Michael Schwarz

I am an infosec Ph.D. student at Graz University of Technology. I am part of the Secure Systems group at the Institute of Applied Information Processing and Communications.
As part of the university's CTF team I frequently participate in CTFs.
During the semester I teach Systems Programming, Operating Systems and Security Aspects in Software Development.


  Another Flip in the Wall of Rowhammer Defenses
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom
39th IEEE Symposium on Security and Privacy (S&P'18), San Francisco, California, USA, May 21-23, 2018 (AR: 10.0%)
Media: BleepingComputer, SecurityNow, TU Graz

  JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss
Network and Distributed System Security Symposium 2018 (NDSS'18), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)
GitHub Slides

  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard
Network and Distributed System Security Symposium 2018 (NDSS'18), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
Info Wikipedia GitHub

  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
Info Wikipedia

  Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard
22nd European Symposium on Research in Computer Security (ESORICS'17), Oslo, Norway, September 11-15, 2017 (AR: 15.9%)
GitHub Slides

  Quality Assurance for Human Computation Based Recommendation
Michael Schwarz
Master's Thesis, Graz University of Technology, June 13, 2017

  KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard
International Symposium on Engineering Secure Software and Systems (ESSoS'17), Bonn, Germany, July 2017 (AR: 46.9%)
Media: LWN
GitHub Slides Wikipedia

  Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard
14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'17), Bonn, Germany, July 2017 (AR: 26.9%)
E-print (extended version) arXiv:1702.08719, February 2017
Media: The Register, Schneier on Security, Wikipedia, Information Security Newspaper, SecurityIntelligence, Digital Trends, BleepingComputer, SecurityWeek
Extended Version Slides Wikipedia

  Fantastic Timers and Where to Find Them:
High-Resolution Microarchitectural Attacks in JavaScript

Michael Schwarz, Clémentine Maurice, Daniel Gruss and Stefan Mangard
Financial Cryptography and Data Security 2017 (FC'17), Malta, April 2017
Media: Mozilla Security Blog

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Römer, Stefan Mangard
Network and Distributed System Security Symposium 2017 (NDSS'17), San Diego, California, USA, February 2017 (AR: 16.1%)
Media: The Register
Info Slides Recording

  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Master's Thesis, Graz University of Technology, October 13, 2016

  Human computation for constraint-based recommenders
Thomas Ulz, Michael Schwarz, Alexander Felfernig, Sarah Haas, Amal Shehadeh, Stefan Reiterer, Martin Stettinger
Journal of Intelligent Information Systems (JIIS), September 28, 2016

  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard
25th USENIX Security Symposium, Austin, Texas, USA, August 10-12, 2016 (AR: 15.6%)
Info Slides GitHub Recording

  Peopleviews: Human computation for constraint-based recommendation
Alexander Felfernig, Thomas Ulz, Sarah Haas, Michael Schwarz, Stefan Reiterer, Martin Stettinger
ACM RecSys 2015 CrowdRec Workshop, Vienna, Austria, September 19, 2015

  Human computation based acquisition of financial service advisory practices
Alexander Felfernig, Michael Jeran, Martin Stettinger, Thomas Absenger, Thomas Gruber, Sarah Haas, Emanuel Kirchengast, Michael Schwarz, Lukas Skofitsch, Thomas Ulz
1st International Workshop on Personalization & Recommender Systems in Financial Services (FinRec'15), Graz, Austria, April 16, 2015

  Recturk: Constraint-based recommendation based on human computation
Alexander Felfernig, Sarah Haas, Gerald Ninaus, Michael Schwarz, Thomas Ulz, Martin Stettinger, Klaus Isak, Michael Jeran, Stefan Reiterer
ACM RecSys 2014 CrowdRec Workshop, Silicon Valley, California, USA, October 6, 2014


  When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
Michael Schwarz, Moritz Lipp
BlackHat Asia, Marina Bay Sands, Singapore, March 20-23, 2018

  Spectre and Meltdown on x86 and ARM
Michael Schwarz, Moritz Lipp, Stefan Mangard
Guest Talk @ NXP, Gratkorn, Austria, February 15, 2018

  Microarchitectural Attacks and Defenses in JavaScript
Michael Schwarz, Daniel Gruss, Moritz Lipp
Guest Talk @ Google, Munich, Germany, January 25, 2018

  Beyond Belief: The Case of Spectre and Meltdown
Daniel Gruss, Moritz Lipp, Michael Schwarz
Keynote @ BlueHat IL, Tel Aviv, Israel, January 24, 2018
Info Recording

  Hello from the Other Side: Reliable Communication over Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
Invited Talk @ ISACA Venice V Conference on Application Security and Modern Technologies, Mestre, Venice, Italy, October 6, 2017
Info Program

  Cash Attacks on SGX
Daniel Gruss, Michael Schwarz
Invited Talk @ Breaking Bitcoin, Paris, France, September 9-10, 2017
Info Recording

  Programming Lab Binary Exploitation (ARM)
Michael Schwarz
IACR Cryptology School 2017 Security & Correctness in the IoT, Graz, Austria, May 8-12, 2017

  Robust Cache Covert Channels in the Cloud (Rump Session)
Michael Schwarz
Financial Cryptography, Sliema, Malta, April 2-7, 2017

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
BlackHat Asia, Marina Bay Sands, Singapore, March 30-31, 2017
Media: The Register
Info GitHub Paper Live Demo Recording

  DRAMA: How your DRAM becomes a security problem
Michael Schwarz, Anders Fogh
BlackHat Europe, London, United Kingdom, November 3-4, 2016
Media: SecurityWeek
Info GitHub Paper Live Demo Recording

  CTF Training Session: Easy Crypto & ECDSA
Michael Schwarz
LosFuzzys CTF Training, Graz, Austria, September 13, 2016


  Pwnie Award for Best Song
Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner
BlackHat USA, Las Vegas, USA, July 26, 2017

  IAIK Student Research Excellence Awards
Michael Schwarz
IAIK Graz University of Technology, Graz, Austria, December 2, 2016


Convert asciicast (asciinema recordings) to vector graphics (SVG and TikZ).

A live preview for TikZ drawings.

The ProcDetails kernel module shows details about procfs files.

libattopng is a minimal C library to create uncompressed PNG images.

  Amazon Dash Button Fun
Make the Amazon Dash button useful using this IoT framework.

  FAINT - FAult INjection Tester
FAINT is a fully automated tool to dynamically check the out of memory handling in C and C++ programs.

  Configurable DES
Configurable DES provides a fully customizable DES implementation especially designed to test attacks against DES.

  Jackbox Party Pack - Drawful Question Editor
A question editor for the Drawful game of Jackbox Party Pack based on my reverse-engineering of the file format.

  Universal Header Decoder
This tool decoded file headers based on a description file.

A simple Javascript Brainfuck implementation for educational purposes.

  ESP Trainer (German)
An interactive web application for learning C programming.

  TU Graz Newsreader
TU Graz Newsreader is an Android newsgroup reader for Graz University of Technology.
Info Play Store

  Raspberry Webradio
Raspberry Webradio, a do-it-yourself internet streaming client using the Raspberry Pi..
Info (German) Code

  C Declaration Explainer
This little tool can translate C variable declarations to human readable definitions.

  AVR Fuse Calculator
An offline AVR fuse calculator, supporting 144 devices.
Play Store

  TU Graz Raumsuche (German)
App that provides a search functionality to find and locate rooms on the TU Graz Campus.
Play Store Code