Only one month left to submit your paper for the first submission cycle at uASC 2026!

📅 Submission Deadline: July 15, 2025
👉 https://uasc.cc/

#microarchitecture #security #conference #uasc26

Congrats @lunkw1ll!

I am very happy that two papers from @lunkw1ll have been accepted at the 30th European Symposium on Research in Computer Security (#ESORICS). It was a great collaboration with @lavados, @hweissi and others. The first paper addresses the threats and problems to #Rowhammer research validity. The second paper presents a method for verifying DRAM addressing functions entirely in software. 🎉

Join the Graz Security Week from Sep 1 to 5! with @sahar_abdelnabi @jovanbulck, Maria Eichlseder, Georg Fuchsbauer, @sublevado, @fbpierazzi, @kavehrazavi, @chrossow, and Yang Zhang on topics system security, side channels, AI Security, and Cryptography: https://securityweek.at/

@hweissi @supersingular @notbobbytables congrats!

I am happy to announce that my first paper has been accepted at USENIX Security!

We propose TEEcorrelate, a mitigation that statistically decorrelates reported performance counters from real ones during TEE execution.
It protects against fine-grained performance-counter attacks on TEE's, while keeping coarse-grained trends intact for legitimate use cases.

https://hannesweissteiner.xyz/pdfs/teecorrelate.pdf

Thanks to Fabian Rauscher, @supersingular, Jonas Juffinger, @notbobbytables, Jan Wichelmann, Thomas Eisenbarth and @lavados for the great collaboration!

DIMVA is taking place July 9 to 11 in Graz!
We offer a limited number of diversity grants for participants who identify as women, non-binary, or belong to other underrepresented groups in IT security.

Each grant covers a total eligible cost of up to 800€.

Applications are open until May 31, 2025.

See https://dimva.org/dimva2025/#diversity

@rene_mobile is jku not in the US cloud yet?

uASC 2025 was a huge success - we were sold out!
Thanks to everyone who joined and see you in 2026!
#uasc #uasc25 #uasc26

Had a great time at the 1st uASC (Microarchitecture Security Conference) last week. I also had the opportunity to give a talk on software-based mitigations against memory-centric side-channels, and I appreciate the insightful questions and feedback. The discussions and presentations were really inspiring, and it was valuable to exchange ideas with so many brilliant researchers.

A big thank you to the organizers for putting together such a well-run event! Looking forward to the next edition 😊

📷: Jonas Juffinger

#uASC

Arrived at #uASC. @lunkw1ll already presented our paper "Flipper: #Rowhammer on Steroids". If you are interested, the paper is freely available: https://uasc.cc/proceedings25/uasc25-heckel.pdf

It was a pleasure to present #CounterSEVeillance at #NDSSSymposium2025 today. Thanks to everyone attending, also for the interesting and nice discussion after the talk! 🙂

When Good Kernel Defences Go Bad: Reliable and Stable Kernel Exploits via Defense-Amplified TLB Side-Channel Leaks

Awesome paper by Lukas Maar et al. about leaking exploitation-relevant kernel addresses via a TLB side-channel attack.

Authors demonstrate how to leak the addresses of the physmap, vmemmap, and vmalloc memory regions, addresses of page tables of all levels, addresses of kernel stacks, and addresses of various kernel objects including msg_msg, pipe_buffer, cred, file, and seq_file.

Authors then show how to apply the discovered techniques in exploits; the code is public.

Paper: https://lukasmaar.github.io/papers/usenix25-tlbsidechannel.pdf
Code: https://github.com/isec-tugraz/TLBSideChannel

Looking at app behaviour and functionalities, network traffic, privacy policies, etc., we found that sideloaded apps are more likely to hide their presence, require excessive permissions, and some even transmitted sensitive data unencrypted. Our study also highlights possible abuse of such apps for unethical surveillance and/or domestic abuse.

Our study received quite a bit of media attention, mostly in Austria (https://www.krone.at/3725062 https://noe.orf.at/stories/3296993/ https://www.derstandard.at/story/3000000262331/heimliches-abhoeren-apps-zur-kindersicherung-gefaehrden-privatsphaere) /2

I just noticed I hadn't posted this yet: Eva-Maria Mayer, a bachelor's student at St. Pölten UAS cosupervised by Leonie Tanczer (UCL) and myself, succeeded in getting her bachelor's thesis published at PETS! 🎉 https://doi.org/10.56553/popets-2025-0052

So, what's in there? We investigated the issues surrounding sideloaded (i.e. installed from outside regulated distribution channels) apps for parental control by comparing 20 sideloaded apps with 20 popular apps available on the Google Play Store. /1

We still have 1 T-shirt left and our study is still running for 2 weeks. Get your systems checked for the #Rowhammer effect and get a free T-shirt if you do it 10 times on the same system. Even if you do it just once, you have the change to win an Amazon gift card. Help us understand the Rowhammer Effect better! More infos: https://flippyr.am/

Congrats KuK Hofhackerei to making it to the @Defcon finals!

https://defcon.social/@nautilusinstitute/114337140090676245

someone who will not be named ( @vito ) didn't refresh the scores before posting these, so these are the *actual* final scores

1. Maple Mallard Magistrates 4,419
2. SuperDiceCode 3,992
3. mhackeroni 3,956
4. Nu1L 3,792
5. Shellphish 3,494
6. KuK Hofhackerei 3,383
7. this year's organizers 3,132
8. Cold Fusion 3,077
9. HypeBoy 2,860
10. [:] 2,680
11. Blue Water 2,460
12. Zer0RocketWrecks 2,333
13. fewer 2,324
14. RePokemonedCollections 2,133
15. Never Stop Exploiting 1,910
16. Friendly Maltese Citizens 1,831
17. pwn de queijo 1,691
18. gimel 1,641
19. Hubert Hackin''' 1,562
20. salmon sushi 1,473
21. The Something Something 1,435
22. *0xA 1,434
23. Kalmarunionen 1,226
24. SNHT 1,001
25. saladstream 793

Auf Druck der USA: Die ETH zeigt sich online nicht mehr solidarisch mit der Ukraine, dem Nahen Osten oder dem Iran
Drei Websites zu geopolitischen Konflikten hat die Hochschule vom Netz genommen. Die Konsequenz: Solidaritäts­bekundungen verschwinden.
https://www.tagesanzeiger.ch/eth-zuerich-universitaet-nimmt-drei-solidaritaetswebseiten-offline-751049111282

Direct paper link: https://ginerlukas.com/publications/papers/CohereReload.pdf