Publications

Daniel Weber, Fabian Thomas, Leon Trampert, Ruiyi Zhang, Michael Schwarz (2026). [Title Embargoed]. In S&P 2026.

Tristan Hornetz, Hosein Yavarzadeh, Albert Cheu, Adria Gascon, Lukas Gerlach, Daniel Moghimi, Phillipp Schoppmann, Michael Schwarz, Ruiyi Zhang (2026). [Coming soon]. In S&P 2026.

Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, Michael Schwarz (2025). StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU’s Stack Engine. In USENIX Security 2026.

PDF Cite Code Website Demo#1 Demo#2

Ruiyi Zhang, Albert Cheu, Adria Gascon, Daniel Moghimi, Phillipp Schoppmann, Michael Schwarz, Ocatavian Suciu (2025). SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs. In NDSS 2026.

PDF Cite Code

Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2025). Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs. In ACM CCS 2025.

PDF Cite Code Website

Ruiyi Zhang, Tristan Hornetz, Lukas Gerlach, Michael Schwarz (2025). Taming the Linux Memory Allocator for Rapid Prototyping. In DIMVA 2025.

PDF Cite Code Slides

Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Nils Bernsdorf, Eduard Ebert, Michael Schwarz (2025). ShadowLoad: Injecting State into Hardware Prefetchers. In ASPLOS 2025.

PDF Cite Code

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz (2024). CacheWarp: Software-based Fault Injection using Selective State Reset. In USENIX Security 2024.

PDF Cite Code Slides Video Website Demo#1 Demo#2

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz (2023). (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels. In USENIX Security 2023.

PDF Cite Code Slides Video

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz (2023). A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs. In S&P 2023.

PDF Cite Code Video

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Reviving Meltdown 3a. In ESORICS 2023.

PDF Cite Code

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz (2023). Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks. In ESORICS 2023.

PDF Cite Code

Ningyu He, Ruiyi Zhang, Haoyu Wang, Lei Wu, Xiapu Luo, Yao Guo, Ting Yu, Xuxian Jiang (2021). EOSAFE: Security Analysis of EOSIO Smart Contracts. In USENIX Security 2021.

PDF Cite Slides Video