I am a final year PhD candidate at CISPA Helmholtz Center for Information Security, advised by Dr. Michael Schwarz. My goal is to build a future where hardware stays secure even as the industry pushes for maximum performance. I examine how purely software-based attacks can exploit CPU flaws to bypass modern security isolation.

My research has led to widespread security updates. I discovered flaws in Trusted Execution Environments (TEEs) and across general CPU architectures that challenged long-held assumptions about hardware isolation. These discoveries required vendors to issue microcode and firmware patches, which were deployed by major cloud providers, including Google Cloud, AWS, IBM, Microsoft Azure, and Alibaba Cloud, as well as manufacturers like SuperMicro, to protect their most sensitive workloads.

My background bridges academia and industry. Before my PhD, I spent nearly three years as a security researcher at PeckShield. In Fall 2024, I was a Research Intern at Google, where I analyzed practical side-channel attacks on Confidential Virtual Machines (CVMs). My work has been widely featured in technical outlets, including Tom’s Hardware, BleepingComputer, The Register, The Hacker News, and Dark Reading.

✨ I am currently on the job market! ✨

Interests
  • Software-Induced CPU Faults
  • Side-channel and Microarchitectural Security
  • Confidential Computing
  • Program Analysis
Education

  • PhD Student, 2022-Present

    CISPA Helmholtz Center for Information Security

  • PhD Preparatory Phase, 2021

    CISPA Helmholtz Center for Information Security

  • BSc in Software Engineering (Cybersecurity), 2015

    University of Electronic Science and Technology of China, UESTC

Publications

Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, Michael Schwarz (2025). StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine. In USENIX Security 2026.

PDF Cite Code Website Demo#1 Demo#2

Ruiyi Zhang, Albert Cheu, Adria Gascon, Daniel Moghimi, Phillipp Schoppmann, Michael Schwarz, Ocatavian Suciu (2025). SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs. In NDSS 2026.

PDF Cite Code

Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2025). Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs. In ACM CCS 2025.

PDF Cite Code Website

Ruiyi Zhang, Tristan Hornetz, Lukas Gerlach, Michael Schwarz (2025). Taming the Linux Memory Allocator for Rapid Prototyping. In DIMVA 2025.

PDF Cite Code Slides

Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Nils Bernsdorf, Eduard Ebert, Michael Schwarz (2025). ShadowLoad: Injecting State into Hardware Prefetchers. In ASPLOS 2025.

PDF Cite Code

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz (2024). CacheWarp: Software-based Fault Injection using Selective State Reset. In USENIX Security 2024.

PDF Cite Code Slides Video Website Demo#1 Demo#2

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz (2023). (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In USENIX Security 2023.

PDF Cite Code Slides Video

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz (2023). A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. In S&P 2023.

PDF Cite Code Video

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS 2023.

PDF Cite Code

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Reviving Meltdown 3a. In ESORICS 2023.

PDF Cite Code

Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang (2021). EOSAFE: Security Analysis of EOSIO Smart Contracts. In USENIX Security 2021.

PDF Cite Slides Video

Recent News

[2026.01] We reveal StackWarp (CVE-2025-29943)!

[2025.06] Our paper “CacheWarp: Software-based Fault Injection using Selective State Reset” won the Best Hardware and Physics Paper in Cybersecurity Award 2025!

[2024.12] My internship in New York has come to an end. Huge thanks to everyone who made this journey unforgettable!

[2024.11] I proved to my colleagues that I can tell apart Cola Zero / Coca Cola / Diet Coke with just one sip! Sadly, we forgot to record it.

[2024.08] Happy to receive the distinguished artifact reviewers award at USENIX Security'24!

[2024.08] Due to a visa delay, I won’t be able to present our BH’USA talk as planned 😢.

[2024.05] Our briefing application got accepted in Black Hat USA 2024!

[2024.04] I will be a research intern at Google NYC this fall!

[2023.11] After a 7-month embargo, we are excited to publicly disclose CacheWarp (CVE-2023-20592).

Talks

Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V
BlackHat USA'24
Aug 8, 2024 4:00 PM Las Vegas
Fabian Thomas, Lorenz Hetterich, Ruiyi Zhang, Michael Schwarz
Code Slides
(M)WAIT for It - Bridging the Gap between Microarchitectural and Architectural Side Channels
BlackHat MEA'22
Nov 17, 2022 4:00 PM Riyadh
Ruiyi Zhang, Daniel Weber, Michael Schwarz
Code Slides Demo
(M)WAIT for It - Bridging the Gap between Microarchitectural and Architectural Side Channels

CVEs

Under embargo

CVE-2025-52473 - Zhenzhi Lai, Ruiyi Zhang, Zhiyuan Zhang, Julius Hermelink, Michael Schwarz, Van-Thuan Pham, Udaya Parampalli

CVE-2025-29943 - Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, Michael Schwarz

CVE-2024-44067 - Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

CVE-2023-20592 - Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz