My research explores the security of the interface between the software and the hardware. In particular, I am interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. I work on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.
Contact Information
Email: yuval.yarom [at] rub [dot] deNews
4 Apr 2024
The paper Testing Side-Channel Security of Cryptographic Implementations against Future Microarchitectures with will appear in CCS 202416 Mar 2024
The paper Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks with will appear in TCHES2 Feb 2024
Preprint available Testing Side-Channel Security of Cryptographic Implementations against Future Microarchitectures, co-authored with .2 Feb 2024
Preprint available Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks, co-authored with .1 Feb 2024
Preprint available Elephants Do Not Forget: Differential Privacy with State Continuity for Privacy Budget, co-authored with
,
,
,
,
.
24 Jan 2024
Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome’s
Password Leak Detection Protocol accepted to RWC 2024.24 Jan 2024
The paper SoK: Can We Really Detect Cache Side-Channel Attacks by Monitoring Performance Counters? with will appear in AsiaCCS 202411 Jan 2024
The paper CNN Architecture Extraction on Edge GPU with will appear in AIHWS 202417 Nov 2023
The paper Pixel Thief: Exploiting SVG Filter Leakage in Firefox and Chrome with will appear in USENIX Security 20248 Nov 2023
's thesis has been awarded the Dean's Commendation for Master by Research Thesis ExcellenceMore news...
Service
Program Chair: SEED 2022, WOOT 2020, Kangacrypt 2018, SPACE 2018.
Event Organisation: SSS2 2023, CHES 2020, Kangacrypt 2018, ASEC 2018.
Steering Committees: CHES 2019–2020, WOOT 2020–.
Editorial Board: Communications in Cryptography 2024
Program Committees:
- 2024: ASPLOS (ERC), CHES, IEEE EuroS&P, IEEE S&P, RWC, USENIX Security, WOOT
- 2023: ACISP, CCS, IEEE S&P (Associate Chair), RWC, SecDev, SILM, USENIX Security, WOOT
- 2022: ACISP, CARDIS, CCS, CFAIL, CHES, DRAMSec, HASP, IEEE S&P, RWC, SecDev, SILM, Top in HES, USENIX Security
- 2021: ACISP, ACSAC, AsiaCCS, CARDIS, CHES, CT-RSA, DATE, DRAMSec, ESORICS, IEEE S&P, SEED, SILM, USENIX Security
- 2020: ACSAC, CARDIS, CHES, IEEE S&P, SCAM, SILM, SPACE, USENIX Security
- 2019: ASPLOS (ERC), CARDIS, CCS, CHES, IEEE EuroS&P, Latincrypt, RWC, SAC, SPACE, USENIX ATC, USENIX Security, WOOT
- 2018: CARDIS, CHES, SysTEX
- 2017: Latincrypt, SPACE, USENIX Security
- 2015: SYSTOR
Awards
- Humies Gold Award — GECCO 2023
- Distinguished Paper Award — PLDI 2023
- NSA Best Scientific Cybersecurity Paper Competition 2020
- SA Young Tall Poppy Award — 2020
- Best student paper award — ICEIS 2020
- Chris Wallace Award for Outstanding Research — 2020
- Honorable Mention — NSA Best Scientific Cybersecurity Paper Competition 2019
- Distinguished Paper Award — IEEE SP 2019
- Best Paper Award — EuroSys 2019
- Foreshadow chosen for IEEE Micro Top Pick — 2019
- Best Paper Award — APSys 2018
- Pwnie Award — Most Innovative Research — Black Hat 2018
- Pwnie Award — Best Privilege Escalation Bug — Black Hat 2018
- Knuth Reward Cheque — 1999
- Mifal Hapayis Research Prize — 1994
Misc
- My Erdös number is 2.
- PhD Thesis: Software-based Reference Protection for Component Isolation
- Master Thesis: The Deputy Mechanism for Transparent Process Migration
- Simulated Annealing for Standard-Cell Sizing (An Amirim—Science project report — in Hebrew).