Michael Schwarz

misc0110
@misc0110
Google Scholar  | ORCID
michael.schwarz91@gmail.com | michael.schwarz@cispa.de

I'm a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, and lead the RootSec research group. In my research, I focus on microarchitectural side-channel attacks and system security. I obtained my PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology (advised by Daniel Gruss)

PhD Students

Current students: Daniel Weber, Ruiyi Zhang, Lukas Gerlach, Lorenz Hetterich, Leon Trampert, Fabian Thomas, Tristan Hornetz

Publications

2025
  Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage
Mikka Rainer, Lorenz Hetterich, Fabian Thomas, Tristan Hornetz, Leon Trampert, Lukas Gerlach, Michael Schwarz
S&P, San Francisco, California, USA, May 12-15, 2025
BibTeX
  ShadowLoad: Injecting State into Hardware Prefetchers
Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Nils Bernsdorf, Eduard Ebert, Michael Schwarz
ASPLOS, Rotterdam, The Netherlands, March 30 - April 3, 2025
BibTeX
  Taming the Linux Memory Allocator for Rapid Prototyping
Ruiyi Zhang, Tristan Hornetz, Lukas Gerlach, Michael Schwarz
DIMVA, Graz, Austria, July 9 - 11, 2025
BibTeX
  Hidden in Plain Sight: Scriptless Microarchitectural Attacks via TrueType Font Hinting
Leon Trampert, Michael Schwarz
uASC, Bochum, Germany, February 19, 2025
BibTeX
  PortPrint: Identifying Inaccessible Code with Port Contention
Tristan Hornetz, Michael Schwarz
uASC, Bochum, Germany, February 19, 2025
BibTeX
  Peripheral Instinct: How External Devices Breach Browser Sandboxes
Leon Trampert, Lorenz Hetterich, Lukas Gerlach, Mona Schappert, Christian Rossow, Michael Schwarz
WWW, Sydney, Australia, April 28 - May 2, 2025
BibTeX
  Lixom: Protecting Encryption Keys with Execute-Only Memory
Tristan Hornetz, Lukas Gerlach, Michael Schwarz
FC, Miyakojima, Japan, April 14-18, 2025
BibTeX
  Do Compilers Break Constant-time Guarantees?
Lukas Gerlach, Robert Pietsch, Michael Schwarz
FC, Miyakojima, Japan, April 14-18, 2025
BibTeX
  Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting
Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz
NDSS, San Diego, California, USA, February 23-28, 2025
CVE: CVE-2024-24510
Media: Heise, TechXplore, lavX
GitHub BibTeX
2024
  No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks
Daniel Weber, Leonard Niemann, Lukas Gerlach, Jan Reineke, Michael Schwarz
ACSAC, Waikiki, Hawaii, USA, December 9-13, 2024
GitHub BibTeX
  CacheWarp: Software-based Fault Injection using Selective State Reset
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz
USENIX Security, Philadelphia, Pennsylvania, USA, August 14-16, 2024
CVE: CVE-2023-20592
Media: Heise, ComputerBase, BleepingComputer, The Hacker News, Dark Reading, SecurityWeek, bnn, The Register, Golem, Business Telegraph, PC Games Hardware, Cyber Security News, Hot Hardware, Gigazine
Info GitHub Recording BibTeX
  Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8
Markus Bauer, Lorenz Hetterich, Michael Schwarz, Christian Rossow
AsiaCCS, Singapore, July 1-5, 2024
GitHub BibTeX
  Efficient and Generic Microarchitectural Hash-Function Recovery
Lukas Gerlach, Simon Schwarz, Nicolas Faroß, Michael Schwarz
S&P, San Francisco, California, USA, May 20-23, 2024
GitHub Recording BibTeX
2023
  Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks
Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz
ESORICS, The Hague, The Netherlands, September 25-29, 2023
GitHub BibTeX
  Reviving Meltdown 3a
Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz
ESORICS, The Hague, The Netherlands, September 25-29, 2023
GitHub BibTeX
  A Rowhammer Reproduction Study Using the Blacksmith Fuzzer
Lukas Gerlach, Fabian Thomas, Robert Pietsch, Michael Schwarz
ESORICS, The Hague, The Netherlands, September 25-29, 2023
BibTeX
  FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers
Till Schlüter, Amit Choudhari, Lorenz Hetterich, Leon Trampert, Hamed Nemati, Ahmad Ibrahim, Michael Schwarz, Christian Rossow, Nils Ole Tippenhauer
CCS, Copenhagen, Denmark, November 26-30, 2023
GitHub BibTeX
  Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels
Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard
USENIX Security, Anaheim, California, USA, August 9-11, 2023
CVE: CVE-2023-20583
Media: Heise, CISPA, idw, The Register, SecurityWeek, ORF, BleepingComputer, hackster.io, Naked Security
Info GitHub Recording BibTeX
  Hammulator: Simulate Now - Exploit Later
Fabian Thomas, Lukas Gerlach, Michael Schwarz
DRAMSec, Virtual, June 17, 2023
Info GitHub Recording BibTeX
  A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs
Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz
S&P, San Francisco, California, USA, May 22-25, 2023
GitHub Recording BibTeX
  Practical Timing Side-Channel Attacks on Memory Compression
Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss
S&P, San Francisco, California, USA, May 22-25, 2023
E-print arXiv:2111.08404, November 2021
CVE: CVE-2022-0925
GitHub Recording Demo BibTeX
  CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode
Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz
WOOT, San Francisco, California, USA, May 25, 2023
Media: Best Paper Award
GitHub BibTeX
  (M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels
Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz
USENIX Security, Anaheim, California, USA, August 9-11, 2023
GitHub BibTeX
  TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors
Dhiman Chakraborty, Michael Schwarz, Sven Bugiel
FC, Bol, Brač, Croatia, May 1-5, 2023
BibTeX
2022
  ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
USENIX Security, Boston, Massachusetts, USA, August 10-12, 2022
CVE: CVE-2022-21233
Media: The Register, arstechnica, SecurityWeek, Heise, The Hacker News, Security Affairs, Deutschlandfunk
Info GitHub Slides Recording BibTeX
  HyperDbg: Reinventing Hardware-Assisted Debugging
Mohammad Sina Karvandi, MohammadHossein Gholamrezaei, Saleh Khalaj Monfared, Soroush Meghdadizanjani, Behrooz Abbassi, Ali Amini, Reza Mortazavi, Saeid Gorgin, Dara Rahmati, Michael Schwarz
CCS, Los Angeles, California, USA, November 7-11, 2022
E-print arXiv:2207.05676, May 2022
Info GitHub BibTeX
  Robust and Scalable Process Isolation against Spectre in the Cloud
Martin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Michael Schwarz, Daniel Gruss
ESORICS, Copenhagen, Denmark, September 26 - 30, 2022
Media: Cloudflare, Cloudflare Blog, InfoQ
BibTeX
  Browser-based CPU Fingerprinting
Leon Trampert, Christian Rossow, Michael Schwarz
ESORICS, Copenhagen, Denmark, September 26 - 30, 2022
Info GitHub BibTeX
  CPU Port Contention Without SMT
Thomas Rokicki, Clémentine Maurice, Michael Schwarz
ESORICS, Copenhagen, Denmark, September 26 - 30, 2022
Info GitHub BibTeX
  Branch Different - Spectre Attacks on Apple Silicon
Lorenz Hetterich, Michael Schwarz
DIMVA, Cagliari, Italy, June 29 - July 1, 2022
GitHub BibTeX
  Finding and Exploiting CPU Features using MSR Templating
Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz
S&P, San Francisco, California, USA, May 23-26, 2022
GitHub Recording BibTeX
  Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks
Andreas Kogler, Daniel Gruss, Michael Schwarz
USENIX Security, Boston, Massachusetts, USA, August 10-12, 2022
Info GitHub Slides Recording BibTeX
  AMD Prefetch Attacks through Power and Time
Moritz Lipp, Daniel Gruss, Michael Schwarz
USENIX Security, Boston, Massachusetts, USA, August 10-12, 2022
CVE: CVE-2021-26318
Media: The Record, Phoronix, SecurityWeek, Security Affairs, Cyber Intel Mag, Aroged, gadget.tendency
Info GitHub Recording BibTeX
  Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX
Lukas Giner, Andreas Kogler, Claudio Canella, Michael Schwarz, Daniel Gruss
USENIX Security, Boston, Massachusetts, USA, August 10-12, 2022
Info GitHub Slides Recording BibTeX
  Rapid Prototyping for Microarchitectural Attacks
Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss
USENIX Security, Boston, Massachusetts, USA, August 10-12, 2022
Info GitHub Slides Recording BibTeX
2021
  Automating Seccomp Filter Generation for Linux Applications
Claudio Canella, Mario Werner, Daniel Gruss, Michael Schwarz
CCSW, Virtual, November 14, 2021
E-print arXiv:2012.02554, December 2020
GitHub Slides BibTeX
  Osiris: Automated Discovery of Microarchitectural Side Channels
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow
USENIX Security, Virtual, August 11-13, 2021
Info GitHub Slides Recording BibTeX
  PLATYPUS: Software-based Power Side-Channel Attacks on x86
Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss
S&P, Virtual, May 23-27, 2021
CVE: CVE-2020-8694, CVE-2020-8695
Media: The Register, Computer Weekly, arstechnica, ZDNet, CISPA
Info Slides Recording Music Video BibTeX
  Speculative Dereferencing of Registers: Reviving Foreshadow
Martin Schwarzl, Thomas Schuster, Michael Schwarz, Daniel Gruss
FC, Virtual, March 1-5, 2021
E-print arXiv:2008.02307, August 2020
Media: The Register, phoronix, The Hacker News
Slides Recording BibTeX
  Specfuscator: Evaluating Branch Removal as a Spectre Mitigation
Martin Schwarzl, Claudio Canella, Daniel Gruss, Michael Schwarz
FC, Virtual, March 1-5, 2021
Slides Recording BibTeX
2020
  How Trusted Execution Environments Fuel Research on Microarchitectural Attacks
Michael Schwarz, Daniel Gruss
Security & Privacy, June 3, 2020
Info BibTeX
  Donky: Domain Keys - Efficient In-Process Isolation for RISC-V and x86
David Schrammel, Samuel Weiser, Stefan Steinegger, Martin Schwarzl, Michael Schwarz, Stefan Mangard, Daniel Gruss
USENIX Security, Boston, Massachusetts, USA, August 12-14, 2020
GitHub Slides Recording BibTeX
  Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors
Moritz Lipp, Vedad Hadžić, Michael Schwarz, Arthur Perais, Clémentine Maurice, Daniel Gruss
AsiaCCS, Taipei, Taiwan, October 5-9, 2020
Media: Tom's Hardware, ZDNet, engadget, TechRadar, Techspot
BibTeX
  KASLR: Break It, Fix It, Repeat
Claudio Canella, Michael Schwarz, Martin Haubenwallner, Martin Schwarzl, Daniel Gruss
AsiaCCS, Taipei, Taiwan, October 5-9, 2020
GitHub Slides BibTeX
  Nethammer Inducing Rowhammer Faults through Network Requests
Moritz Lipp, Michael Schwarz, Lukas Raab, Lukas Lamster, Misiker Tadesse Aga, Clémentine Maurice, Daniel Gruss
SILM, Genova, Italy, September 7-11, 2020
E-print arXiv:1805.04956, May 2018
Media: The Hacker News, The Register, Heise
BibTeX
  Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis
Daniel Moghimi, Moritz Lipp, Berk Sunar, Michael Schwarz
USENIX Security, Boston, Massachusetts, USA, August 12-14, 2020
Info GitHub Slides Recording BibTeX
  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
CACM, July 2020
Homepage Info Wikipedia BibTeX
  Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Raoul Strackx
CACM, June 2020
CVE: CVE-2017-5754
Homepage Info Wikipedia GitHub BibTeX
  LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens
S&P, San Francisco, California, USA, May 18-20, 2020
CVE: CVE-2020-0551
Media: The Register, Tom's Hardware, ZDNet, Heise, SecurityWeek
Info Wikipedia GitHub Recording Demo Trailer BibTeX
  ConTExT: A Generic Approach for Mitigating Spectre
Michael Schwarz, Moritz Lipp, Claudio Canella, Robert Schilling, Florian Kargl, Daniel Gruss
NDSS, San Diego, California, USA, February 23-26, 2020
E-print arXiv:1905.09100, May 2019
Info GitHub Slides Recording BibTeX
  Malware Guard Extension: abusing Intel SGX to conceal cache attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard
Cybersecurity, January, 2020
E-print arXiv:1702.08719, February 2017
Media: The Register, Schneier on Security, Information Security Newspaper, SecurityIntelligence, Digital Trends, BleepingComputer, SecurityWeek
Info Wikipedia BibTeX
2019
  Software-based Side-Channel Attacks and Defenses in Restricted Environments
Michael Schwarz
PhD Thesis, Graz University of Technology, November 5, 2019
Slides Part 1 only Poster BibTeX
  ZombieLoad: Cross-Privilege-Boundary Data Sampling
Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss
CCS, London, United Kingdom, November 11-15, 2019
E-print arXiv:1905.05726, May 2019
CVE: CVE-2018-12130, CVE-2019-11091
Media: BBC, The Verge, Fortune, ZD Net, Heise
Homepage Info Wikipedia GitHub Slides Demo BibTeX
  Fallout: Leaking Data on Meltdown-resistant CPUs
Claudio Canella, Daniel Genkin, Lukas Giner, Daniel Gruss, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, Yuval Yarom
CCS, London, United Kingdom, November 11-15, 2019
E-print arXiv:1905.12701, May 2019
CVE: CVE-2018-12126
Media: Trend Micro, BleepingComputer, Wired
Homepage Info Wikipedia BibTeX
  NetSpectre: Read Arbitrary Memory over Network
Michael Schwarz, Martin Schwarzl, Moritz Lipp, Jon Masters, Daniel Gruss
ESORICS, Luxembourg, September 23-27, 2019
E-print arXiv:1807.10535, July 2018
Media: The Register, GBHackers, SecurityWeek, Heise, BleepingComputer, DARKReading
Info Wikipedia Slides BibTeX
  SGXJail: Defeating Enclave Malware via Confinement
Samuel Weiser, Luca Mayr, Michael Schwarz, Daniel Gruss
RAID, Beijing, China, September 23-25, 2019
Info BibTeX
  Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs
Michael Schwarz, Claudio Canella, Lukas Giner, Daniel Gruss
E-print arXiv:1905.05725, May 2019
Media: The Register, Ars Technica, TU Graz
Info BibTeX
  A Systematic Evaluation of Transient Execution Attacks and Defenses
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss
USENIX Security, Santa Clara, California, USA, August 14-16, 2019
E-print arXiv:1811.05441, November 2018
Media: The Inquirer, The Hacker News, SecurityNow, ZDNet, Heise
Homepage Info GitHub Slides Recording BibTeX
  ScatterCache: Thwarting Cache Attacks via Cache Set Randomization
Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, Stefan Mangard
USENIX Security, Santa Clara, California, USA, August 14-16, 2019
Info Slides Recording BibTeX
  Page Cache Attacks
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh
CCS, London, United Kingdom, November 11-15, 2019
E-print arXiv:1901.01161, January 2019
CVE: CVE-2019-5489
Media: Dark Reading, SecurityWeek, BleepingComputer, The Register, SC Magazine, Security Now
Wikipedia BibTeX
  Practical Enclave Malware with Intel SGX
Michael Schwarz, Samuel Weiser, Daniel Gruss
DIMVA, Gothenburg, Sweden, June 19-20, 2019
E-print arXiv:1902.03256, Februrary 2019
Media: The Register, ZDNet, Trend Micro, The Hacker News, TechRadar, ars Technica
Info GitHub Slides BibTeX
  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
S&P, San Francisco, California, USA, May 20-22, 2019
E-print arXiv:1801.01203, January 2018
CVE: CVE-2017-5753, CVE-2017-5715
Info Wikipedia Slides Recording BibTeX
  JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits
Michael Schwarz, Florian Lackner, Daniel Gruss
NDSS, San Diego, California, USA, February 24-27, 2019
Media: The Register, ZDNet, EthHack, PortSwigger
Info GitHub Slides Recording BibTeX
2018
  Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
USENIX Security, Baltimore, Maryland, USA, August 15-17, 2018
E-print arXiv:1801.01207, January 2018
CVE: CVE-2017-5754
Info Wikipedia GitHub Slides Recording BibTeX
  Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clémentine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard
AsiaCCS, Songdo, Incheon, Korea, June 4-8, 2018
E-print arXiv:1711.01254, November 2017
GitHub Slides BibTeX
  Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services
Daniel Gruss, Michael Schwarz, Matthias Wübbeling, Simon Guggi, Timo Malderle, Stefan More, Moritz Lipp
AsiaCCS, Songdo, Incheon, Korea, June 4-8, 2018
BibTeX
  Another Flip in the Wall of Rowhammer Defenses
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom
S&P, San Francisco, California, USA, May 21-23, 2018
Media: BleepingComputer, SecurityNow, TU Graz, The Register
GitHub Recording BibTeX
  JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss
NDSS, San Diego, California, USA, February 18-21, 2018
Media: BleepingComputer, TechGig, Medium
GitHub Slides Recording BibTeX
  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard
NDSS, San Diego, California, USA, February 18-21, 2018
GitHub Slides Recording BibTeX
2017
  Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard
ESORICS, Oslo, Norway, September 11-15, 2017
GitHub Slides BibTeX
  Quality Assurance for Human Computation Based Recommendation
Michael Schwarz
Master's Thesis, Graz University of Technology, June 13, 2017
Slides BibTeX
  KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard
ESSoS, Bonn, Germany, July 4-5, 2017
Wikipedia GitHub Slides BibTeX
  Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard
DIMVA, Bonn, Germany, July 6-7, 2017
E-print arXiv:1702.08719, February 2017
Media: The Register, Schneier on Security, Information Security Newspaper, SecurityIntelligence, Digital Trends, BleepingComputer, SecurityWeek
Wikipedia Slides BibTeX
  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Michael Schwarz, Clémentine Maurice, Daniel Gruss and Stefan Mangard
FC, Sliema, Malta, April 3-7, 2017
Media: Mozilla Security Blog
Slides BibTeX
  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Römer, Stefan Mangard
NDSS, San Diego, California, USA, February 26 - March 1, 2017
Media: The Register
Info Slides Recording BibTeX
2016
  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Master's Thesis, Graz University of Technology, October 13, 2016
Slides BibTeX
  Human computation for constraint-based recommenders
Thomas Ulz, Michael Schwarz, Alexander Felfernig, Sarah Haas, Amal Shehadeh, Stefan Reiterer, Martin Stettinger
JIIS, September 28, 2016
BibTeX
  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard
USENIX Security, Austin, Texas, USA, August 10-12, 2016
Info GitHub Slides Recording BibTeX
2015
  Peopleviews: Human computation for constraint-based recommendation
Alexander Felfernig, Thomas Ulz, Sarah Haas, Michael Schwarz, Stefan Reiterer, Martin Stettinger
RecSys, Vienna, Austria, September 19, 2015
Slides BibTeX
  Human computation based acquisition of financial service advisory practices
Alexander Felfernig, Michael Jeran, Martin Stettinger, Thomas Absenger, Thomas Gruber, Sarah Haas, Emanuel Kirchengast, Michael Schwarz, Lukas Skofitsch, Thomas Ulz
FinRec, Graz, Austria, April 16, 2015
BibTeX
2014
  Recturk: Constraint-based recommendation based on human computation
Alexander Felfernig, Sarah Haas, Gerald Ninaus, Michael Schwarz, Thomas Ulz, Martin Stettinger, Klaus Isak, Michael Jeran, Stefan Reiterer
RecSys, Silicon Valley, California, USA, October 6, 2014
BibTeX

Presentations

2024
  Wie man unsichere Webseiten erkennt und sich schützt
Michael Schwarz
Saar-Security 2024, Virtual, November 26, 2024
BibTeX
  Leaky Processors: When the Laws of Nature Reveal Secrets
Michael Schwarz
Invited Talk @ Forschung in Natur- und Ingenieurwissenschaften, Saarland University, July 15, 2024
BibTeX
2023
  (In)visible Bugs - From Transient Execution to Architectural CPU Vulnerabilities
Michael Schwarz
Keynote @ AsianHOST, Tianjin, China, December 15, 2023
Info BibTeX
  With Great Power Comes Great Potential
Michael Schwarz
Invited Talk @ Tsinghua University, Beijing, China, December 11, 2023
BibTeX
  Keine Frage des ob, sondern des wann...
Michael Schwarz
Keynote @ Cyber Security Tag, Saarbruecken, Germany, September 27, 2023
BibTeX
  Unsichere Webseiten Erkennen
Michael Schwarz
CISPA <3 IGB, St. Ingbert, Germany, September 16, 2023
BibTeX
  Beyond the Noise: Automated Discovery of Microarchitectural Security Leaks
Michael Schwarz
Invited Talk @ CISPA Summer School, Saarbruecken, Germany, August 23, 2023
Info BibTeX
  CPU Fuzzing: Automatic Discovery of Microarchitectural Attacks
Daniel Weber, Michael Schwarz
RuhrSec, Bochum, Germany, May 11-12, 2023
Info BibTeX
  Sichere die digitale Zukunft! - Smart Home und Passwortsicherheit
Michael Schwarz
Invited Talk @ Otto-Hahn-Gymnasium, Saarbruecken, Germany, March 1, 2023
Media: CISPA, Unser Ding, BMBF
BibTeX
  Transient Execution Attacks
Moritz Lipp, Michael Schwarz, Daniel Gruss
Invited Talk @ IT-Defense, Mainz, Germany, February 9, 2023
Info BibTeX
2022
  From Random Observations to Automated Leakage Discovery
Michael Schwarz
Keynote @ International Winter School on Microarchitectural Security, Paris, France, December 5-9, 2022
Info BibTeX
  Bug-Free Software but Insecure Systems?
Michael Schwarz
Airbus & CISPA Day, Saarbrücken, Germany, November 30, 2022
Info BibTeX
  Automated CPU-vulnerability Discovery
Michael Schwarz
EC Visit CISPA, Saarbrücken, Germany, November 16, 2022
BibTeX
  From Random Timings to Data Leakage
Michael Schwarz
Invited Talk @ Mathematics Preparatory Course UdS, Saarbrücken, Germany, October 13, 2022
BibTeX
  Sicherheit von Prozessoren
Michael Schwarz
Explore Science, Mannheim, Germany, June 24, 2022
Info BibTeX
  Sicherheit von Prozessoren
Michael Schwarz
Invited Talk @ Tag der offenen Tür | Universität des Saarlandes, Saarbruecken, Germany, May 21, 2022
Info BibTeX
  CPU Fuzzing for Discovering Hardware-caused Information Leakage
Michael Schwarz
Webinar @ hardwear.io, Virtual, January 11, 2022
Info Recording BibTeX
2021
  Learning Security through Gamified Challenges
Michael Schwarz
Webinar @ Best-Practice E-Learning an der UdS, Virtual, November 17, 2021
BibTeX
  Unsichere Systeme trotz fehlerfreier Software? Wie Hardware die Sicherheit von Software untergräbt
Michael Schwarz
Keynote @ Regionaltagung des Senior Experten Service, IHK Saarland, October 21, 2021
BibTeX
  Seitenkanal-Angriffe: Wie Seiteneffekte Geheimnisse Verraten
Michael Schwarz
CISPA Roadshow, Virtual Event, September 18, 2021
Info Recording BibTeX
  Pubquiz zur Informatik und Cybersicherheit
Michael Schwarz
CISPA Roadshow, Virtual Event, September 18, 2021
Info BibTeX
  Pubquiz rund um Informatik und Cybersicherheit
Michael Schwarz
Digitaltag, Virtual Event, June 18, 2021
Info BibTeX
  Enter Sandbox
Claudio Canella, Mario Werner, Michael Schwarz
BlackHat Asia, Virtual Event, May 6-7, 2021
Media: DARKReading
Info BibTeX
2020
  LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection
Jo Van Bulck, Michael Schwarz, Moritz Lipp, Daniel Gruss
rC3, Online, December, 2020
Info Recording BibTeX
  Attacking CPUs with Power Side Channels from Software: Warum leaked hier Strom?
Moritz Lipp, Michael Schwarz, Daniel Gruss, Andreas Kogler
rC3, Online, December, 2020
Info Recording BibTeX
  Software-based Side-Channel Attacks and Defenses in Restricted Environments
Michael Schwarz
Shortlisted Candidate Talk @ Heinz Zemanek Preis Hearing, Online, May 28, 2020
BibTeX
  Store-to-Leak Forwarding: There and Back Again
Claudio Canella, Lukas Giner, Michael Schwarz
BlackHat Asia, Marina Bay Sands, Singapore, April 2-3, 2020
Info Recording BibTeX
  ZombieLoad: Leaking Data on Intel CPUs
Michael Schwarz, Moritz Lipp
BlackHat Asia, Marina Bay Sands, Singapore, April 2-3, 2020
Info Recording BibTeX
  Page Cache Attacks: Microarchitectural Attacks on Flawless Hardware
Daniel Gruss, Trishita Tiwari, Michael Schwarz
BlackHat Asia, Marina Bay Sands, Singapore, April 2-3, 2020
Info Recording BibTeX
  Software-based Side-Channel Attacks and Defenses
Michael Schwarz
CISPA Helmholtz Center for Information Security, Saarbruecken, Germany, February 11, 2020
BibTeX
  Software-based Side-Channel Attacks and Defenses
Michael Schwarz
Invited Talk @ DFINITY, Zurich, Switzerland, February 5, 2020
BibTeX
2019
  ZombieLoad Attack
Michael Schwarz, Moritz Lipp, Daniel Gruss
36th Chaos Communication Congress (36C3), Leipzig, Germany, December 27-30, 2019
Info GitHub Recording BibTeX
  Confining (Un)Trusted Execution Environments
Michael Schwarz
Invited Talk @ Workshop on the Security of Software / Hardware Interfaces (SILM), Rennes, France, November 20, 2019
Info BibTeX
  Transient Execution Attacks: Exploiting the CPU's Microarchitecture
Michael Schwarz, Moritz Lipp
Guest Talk @ Worcester Polytechnic Institute, Worcester, Massachusetts, United States, October 7, 2019
Info BibTeX
  SGX – Secure Enclaves als Angriffsvektor
Daniel Gruss, Michael Schwarz, Moritz Lipp
Invited Talk @ IKT-Sicherheitskonferenz, Fürstenfeld, Austria, October 1-2, 2019
Info BibTeX
  Meltdown, Spectre, Zombie-Load; Wie Hardware-Fehler die Systemsicherheit gefährden
Daniel Gruss, Michael Schwarz, Moritz Lipp
Invited Talk @ IKT-Sicherheitskonferenz, Fürstenfeld, Austria, October 1-2, 2019
Info Recording BibTeX
  A Brief Introduction to Memory Safety, Exploitation, and Countermeasures
Michael Schwarz
Invited Talk @ Graz Security Days for Industry, Graz, Austria, September 18-19, 2019
Info BibTeX
  Microarchitectural Side-Channel Attacks
Michael Schwarz
Invited Talk @ Security Week Graz, Graz, Austria, September 16-20, 2019
Info Recording BibTeX
  Software-based Side-Channel Attacks and Defenses in Restricted Environments
Michael Schwarz
Austrian Computer Science Day, Vienna, Austria, June 3, 2019
Info BibTeX
  Are Microarchitectural Attacks still possible on Flawless Hardware?
Michael Schwarz, Erik Kraft
RuhrSec, Bochum, Germany, May 28-29, 2019
Info Recording BibTeX
  A Christmas Carol - The Spectres of the Past, Present, and Future
Claudio Canella, Daniel Gruss, Michael Schwarz, Moritz Lipp
Grazer Linuxtage, Graz, Austria, April 26-27, 2019
Info Recording BibTeX
  Exploiting the Microarchitecture: Transient Execution Attacks
Michael Schwarz
Invited Talk @ MooseCon, Sofia, Bulgaria, April 11, 2019
BibTeX
  NetSpectre: A Truly Remote Spectre Variant
Michael Schwarz, Martin Schwarzl
BlackHat Asia, Marina Bay Sands, Singapore, March 28-29, 2019
Info Demo BibTeX
2018
  A Christmas Carol: The Spectres of the Past, Present, and Future
Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella
35th Chaos Communication Congress (35C3), Leipzig, Germany, December 27-30, 2018
Info Recording Demo BibTeX
  Red Team vs Blue Team: Memory Safety, Exploitation, and Countermeasures
Michael Schwarz
Invited Talk @ Graz Security Days for Industry, Graz, Austria, September 4-5, 2018
Info BibTeX
  Hacking (in) Games - Protecting your Games and your Gamers
Michael Schwarz, Daniel Gruss
Invited Talk @ Game Dev Days, Graz, Austria, August 31 - September 2, 2018
Info Recording BibTeX
  Another Flip in the Row
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Info Recording Whitepaper Demo BibTeX
  Meltdown: Basics, Details, Consequences
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Media: Reuters, CNBC
Info Recording BibTeX
  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Shortlisted Candidate Talk @ Forum Technik und Gesellschaft, Graz, Austria, June 6, 2018
Info BibTeX
  Fehlerfreie Software und trotzdem unsicher? Eine Einführung in die Mikroarchitekturangriffe anhand von Meltdown, Spectre, und Rowhammer
Daniel Gruss, Moritz Lipp, Michael Schwarz
Invited Talk @ Monat der freien Bildung, Graz, Austria, May 25, 2018
Info BibTeX
  Flush+Reload, Meltdown, Spectre, Rowhammer
Michael Schwarz
Guest Talk @ BORG Monsberger, Graz, Austria, May 25, 2018
BibTeX
  Meltdown and Spectre: Side-channels considered hARMful
Moritz Lipp, Michael Schwarz
Qualcomm Mobile Security Summit, San Diego, California, USA, May 16-18, 2018
Info BibTeX
  X-Factor: Das Unfassbare - Die Geschichte von Meltdown und Spectre
Michael Schwarz
Grazer Linuxtage, Graz, Austria, April 27-28, 2018
Info Recording BibTeX
  When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
Michael Schwarz, Moritz Lipp
BlackHat Asia, Marina Bay Sands, Singapore, March 20-23, 2018
Media: DARKReading
Info Recording Whitepaper Demo BibTeX
  Rowhammer: From the Basics to Sophisticated New Variants
Moritz Lipp, Michael Schwarz
Guest Talk @ Qualcomm, San Diego, California, USA, February 21, 2018
BibTeX
  Spectre and Meltdown on x86 and ARM
Michael Schwarz, Moritz Lipp, Stefan Mangard
Guest Talk @ NXP, Gratkorn, Austria, February 15, 2018
BibTeX
  Microarchitectural Attacks and Defenses in JavaScript
Michael Schwarz, Daniel Gruss, Moritz Lipp
Guest Talk @ Google, Munich, Germany, January 25, 2018
BibTeX
  Beyond Belief: The Case of Spectre and Meltdown
Daniel Gruss, Moritz Lipp, Michael Schwarz
Keynote @ BlueHat IL, Tel Aviv, Israel, January 24, 2018
Info Recording BibTeX
  Prozessorlücken: Wer ist betroffen und was ist zu tun?
Michael Schwarz, Wolfgang Prentner, Benjamin Borchers
Webinar @ colited, January 16, 2018
BibTeX
2017
  Hello from the Other Side: Reliable Communication over Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
Invited Talk @ ISACA Venice V Conference on Application Security and Modern Technologies, Mestre, Venice, Italy, October 6, 2017
Info BibTeX
  Cash Attacks on SGX
Daniel Gruss, Michael Schwarz
Invited Talk @ Breaking Bitcoin, Paris, France, September 9-10, 2017
Info Recording BibTeX
  Robust Cache Covert Channels in the Cloud
Michael Schwarz
Rump Session @ Financial Cryptography, Sliema, Malta, April 2-7, 2017
BibTeX
  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
BlackHat Asia, Marina Bay Sands, Singapore, March 30-31, 2017
Media: The Register
Info GitHub Recording Whitepaper Demo BibTeX
2016
  DRAMA: How your DRAM becomes a security problem
Michael Schwarz, Anders Fogh
BlackHat Europe, London, United Kingdom, November 3-4, 2016
Media: The Register
Info GitHub Recording Whitepaper Demo BibTeX

Trainings

2022
  Turning Timing Differences into Data Leakage
Michael Schwarz, Daniel Weber
International Winter School on Microarchitectural Security, Paris, France, October 5-9, 2022
Info GitHub
2021
  A Practical Introduction to Transient Execution Attacks
Michael Schwarz
ESORICS 2021, Virtual, July 28, 2021
Info GitHub Recording
2019
  Runtime Security Lab
Michael Schwarz
Security Week Graz, Graz, Austria, September 16-20, 2019
Info
  Microarchitectural Side-Channel Lab
Michael Schwarz
Security Week Graz, Graz, Austria, September 16-20, 2019
Info
  Microarchitectural Attacks
Daniel Gruss, Moritz Lipp, Michael Schwarz
RuhrSec, Bochum, Germany, May 27, 2019
Info
2018
  Runtime Security Lab
Michael Schwarz
School on Security & Correctness in the Internet of Things, Graz, Austria, September 3-7, 2018
Info
2017
  Programming Lab Binary Exploitation (ARM)
Michael Schwarz
IACR Cryptology School 2017 Security & Correctness in the IoT, Graz, Austria, May 8-12, 2017
Info
2016
  CTF Training Session: Easy Crypto & ECDSA
Michael Schwarz
LosFuzzys CTF Training, Graz, Austria, September 13, 2016

Awards

2025
  Distinguished Artifact Award - Cascading Spy Sheets
Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz
NDSS, San Diego, California, USA, February 23-28, 2025
2024
  Google Research Scholar Award
Michael Schwarz
Google, Virtual, March, 2024
  AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy
Michael Schwarz
AMiner, Virtual, March 14, 2024
2023
  Finalist: Busy Beaver Award for Best Computer Science Lecture "Foundations of Cyber Security II"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, October 23, 2023
  USENIX Security Noteworthy Reviewer Award
Michael Schwarz
USENIX Security, Anaheim, California, USA, August 9-11, 2023
Media: CISPA
  WOOT Best Paper - CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode
Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz
WOOT, San Francisco, California, USA, May 25, 2023
2022
  Busy Beaver Award for Best Computer Science Lecture "Foundations of Cyber Security II"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, October 24, 2022
Media: Saarland University, CISPA
  Pwnie Award for Best Desktop Bug - ÆPIC
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 10, 2022
  AI 2000 Most Influential Scholar Honorable Mention in Security and Privacy
Michael Schwarz
AMiner, Virtual, March 18, 2022
2021
  CCSW Best Paper - Automating Seccomp Filter Generation for Linux Applications
Claudio Canella, Mario Werner, Daniel Gruss, Michael Schwarz
ACM Cloud Computing Security Workshop, Virtual, November 14, 2021
  CSAW Best Paper 3rd Place - Osiris
Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow
CSAW Applied Research Competition, Virtual, November 12, 2021
Media: CSAW
  Busy Beaver Award for Best Computer Science Lecture "Side-Channel Attacks and Defenses"
Michael Schwarz
Students' Representative Council Saarland University, Saarbruecken, Germany, April 12, 2021
Media: Saarbrücker Zeitung
2020
  Award of Excellence - Austrian National Award for Best Dissertations
Michael Schwarz
Federal Ministry of Education, Science and Research of Austria, Vienna, Austria, December 10, 2020
Media: APA
  NSA Best Scientific Cybersecurity Paper Competition Winner: Spectre
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
NSA, Fort Meade, Maryland, USA, November 30, 2020
Media: NSA, CISPA
  Finalist: Prize for Excellence in Teaching with the course "Security Aspects in Software Development"
Michael Schwarz
Graz University of Technology, Graz, Austria, November 19, 2020
  EuroSys Roger Needham PhD Award
Michael Schwarz
EuroSys, Heraklion, Crete, Greece, April 27-30, 2020
Media: EuroSys
2019
  NSA Best Scientific Cybersecurity Paper Competition Honorable Mention: Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
NSA, Fort Meade, Maryland, USA, October 10, 2019
  Open Exploit Award: Meltdown and Spectre
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
Hackatoshi's Flying Circuit, Prague, Czech Republic, July 19-21, 2019
  S&P Distinguished Paper Award - Spectre
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
40th IEEE Symposium on Security and Privacy, San Francisco, California, USA, May 20-22, 2019
2018
  CSAW Best Paper Award - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
CSAW Applied Research Competition, Valence, France, November 10, 2018
  Pwnie Award for Best Privilege Escalation Bug - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
BlackHat USA, Las Vegas, USA, August 8, 2018
  Pwnie Award for Most Innovative Research - Spectre
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 8, 2018
  Sponsorship Award for master thesis of particular relevance to society, 2nd place: DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Forum Technik und Gesellschaft, Graz, Austria, June 7, 2018
2017
  Pwnie Award for Best Song
Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner
BlackHat USA, Las Vegas, USA, July 26, 2017
2016
  IAIK Student Research Excellence Awards
Michael Schwarz
IAIK Graz University of Technology, Graz, Austria, December 2, 2016

Community Service

2025
  NDSS (PC)
NDSS
2024
  CCS (PC)
CCS
  USENIX Security (PC)
USENIX Security
  NDSS (PC)
NDSS
  SysTEX (PC)
SysTEX
  DIMVA (PC)
DIMVA
2023
  CCS (PC)
CCS
  RAID (Publicity Chair)
RAID
  DIMVA (Publicity Chair)
DIMVA
  WOOT (PC)
WOOT
  ESORICS (Core PC)
ESORICS
  DIMVA (PC)
DIMVA
  USENIX Security (PC)
USENIX Security
  NDSS (PC)
NDSS
2022
  USENIX Security (PC)
USENIX Security
  DIMVA (PC)
DIMVA
  ESORICS (Core PC)
ESORICS
  ROOTS (PC)
ROOTS
2021
  USENIX Security Fall / Winter (PC)
USENIX Security
  WOOT (PC)
WOOT
  ESORICS (Core PC)
ESORICS
  DDSW (PC)
DDSW
  ACM Computing Surveys (Reviewer)
CSUR
2020
  TIFS (Reviewer)
TIFS
  ACM Computing Surveys (Reviewer)
CSUR
  WOOT (PC)
WOOT
  DIMVA (PC)
DIMVA
  DDSW (PC)
DDSW
  USENIX Security (Winter) (External Reviewer)
USENIX Security
  USENIX Security (Fall) (Subreviewer)
USENIX Security
2019
  USENIX Security (Winter) (External Reviewer)
USENIX Security
  USENIX Security (Spring) (Subreviewer)
USENIX Security
  IEEE Transactions on Computers (Reviewer)
IEEE Transactions on Computers Journal
  IEEE Access (Reviewer)
IEEE Access Journal
2018
  CCS (Subreviewer)
CCS
2017
  ACSAC (Artifact Evaluation Reviewer)
ACSAC
  SPACE (Subreviewer)
SPACE

CVEs

2024
  CVE-2024-24510
Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting, November 14, 2023
2023
  CVE-2023-20592
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz
CacheWarp: Software-based Fault Injection using Selective State Reset, November 14, 2023
  CVE-2023-20583
Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Daniel Weber, Michael Schwarz, Daniel Gruss, Stefan Mangard
Collide+Power - Leaking Inaccessible Data with Software-based Power Side Channels, August 1, 2023
2022
  CVE-2022-21233
Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz
ÆPIC Leak - Architectural stale data read, August 11, 2022
  CVE-2022-0925
Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss
Practical Timing Side Channel Attacks on Memory Compression, March 11, 2022
2021
  CVE-2021-26318
Moritz Lipp, Michael Schwarz, Daniel Gruss
AMD Prefetch - Leaked kernel address space information, October 12, 2021
2020
  CVE-2020-8695
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Daniel Gruss, Chen Liu, Terry Wang, Neer Roggel, Ben Gras, Monodeep Kar, Bilgiday Yuce
PLATYPUS - Information disclosure via RAPL power measurements, November 10, 2020
  CVE-2020-8694
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Daniel Gruss
PLATYPUS - Unprivileged access to RAPL on Linux, November 10, 2020
  CVE-2020-0551
Jo Van Bulck, Daniel Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Yuval Yarom, Berk Sunar, Daniel Gruss, Frank Piessens, Dan Lutas, Andrei Lutas
Load Value Injection - Turning Meltdown around, March 10, 2020
  CVE-2020-0549
Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
L1D Eviction Sampling, January 27, 2020
2019
  CVE-2019-11135
Moritz Lipp, Michael Schwarz, Daniel Gruss, Jo Van Bulck, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze
TAA - Data leakage using TSX asynchronous aborts, November 12, 2019
  CVE-2019-11091
Moritz Lipp, Michael Schwarz, Daniel Gruss, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
MDSUM - Meltdown on uncachable memory, April 11, 2019
  CVE-2019-5489
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh
Page Cache Attacks - A software-cache attack on the operating system's page cache, January 7, 2019
2018
  CVE-2018-12130
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, Daniel Gruss
ZombieLoad / RIDL / MFBDS - Leaking data from the line-fill buffer, June 11, 2018
  CVE-2018-12126
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Lei Shi, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, Yuval Yarom
Fallout / MSBDS - Leaking data from the store buffer, June 11, 2018
  CVE-2017-5754
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
Meltdown - CPU vulnerability allowing to leak kernel memory from user space, January 4, 2018
  CVE-2017-5753
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018
  CVE-2017-5715
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018

Projects

2024
  x86 Cache Hierarchy Plot
Visualize the cache hierarchy of x86 CPUs
GitHub
2023
  ClipCount
Global shortcut to show the number of words in the currently-selected text
GitHub
  Remote Presenter
Forwarding a wireless presenter over the internet.
GitHub
2022
  Magic Wormhole Context-Menu Integration
Right-click integration of Magic Wormhole for Windows and KDE.
GitHub
  EasyChair Bidding Helper
A small Tampermonkey script to help with paper bidding in EasyChair.
GitHub
  HotCRP Bidding Helper
A small Tampermonkey script to help with paper bidding in HotCRP.
GitHub
2021
  Paper Linter
A script to check for common mistakes in LaTeX source files of scientific papers.
GitHub
  r0e
C header to execute user-space functions in ring 0.
GitHub
  TravelMap
Displays visited countries and cities, similar to a scratch map.
GitHub
  SSHLock
Temporarily lock a remote machine to prevent other users from logging in via SSH.
GitHub
  boot-into
Boot into a specific GRUB entry on the next boot.
GitHub
2020
  BibTool
A tool to manage bibliography when collaboratively working on a LaTeX paper.
GitHub
  Fault-Injection Simulator
A research and teaching tool for simulating fault-injection attacks on x86 binaries.
GitHub
  LabRunner
Transferring files and running commands on multiple remote machines via SSH.
GitHub
  PDF Web Slides
Convert PDF presentations to HTML, including presenter mode.
GitHub
2019
  Polyglot: JPG+PDF
A tool to combine a PDF and a JPG into one polyglot file which is both a PDF and JPG.
GitHub
  Interactive Transient-Execution-Attack Tree
An interactive (filterable, searchable, exportable) online tree which connects all known transient-execution attacks such as Spectre, and Meltdown.
GitHub Run
  Live Histogram
A command-line tool to show a real-time histogram of a data stream.
GitHub
2018
  LaTeX Beamer Preview
Recompile only modified slides (in parallel) for LaTeX Beamer presentations.
GitHub
  PTEditor
A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.
GitHub
  Colorful printf
A printf wrapper supporting color tags, spinners, and progress bars.
GitHub
2017
  asciicast2vector
Convert asciicast (asciinema recordings) to vector graphics (SVG and TikZ).
GitHub
  LiveTikZ
A live preview for TikZ drawings.
GitHub
  ProcDetails
The ProcDetails kernel module shows details about procfs files.
GitHub
  libattopng
libattopng is a minimal C library to create uncompressed PNG images.
GitHub
2016
  Amazon Dash Button Fun
Make the Amazon Dash button useful using this IoT framework.
GitHub
  FAINT - FAult INjection Tester
FAINT is a fully automated tool to dynamically check the out of memory handling in C and C++ programs.
GitHub
  Configurable DES
Configurable DES provides a fully customizable DES implementation especially designed to test attacks against DES.
GitHub
  Jackbox Party Pack - Drawful Question Editor
A question editor for the Drawful game of Jackbox Party Pack based on my reverse-engineering of the file format.
GitHub
2015
  Universal Header Decoder
This tool decoded file headers based on a description file.
GitHub
  BF.js
A simple Javascript Brainfuck implementation for educational purposes.
GitHub
  ESP Trainer (German)
An interactive web application for learning C programming.
Run
2014
  TU Graz Newsreader
TU Graz Newsreader is an Android newsgroup reader for Graz University of Technology.
Info Play Store
2013
  Raspberry Webradio
Raspberry Webradio, a do-it-yourself internet streaming client using the Raspberry Pi.
Info GitHub
  C Declaration Explainer
This little tool can translate C variable declarations to human readable definitions.
Run
  AVR Fuse Calculator
An offline AVR fuse calculator, supporting 144 devices.
Play Store
  TU Graz Raumsuche (German)
App that provides a search functionality to find and locate rooms on the TU Graz Campus.
GitHub Play Store