I am a PhD student in the RootSec lab at CISPA Helmholtz Center for Information Security, advised by Dr. Michael Schwarz. My research focuses on CPU security, including software-based architectural attacks, side channels, and the security of Trusted Execution Environments.

In Fall 2024, I was a research intern at Google, where I continued exploring side-channel attacks targeting confidential virtual machines. Before starting my PhD, I worked as a security researcher at PeckShield from July 2018 to February 2021, under the supervision of Dr. Lei Wu and Yuan-Tsung Lo.

Interests
  • Software-Induced CPU Faults
  • Side-Channel and Microarchitectural Security
  • Confidential VM Security
  • Program Analysis
Education

  • PhD Student, 2022-Present

    CISPA Helmholtz Center for Information Security

  • PhD Preparatory Phase, 2021

    CISPA Helmholtz Center for Information Security

  • BSc in Software Engineering (Network Security Engineering), 2015

    University of Electronic Science and Technology of China, UESTC

Recent News

[2024.12] My internship in New York has come to an end. Huge thanks to everyone who made this journey unforgettable!

[2024.11] I proved to my colleagues that I can tell apart Cola Zero / Coca Cola / Diet Coke with just one sip! Sadly, we forgot to record it.

[2024.08] Happy to receive the distinguished artifact reviewers award at USENIX Security'24!

[2024.08] Due to a visa delay, I won’t be able to present our BH’USA talk as planned 😢.

[2024.05] Our briefing application got accepted in Black Hat USA 2024!

[2024.04] I will be a research intern at Google NYC this fall!

[2023.11] After a 7-month embargo, we are excited to publicly disclose CacheWarp (CVE-2023-20592).

Publications

Ruiyi Zhang, Tristan Hornetz, Lukas Gerlach, Michael Schwarz (2025). Taming the Linux Memory Allocator for Rapid Prototyping. In DIMVA 2025.

PDF Cite Code Slides

Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Nils Bernsdorf, Eduard Ebert, Michael Schwarz (2025). ShadowLoad: Injecting State into Hardware Prefetchers. In ASPLOS 2025.

PDF Cite Code

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz (2024). CacheWarp: Software-based Fault Injection using Selective State Reset. In USENIX Security 2024.

PDF Cite Code Slides Video Website Demo#1 Demo#2

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz (2023). (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In USENIX Security 2023.

PDF Cite Code Slides Video

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz (2023). A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. In S&P 2023.

PDF Cite Code Video

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS 2023.

PDF Cite Code

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Reviving Meltdown 3a. In ESORICS 2023.

PDF Cite Code

Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang (2021). EOSAFE: Security Analysis of EOSIO Smart Contracts. In USENIX Security 2021.

PDF Cite Slides Video

Talks

Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V
BlackHat USA'24
Aug 8, 2024 4:00 PM Las Vegas
Fabian Thomas, Lorenz Hetterich, Ruiyi Zhang, Michael Schwarz
Code Slides
(M)WAIT for It - Bridging the Gap between Microarchitectural and Architectural Side Channels
BlackHat MEA'22
Nov 17, 2022 4:00 PM Riyadh
Ruiyi Zhang, Daniel Weber, Michael Schwarz
Code Slides Demo
(M)WAIT for It - Bridging the Gap between Microarchitectural and Architectural Side Channels