In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space
by exploiting side-effects from transient instructions. While this attack has been mitigated …

Among the many software testing techniques available today, fuzzing has remained highly
popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of …

Power side-channel attacks exploit variations in power consumption to extract secrets from a
device, eg, cryptographic keys. Prior attacks typically required physical access to the target …

All Spectre attacks so far required local code execution. We present the first fully remote
Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+ …

This paper analyzes the vulnerability space arising in Trusted Execution Environments
(TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious …

Firefox and other major browsers rely on dozens of third-party libraries to render audio,
video, images, and other content. These libraries are a frequent source of vulnerabilities. To …

In May 2019, a new class of transient execution attack based on Meltdown called
microarchitectural data sampling (MDS), was disclosed. MDS enables adversaries to leak …

In this paper, we analyze the hardware-based Meltdown mitigations in recent Intel
microarchitectures, revealing that illegally accessed data is only zeroed out. Hence, while …

During system call execution, it is common for operating system kernels to read userspace
memory multiple times (multi-reads). A critical bug may exist if the fetched userspace …

Code-reuse attacks are dangerous threats that attracted the attention of the security
community for years. These attacks aim at corrupting important control-flow transfers for …