I am completing my PhD at CISPA Helmholtz Center for Information Security, advised by Michael Schwarz. My goal is to build a future where hardware stays secure even as the industry pushes for maximum performance. I examine how purely software-based attacks can exploit CPU flaws to bypass modern security isolation.
My research has led to widespread security updates. I discovered flaws in Trusted Execution Environments (TEEs) and across general CPU architectures that challenged long-held assumptions about hardware isolation. These discoveries required vendors to issue microcode and firmware patches, which were deployed by major cloud providers, including Google Cloud, AWS, IBM, Microsoft Azure, and Alibaba Cloud, as well as manufacturers like SuperMicro, to protect their most sensitive workloads.
My background bridges academia and industry. Before my PhD, I spent nearly three years as a security researcher at PeckShield. In Fall 2024, I was a Research Intern at Google, where I analyzed practical side-channel attacks on Confidential Virtual Machines (CVMs). My work has been widely featured in technical outlets, including Tom’s Hardware, BleepingComputer, The Register, The Hacker News, and Dark Reading.
- Software-Induced CPU Faults
- Side-channel and Microarchitectural Security
- Confidential Computing
- Program Analysis
PhD Student, 2022-Present
CISPA Helmholtz Center for Information Security
PhD Preparatory Phase, 2021
CISPA Helmholtz Center for Information Security
BSc in Software Engineering (Cybersecurity), 2019
University of Electronic Science and Technology of China, UESTC
Publications
Recent News
[2026.04] Our talk got accepted in Hardwear.io USA 2026!
[2026.01] We reveal StackWarp (CVE-2025-29943)!
[2025.06] Our paper “CacheWarp: Software-based Fault Injection using Selective State Reset” won the Best Hardware and Physics Paper in Cybersecurity Award 2025!
[2024.12] My internship in New York has come to an end. Huge thanks to everyone who made this journey unforgettable!
[2024.11] I proved to my colleagues that I can tell apart Cola Zero / Coca Cola / Diet Coke with just one sip! Sadly, we forgot to record it.
[2024.08] Happy to receive the distinguished artifact reviewers award at USENIX Security'24!
[2024.08] Due to a visa delay, I won’t be able to present our BH’USA talk as planned 😢.
[2024.05] Our briefing application got accepted in Black Hat USA 2024!
[2024.04] I will be a research intern at Google NYC this fall!
[2023.11] After a 7-month embargo, we are excited to publicly disclose CacheWarp (CVE-2023-20592).
CVEs
CVE-2025-54505 - Floating-point divider state sampling on AMD Zen and Zen+ CPUs; a transient-execution issue that can leak data through the floating-point divisor unit.
CVE-2025-52473 - Secret-dependent branching in liboqs HQC when compiled with optimized Clang, enabling secret-key recovery.
CVE-2025-29943 - StackWarp: deterministic stack-pointer manipulation that breaks AMD SEV-SNP guest integrity.
CVE-2024-44067 - GhostWrite: unprivileged arbitrary physical-memory writes on affected T-Head XuanTie RISC-V CPUs.
CVE-2023-20592 - CacheWarp: deterministic memory-write reverts in AMD SEV-ES/SEV-SNP guests by selectively invalidating modified cache lines.