I am a PhD student in the RootSec lab at CISPA Helmholtz Center for Information Security, advised by Dr. Michael Schwarz. My research focuses on CPU security, including software-based architectural attacks, side channels, and the security of Trusted Execution Environments.

In Fall 2024, I was a research intern at Google, where I continued exploring side-channel attacks targeting confidential virtual machines. Before starting my PhD, I worked as a security researcher at PeckShield from July 2018 to February 2021, under the supervision of Dr. Lei Wu and Yuan-Tsung Lo.

Interests
  • Software-Induced CPU Faults
  • Side-Channel and Microarchitectural Security
  • Confidential VM Security
  • Program Analysis
Education
  • PhD Student, 2022-Present

    CISPA Helmholtz Center for Information Security

  • PhD Preparatory Phase, 2021

    CISPA Helmholtz Center for Information Security

  • BSc in Software Engineering (Network Security Engineering), 2015

    University of Electronic Science and Technology of China, UESTC

Recent News

[2024.12] My internship in New York has come to an end. Huge thanks to everyone who made this journey unforgettable!

[2024.11] I proved to my colleagues that I can tell apart Cola Zero / Coca Cola / Diet Coke with just one sip! Sadly, we forgot to record it.

[2024.08] Happy to receive the distinguished artifact reviewers award at USENIX Security'24!

[2024.08] Due to a visa delay, I won’t be able to present our BH’USA talk as planned 😢.

[2024.05] Our briefing application got accepted in Black Hat USA 2024!

[2024.04] I will be a research intern at Google NYC this fall!

[2023.11] After a 7-month embargo, we are excited to publicly disclose CacheWarp (CVE-2023-20592).

Publications

(2025). Taming the Linux Memory Allocator for Rapid Prototyping. In DIMVA 2025.

PDF Cite Code Slides

(2025). ShadowLoad: Injecting State into Hardware Prefetchers. In ASPLOS 2025.

PDF Cite Code

(2024). CacheWarp: Software-based Fault Injection using Selective State Reset. In USENIX Security 2024.

PDF Cite Code Slides Video Website Demo#1 Demo#2

(2023). (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In USENIX Security 2023.

PDF Cite Code Slides Video

(2023). A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. In S&P 2023.

PDF Cite Code Video

(2023). Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS 2023.

PDF Cite Code

(2023). Reviving Meltdown 3a. In ESORICS 2023.

PDF Cite Code

(2021). EOSAFE: Security Analysis of EOSIO Smart Contracts. In USENIX Security 2021.

PDF Cite Slides Video

Talks

Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V
BlackHat USA'24