Hammer.\n \n \n \n \n\n\n \n Tatar, A.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In RAID, September 2018. \n Best Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Defeating$ Paper\n \n \n \n $\"Defeating$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 37 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{tatar_defeating_2018,\n\ttitle = {Defeating {Software} {Mitigations} against {Rowhammer}: {A} {Surgical} {Precision} {Hammer}},\n\turl = {Paper=https://download.vusec.net/papers/hammertime_raid18.pdf Code=https://github.com/vusec/hammertime},\n\tbooktitle = {{RAID}},\n\tauthor = {Tatar, Andrei and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = sep,\n\tyear = {2018},\n\tnote = {Best Paper Award},\n\tkeywords = {class\\_rowhammer, proj\\_parallax, proj\\_react, proj\\_unicore, proj\\_vici, type\\_award, type\\_conf, type\\_mscthesis, type\\_paper, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks.\n \n \n \n \n\n\n \n Gras, B.; Razavi, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In USENIX Security, August 2018. \n Pwnie Award Nomination for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Translation$ Paper\n \n \n \n $\"Translation$ Slides\n \n \n \n $\"Translation$ Web\n \n \n \n $\"Translation$ Code\n \n \n \n $\"Translation$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 460 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{gras_translation_2018,\n\ttitle = {Translation {Leak}-aside {Buffer}: {Defeating} {Cache} {Side}-channel {Protections} with {TLB} {Attacks}},\n\turl = {Paper=https://download.vusec.net/papers/tlbleed_sec18.pdf Slides=https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_gras.pdf Web=https://www.vusec.net/projects/tlbleed Code=https://github.com/vusec/tlbkit Press=https://goo.gl/eepq1y},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Gras, Ben and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = aug,\n\tyear = {2018},\n\tnote = {Pwnie Award Nomination for Most Innovative Research},\n\tkeywords = {class\\_sidechannels, proj\\_parallax, proj\\_react, proj\\_vici, type\\_award, type\\_conf, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Throwhammer: Rowhammer Attacks over the Network and Defenses.\n \n \n \n \n\n\n \n Tatar, A.; Konoth, R. K.; Athanasopoulos, E.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In USENIX ATC, July 2018. \n Pwnie Award Nomination for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Throwhammer:$ Paper\n \n \n \n $\"Throwhammer:$ Web\n \n \n \n $\"Throwhammer:$ Code\n \n \n \n $\"Throwhammer:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 295 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{tatar_throwhammer_2018,\n\ttitle = {Throwhammer: {Rowhammer} {Attacks} over the {Network} and {Defenses}},\n\turl = {Paper=https://download.vusec.net/papers/throwhammer_atc18.pdf Web=https://www.vusec.net/projects/throwhammer Code=https://github.com/vusec/alis Press=https://goo.gl/GrZ87e},\n\tbooktitle = {{USENIX} {ATC}},\n\tauthor = {Tatar, Andrei and Konoth, Radhesh Krishnan and Athanasopoulos, Elias and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = jul,\n\tyear = {2018},\n\tnote = {Pwnie Award Nomination for Most Innovative Research},\n\tkeywords = {class\\_rowhammer, proj\\_parallax, proj\\_vici, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_press, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n GuardION: Practical Mitigation of DMA-based Rowhammer Attacks on ARM.\n \n \n \n \n\n\n \n van der Veen, V.; Lindorfer, M.; Fratantonio, Y.; Padmanabha Pillai, H.; Vigna, G.; Kruegel, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In DIMVA, June 2018. \n Pwnie Award Nomination for Best Privilege Escalation Bug\n\n\n\n
\n\n\n\n \n \n $\"GuardION:$ Paper\n \n \n \n $\"GuardION:$ Web\n \n \n \n $\"GuardION:$ Code\n \n \n \n $\"GuardION:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 82 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_der_veen_guardion_2018,\n\ttitle = {{GuardION}: {Practical} {Mitigation} of {DMA}-based {Rowhammer} {Attacks} on {ARM}},\n\turl = {Paper=https://vvdveen.com/publications/dimva2018.pdf Web=https://rampageattack.com Code=https://github.com/vusec/guardion Press=https://bit.ly/2H6QhqX},\n\tbooktitle = {{DIMVA}},\n\tauthor = {van der Veen, Victor and Lindorfer, Martina and Fratantonio, Yanick and Padmanabha Pillai, Harikrishnan and Vigna, Giovanni and Kruegel, Christopher and Bos, Herbert and Razavi, Kaveh},\n\tmonth = jun,\n\tyear = {2018},\n\tnote = {Pwnie Award Nomination for Best Privilege Escalation Bug},\n\tkeywords = {class\\_mobile, class\\_rowhammer, type\\_award, type\\_conf, type\\_paper, type\\_press},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU.\n \n \n \n \n\n\n \n Frigo, P.; Giuffrida, C.; Bos, H.; and Razavi, K.\n\n\n \n\n\n\n In S&P, May 2018. \n Pwnie Award Nomination for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Grand$ Paper\n \n \n \n $\"Grand$ Web\n \n \n \n $\"Grand$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 145 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{frigo_grand_2018,\n\ttitle = {Grand {Pwning} {Unit}: {Accelerating} {Microarchitectural} {Attacks} with the {GPU}},\n\turl = {Paper=https://download.vusec.net/papers/glitch_sp18.pdf Web=https://www.vusec.net/projects/glitch Press=https://goo.gl/SkD9er},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Frigo, Pietro and Giuffrida, Cristiano and Bos, Herbert and Razavi, Kaveh},\n\tmonth = may,\n\tyear = {2018},\n\tnote = {Pwnie Award Nomination for Most Innovative Research},\n\tkeywords = {class\\_rowhammer, class\\_sidechannels, proj\\_sharcs, proj\\_vici, type\\_award, type\\_conf, type\\_cve\\_assigned, type\\_mscthesis, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2017\n \n \n (2)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Compiler-Agnostic Function Detection in Binaries.\n \n \n \n \n\n\n \n Andriesse, D.; Slowinska, A.; and Bos, H.\n\n\n \n\n\n\n In EuroS&P, April 2017. \n Best Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Compiler-Agnostic$ Paper\n \n \n \n $\"Compiler-Agnostic$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 22 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{andriesse_compiler-agnostic_2017,\n\ttitle = {Compiler-{Agnostic} {Function} {Detection} in {Binaries}},\n\turl = {Paper=https://mistakenot.net/papers/eurosp-2017.pdf Code=https://github.com/vusec/nucleus},\n\tbooktitle = {{EuroS}\\&{P}},\n\tauthor = {Andriesse, Dennis and Slowinska, Asia and Bos, Herbert},\n\tmonth = apr,\n\tyear = {2017},\n\tnote = {Best Paper Award},\n\tkeywords = {class\\_binary, class\\_reveng, disassembly, type\\_award, type\\_conf, type\\_csec, type\\_paper},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n ASLR on the Line: Practical Cache Attacks on the MMU.\n \n \n \n \n\n\n \n Gras, B.; Razavi, K.; Bosman, E.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In NDSS, February 2017. \n Pwnie Award for Most Innovative Research, DCSR Paper Award\n\n\n\n
\n\n\n\n \n \n $\"ASLR$ Paper\n \n \n \n $\"ASLR$ Slides\n \n \n \n $\"ASLR$ Web\n \n \n \n $\"ASLR$ Code\n \n \n \n $\"ASLR$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 260 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{gras_aslr_2017,\n\ttitle = {{ASLR} on the {Line}: {Practical} {Cache} {Attacks} on the {MMU}},\n\turl = {Paper=https://download.vusec.net/papers/anc_ndss17.pdf Slides=https://vusec.net/wp-content/uploads/2016/11/TalkGras.pdf Web=https://www.vusec.net/projects/anc Code=https://github.com/vusec/revanc Press=https://goo.gl/KL4Bta},\n\tbooktitle = {{NDSS}},\n\tauthor = {Gras, Ben and Razavi, Kaveh and Bosman, Erik and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = feb,\n\tyear = {2017},\n\tnote = {Pwnie Award for Most Innovative Research, DCSR Paper Award},\n\tkeywords = {class\\_sidechannels, proj\\_sharcs, proj\\_vici, type\\_award, type\\_conf, type\\_csec, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2016\n \n \n (5)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Drammer: Deterministic Rowhammer Attacks on Mobile Platforms.\n \n \n \n \n\n\n \n van der Veen, V.; Fratantonio, Y.; Lindorfer, M.; Gruss, D.; Maurice, C.; Vigna, G.; Bos, H.; Razavi, K.; and Giuffrida, C.\n\n\n \n\n\n\n In CCS, October 2016. \n Pwnie Award for Best Privilege Escalation Bug, Android Security Reward, CSAW Best Paper Award, DCSR Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Drammer:$ Paper\n \n \n \n $\"Drammer:$ Web\n \n \n \n $\"Drammer:$ Code\n \n \n \n $\"Drammer:$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 222 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_der_veen_drammer_2016,\n\ttitle = {Drammer: {Deterministic} {Rowhammer} {Attacks} on {Mobile} {Platforms}},\n\turl = {Paper=https://vvdveen.com/publications/drammer.pdf Web=https://www.vusec.net/projects/drammer Code=https://github.com/vusec/drammer Press=https://goo.gl/y0lZ3l},\n\tbooktitle = {{CCS}},\n\tauthor = {van der Veen, Victor and Fratantonio, Yanick and Lindorfer, Martina and Gruss, Daniel and Maurice, Clementine and Vigna, Giovanni and Bos, Herbert and Razavi, Kaveh and Giuffrida, Cristiano},\n\tmonth = oct,\n\tyear = {2016},\n\tnote = {Pwnie Award for Best Privilege Escalation Bug, Android Security Reward, CSAW Best Paper Award, DCSR Paper Award},\n\tkeywords = {class\\_mobile, class\\_rowhammer, proj\\_sharcs, type\\_award, type\\_bounty, type\\_conf, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Flip Feng Shui: Hammering a Needle in the Software Stack.\n \n \n \n \n\n\n \n Razavi, K.; Gras, B.; Bosman, E.; Preneel, B.; Giuffrida, C.; and Bos, H.\n\n\n \n\n\n\n In USENIX Security, August 2016. \n Pwnie Award Nomination for Best Cryptographic Attack\n\n\n\n
\n\n\n\n \n \n $\"Flip$ Paper\n \n \n \n $\"Flip$ Slides\n \n \n \n $\"Flip$ Web\n \n \n \n $\"Flip$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 120 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{razavi_flip_2016,\n\ttitle = {Flip {Feng} {Shui}: {Hammering} a {Needle} in the {Software} {Stack}},\n\turl = {Paper=https://download.vusec.net/papers/flip-feng-shui_sec16.pdf Slides=https://vusec.net/wp-content/uploads/2016/06/presentation.pdf Web=https://www.vusec.net/projects/flip-feng-shui Press=https://goo.gl/owOb2m},\n\tbooktitle = {{USENIX} {Security}},\n\tauthor = {Razavi, Kaveh and Gras, Ben and Bosman, Erik and Preneel, Bart and Giuffrida, Cristiano and Bos, Herbert},\n\tmonth = aug,\n\tyear = {2016},\n\tnote = {Pwnie Award Nomination for Best Cryptographic Attack},\n\tkeywords = {class\\_rowhammer, proj\\_sharcs, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems.\n \n \n \n \n\n\n \n Bhat, K.; Vogt, D.; van der Kouwe, E.; Gras, B.; Sambuc, L.; Tanenbaum, A. S.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In DSN, June 2016. \n Best Paper Session\n\n\n\n
\n\n\n\n \n \n $\"OSIRIS:$ Paper\n \n \n \n $\"OSIRIS:$ Code\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 8 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{bhat_osiris_2016,\n\ttitle = {{OSIRIS}: {Efficient} and {Consistent} {Recovery} of {Compartmentalized} {Operating} {Systems}},\n\turl = {Paper=http://www.cs.vu.nl/~giuffrida/papers/dsn-2016-2.pdf Code=https://github.com/vusec/osiris},\n\tbooktitle = {{DSN}},\n\tauthor = {Bhat, Koustubha and Vogt, Dirk and van der Kouwe, Erik and Gras, Ben and Sambuc, Lionel and Tanenbaum, Andrew S. and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = jun,\n\tyear = {2016},\n\tnote = {Best Paper Session},\n\tkeywords = {class\\_reliability, proj\\_sharcs, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector.\n \n \n \n \n\n\n \n Bosman, E.; Razavi, K.; Bos, H.; and Giuffrida, C.\n\n\n \n\n\n\n In S&P, May 2016. \n Pwnie Award for Most Innovative Research\n\n\n\n
\n\n\n\n \n \n $\"Dedup$ Paper\n \n \n \n $\"Dedup$ Web\n \n \n \n $\"Dedup$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 93 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{bosman_dedup_2016,\n\ttitle = {Dedup {Est} {Machina}: {Memory} {Deduplication} as an {Advanced} {Exploitation} {Vector}},\n\turl = {Paper=https://download.vusec.net/papers/dedup-est-machina_sp16.pdf Web=https://www.vusec.net/projects/dedup-est-machina Press=https://goo.gl/ogBXTm},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Bosman, Erik and Razavi, Kaveh and Bos, Herbert and Giuffrida, Cristiano},\n\tmonth = may,\n\tyear = {2016},\n\tnote = {Pwnie Award for Most Innovative Research},\n\tkeywords = {class\\_rowhammer, class\\_sidechannels, proj\\_sharcs, proj\\_vici, type\\_award, type\\_conf, type\\_csec, type\\_cve\\_assigned, type\\_paper, type\\_press, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n How Anywhere Computing Just Killed Your Phone-Based Two-Factor Authentication.\n \n \n \n \n\n\n \n Konoth, R. K.; van der Veen, V.; and Bos, H.\n\n\n \n\n\n\n In FC, February 2016. \n \n\n\n\n
\n\n\n\n \n \n $\"How$ Paper\n \n \n \n $\"How$ Web\n \n \n \n $\"How$ Press\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 31 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{konoth_how_2016,\n\ttitle = {How {Anywhere} {Computing} {Just} {Killed} {Your} {Phone}-{Based} {Two}-{Factor} {Authentication}},\n\turl = {Paper=http://fc16.ifca.ai/preproceedings/24_Konoth.pdf Web=https://www.vusec.net/projects/bandroid Press=https://www.vusec.net/projects/bandroid},\n\tbooktitle = {{FC}},\n\tauthor = {Konoth, Radhesh Krishnan and van der Veen, Victor and Bos, Herbert},\n\tmonth = feb,\n\tyear = {2016},\n\tkeywords = {class\\_mobile, type\\_conf, type\\_csec, type\\_mscthesis, type\\_paper, type\\_press},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2015\n \n \n (1)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n ShrinkWrap: VTable Protection Without Loose Ends.\n \n \n \n \n\n\n \n Haller, I.; Goktas, E.; Athanasopoulos, E.; Portokalidis, G.; and Bos, H.\n\n\n \n\n\n\n In ACSAC, October 2015. \n Outstanding Student Paper Award\n\n\n\n
\n\n\n\n \n \n $\"ShrinkWrap:$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 4 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{haller_shrinkwrap_2015,\n\ttitle = {{ShrinkWrap}: {VTable} {Protection} {Without} {Loose} {Ends}},\n\turl = {http://www.cs.vu.nl/%7Eherbertb/papers/shrinkwrap_acsac15.pdf},\n\tbooktitle = {{ACSAC}},\n\tauthor = {Haller, Istvan and Goktas, Enes and Athanasopoulos, Elias and Portokalidis, Georgios and Bos, Herbert},\n\tmonth = oct,\n\tyear = {2015},\n\tnote = {Outstanding Student Paper Award},\n\tkeywords = {class\\_armor, proj\\_sharcs, proj\\_vici, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2014\n \n \n (3)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Framing signals - Return to portable exploits.\n \n \n \n \n\n\n \n Bosman, E.; and Bos, H.\n\n\n \n\n\n\n In S&P, December 2014. \n Best Student Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Framing$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 12 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{bosman_framing_2014,\n\ttitle = {Framing signals - {Return} to portable exploits},\n\turl = {http://www.cs.vu.nl/%7Eherbertb/papers/srop_sp14.pdf},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Bosman, Erik and Bos, Herbert},\n\tmonth = dec,\n\tyear = {2014},\n\tnote = {Best Student Paper Award},\n\tkeywords = {class\\_binary, type\\_award, type\\_conf, type\\_csec, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Out Of Control: Overcoming Control-Flow Integrity.\n \n \n \n \n\n\n \n Goktas, E.; Athanasopoulos, E.; Bos, H.; and Portokalidis, G.\n\n\n \n\n\n\n In S&P, December 2014. \n DCSR Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Out$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 3 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{goktas_out_2014,\n\ttitle = {Out {Of} {Control}: {Overcoming} {Control}-{Flow} {Integrity}},\n\turl = {http://www.cs.vu.nl/%7Eherbertb/papers/outofcontrol_sp14.pdf},\n\tbooktitle = {S\\&{P}},\n\tauthor = {Goktas, Enes and Athanasopoulos, Elias and Bos, Herbert and Portokalidis, Gerogios},\n\tmonth = dec,\n\tyear = {2014},\n\tnote = {DCSR Paper Award},\n\tkeywords = {class\\_binary, type\\_award, type\\_conf, type\\_csec, type\\_mscthesis, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Evaluating Distortion in Fault Injection Experiments.\n \n \n \n \n\n\n \n van der Kouwe, E.; Giuffrida, C.; and Tanenbaum, A. S.\n\n\n \n\n\n\n In HASE, September 2014. \n Best Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Evaluating$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 15 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{van_der_kouwe_evaluating_2014,\n\ttitle = {Evaluating {Distortion} in {Fault} {Injection} {Experiments}},\n\turl = {http://www.cs.vu.nl/~giuffrida/papers/hase-2014.pdf},\n\tbooktitle = {{HASE}},\n\tauthor = {van der Kouwe, Erik and Giuffrida, Cristiano and Tanenbaum, Andrew S.},\n\tmonth = sep,\n\tyear = {2014},\n\tnote = {Best Paper Award},\n\tkeywords = {class\\_fi, class\\_testing, type\\_award, type\\_conf, type\\_paper},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2013\n \n \n (2)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Back to the Future: Fault-tolerant Live Update with Time-traveling State Transfer.\n \n \n \n \n\n\n \n Giuffrida, C.; Iorgulescu, C.; Kuijsten, A.; and Tanenbaum, A. S.\n\n\n \n\n\n\n In LISA, October 2013. \n Best Student Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Back$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 6 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{giuffrida_back_2013,\n\ttitle = {Back to the {Future}: {Fault}-tolerant {Live} {Update} with {Time}-traveling {State} {Transfer}},\n\turl = {http://www.cs.vu.nl/~giuffrida/papers/lisa-2013.pdf},\n\tbooktitle = {{LISA}},\n\tauthor = {Giuffrida, Cristiano and Iorgulescu, Calin and Kuijsten, Anton and Tanenbaum, Andrew S.},\n\tmonth = oct,\n\tyear = {2013},\n\tnote = {Best Student Paper Award},\n\tkeywords = {class\\_updating, state\\_diffing, type\\_award, type\\_conf, type\\_csec, type\\_mscthesis, type\\_paper, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n

\n \n\n \n \n \n \n \n \n Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries.\n \n \n \n \n\n\n \n Chen, X.; Slowinska, A.; and Bos, H.\n\n\n \n\n\n\n In WCRE, September 2013. \n Best Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Who$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{chen_who_2013,\n\ttitle = {Who {Allocated} {My} {Memory}? {Detecting} {Custom} {Memory} {Allocators} in {C} {Binaries}},\n\turl = {http://www.cs.vu.nl/~herbertb/papers/membrush_wcre13.pdf},\n\tbooktitle = {{WCRE}},\n\tauthor = {Chen, Xi and Slowinska, Asia and Bos, Herbert},\n\tmonth = sep,\n\tyear = {2013},\n\tnote = {Best Paper Award},\n\tkeywords = {class\\_reveng, type\\_award, type\\_conf, type\\_paper},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2007\n \n \n (1)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Failure Resilience for Device Drivers.\n \n \n \n \n\n\n \n Herder, J. N.; Bos, H.; Gras, B.; Homburg, P.; and Tanenbaum, A. S.\n\n\n \n\n\n\n In DSN, October 2007. \n William C. Carter Award\n\n\n\n
\n\n\n\n \n \n $\"Failure$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n \n \n 2 downloads\n \n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{herder_failure_2007,\n\ttitle = {Failure {Resilience} for {Device} {Drivers}},\n\turl = {http://cs.vu.nl/~ast/Publications/Papers/dsn-2007.pdf},\n\tbooktitle = {{DSN}},\n\tauthor = {Herder, Jorrit N. and Bos, Herbert and Gras, Ben and Homburg, Philip and Tanenbaum, Andrew S.},\n\tmonth = oct,\n\tyear = {2007},\n\tnote = {William C. Carter Award},\n\tkeywords = {class\\_reliability, type\\_award, type\\_conf, type\\_paper, type\\_tier1, type\\_top},\n}\n\n

\n\n\n\n

\n\n\n\n\n\n

\n\n

\n \n 2006\n \n \n (1)\n \n \n

\n \n \n

\n \n\n \n \n \n \n \n \n Supporting Reconfigurable Parallel Multimedia Applications.\n \n \n \n \n\n\n \n Nijhuis, M.; Bos, H.; and Bal, H. E.\n\n\n \n\n\n\n In EuroPar, October 2006. \n Distinguished Paper Award\n\n\n\n
\n\n\n\n \n \n $\"Supporting$ Paper\n \n \n\n \n\n \n link\n \n \n\n bibtex\n \n\n \n\n \n\n \n \n \n \n \n \n \n\n \n \n \n \n \n \n \n \n \n \n \n\n\n\n

@inproceedings{nijhuis_supporting_2006,\n\ttitle = {Supporting {Reconfigurable} {Parallel} {Multimedia} {Applications}},\n\turl = {http://www.ds.ewi.tudelft.nl/pubs/papers/europar2006b.pdf},\n\tbooktitle = {{EuroPar}},\n\tauthor = {Nijhuis, Maik and Bos, Herbert and Bal, Henri E.},\n\tmonth = oct,\n\tyear = {2006},\n\tnote = {Distinguished Paper Award},\n\tkeywords = {class\\_network, type\\_award, type\\_conf, type\\_paper},\n}\n

\n\n\n\n

\n\n\n\n\n\n

\n\n\n\n\n

\n\n\n \n\n \n \n \n \n\n