Michael Schwarz

I am an infosec PhD candidate at Graz University of Technology. I am part of the Secure Systems group at the Institute of Applied Information Processing and Communications.
As part of the university's CTF team I frequently participate in CTFs.
During the semester I teach Systems Programming, Operating Systems and Security Aspects in Software Development.


Publications

2019
  ZombieLoad: Cross-Privilege-Boundary Data Sampling
Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss
E-print arXiv:1905.05726, May 2019
CVE: CVE-2018-12130, CVE-2019-11091
Media: BBC, The Verge, Fortune, ZD Net, Heise
Info Wikipedia GitHub

  Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs
Michael Schwarz, Claudio Canella, Lukas Giner, Daniel Gruss
E-print arXiv:1905.05725, May 2019
Media: The Register, TU Graz
Info

  A Systematic Evaluation of Transient Execution Attacks and Defenses
Claudio Canella, Jo Van Bulck, Michael Schwarz, Moritz Lipp, Benjamin von Berg, Philipp Ortner, Frank Piessens, Dmitry Evtyushkin, Daniel Gruss
28th USENIX Security Symposium (USENIX Security), Santa Clara, California, USA, August 14-16, 2019 (AR: 15.7%)
E-print arXiv:1811.05441, November 2018
Media: The Inquirer, The Hacker News, SecurityNow, ZDNet, Heise

  ScatterCache: Thwarting Cache Attacks via Cache Set Randomization
Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, Stefan Mangard
28th USENIX Security Symposium (USENIX Security), Santa Clara, California, USA, August 14-16, 2019 (AR: 15.7%)

  Page Cache Attacks
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh
26th ACM Conference on Computer and Communications Security (CCS), London, United Kingdom, November 11-15, 2019
E-print arXiv:1901.01161, January 2019
CVE: CVE-2019-5489
Media: Dark Reading, SecurityWeek, BleepingComputer, The Register, SC Magazine, Security Now
Wikipedia

  Practical Enclave Malware with Intel SGX
Michael Schwarz, Samuel Weiser, Daniel Gruss
16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Gothenburg, Sweden, June 19-20, 2019 (AR: 28.75%)
E-print arXiv:1902.03256, Februrary 2019
Media: The Register, ZDNet, Trend Micro, The Hacker News, TechRadar, ars Technica
GitHub

  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
40th IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 20-22, 2019
E-print arXiv:1801.01203, January 2018
CVE: CVE-2017-5753, CVE-2017-5715
Info Wikipedia

  JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits
Michael Schwarz, Florian Lackner, Daniel Gruss
Network and Distributed System Security Symposium 2019 (NDSS), San Diego, California, USA, February 24-27, 2019 (AR: 17.1%)
Info GitHub Slides

2018
  NetSpectre: Read Arbitrary Memory over Network
Michael Schwarz, Martin Schwarzl, Moritz Lipp, Daniel Gruss
E-print arXiv:1807.10535, July 2018
Media: The Register, GBHackers, SecurityWeek, Heise, BleepingComputer, DARKReading
Wikipedia

  Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
27th USENIX Security Symposium (USENIX Security), Baltimore, Maryland, USA, August 15-17, 2018
E-print arXiv:1801.01207, January 2018
CVE: CVE-2017-5754
Info Wikipedia GitHub Slides Recording

  Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clémentine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard
13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS), Songdo, Incheon, Korea, June 4-8, 2018 (AR: 20.0%)
E-print arXiv:1711.01254, November 2017
GitHub Slides

  Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services
Daniel Gruss, Michael Schwarz, Matthias Wübbeling, Simon Guggi, Timo Malderle, Stefan More, Moritz Lipp
13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS), Songdo, Incheon, Korea, June 4-8, 2018 (AR: 20.0%)

  Another Flip in the Wall of Rowhammer Defenses
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom
39th IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 21-23, 2018 (AR: 10.0%)
Media: BleepingComputer, SecurityNow, TU Graz, The Register
GitHub Recording

  JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss
Network and Distributed System Security Symposium 2018 (NDSS), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)
Media: BleepingComputer, TechGig, Medium
GitHub Slides Recording

  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard
Network and Distributed System Security Symposium 2018 (NDSS), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)
GitHub Slides Recording

2017
  Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard
22nd European Symposium on Research in Computer Security (ESORICS), Oslo, Norway, September 11-15, 2017 (AR: 15.9%)
GitHub Slides

  Quality Assurance for Human Computation Based Recommendation
Michael Schwarz
Master's Thesis, Graz University of Technology, June 13, 2017
Slides

  KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard
International Symposium on Engineering Secure Software and Systems (ESSoS), Bonn, Germany, July 4-5, 2017 (AR: 46.9%)
Wikipedia GitHub Slides

  Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard
14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Bonn, Germany, July 6-7, 2017 (AR: 26.9%)
E-print arXiv:1702.08719, February 2017
Media: The Register, Schneier on Security, Information Security Newspaper, SecurityIntelligence, Digital Trends, BleepingComputer, SecurityWeek
Wikipedia Slides

  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Michael Schwarz, Clémentine Maurice, Daniel Gruss and Stefan Mangard
Financial Cryptography and Data Security 2017 (FC), Sliema, Malta, April 3-7, 2017
Media: Mozilla Security Blog
Slides

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Römer, Stefan Mangard
Network and Distributed System Security Symposium 2017 (NDSS), San Diego, California, USA, February 26 - March 1, 2017 (AR: 16.1%)
Media: The Register
Info Slides Recording

2016
  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Master's Thesis, Graz University of Technology, October 13, 2016
Slides

  Human computation for constraint-based recommenders
Thomas Ulz, Michael Schwarz, Alexander Felfernig, Sarah Haas, Amal Shehadeh, Stefan Reiterer, Martin Stettinger
Journal of Intelligent Information Systems (JIIS), September 28, 2016

  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard
25th USENIX Security Symposium (USENIX Security), Austin, Texas, USA, August 10-12, 2016 (AR: 15.6%)
Info GitHub Slides Recording

2015
  Peopleviews: Human computation for constraint-based recommendation
Alexander Felfernig, Thomas Ulz, Sarah Haas, Michael Schwarz, Stefan Reiterer, Martin Stettinger
ACM RecSys 2015 CrowdRec Workshop (RecSys), Vienna, Austria, September 19, 2015
Slides

  Human computation based acquisition of financial service advisory practices
Alexander Felfernig, Michael Jeran, Martin Stettinger, Thomas Absenger, Thomas Gruber, Sarah Haas, Emanuel Kirchengast, Michael Schwarz, Lukas Skofitsch, Thomas Ulz
1st International Workshop on Personalization & Recommender Systems in Financial Services (FinRec), Graz, Austria, April 16, 2015

2014
  Recturk: Constraint-based recommendation based on human computation
Alexander Felfernig, Sarah Haas, Gerald Ninaus, Michael Schwarz, Thomas Ulz, Martin Stettinger, Klaus Isak, Michael Jeran, Stefan Reiterer
ACM RecSys 2014 CrowdRec Workshop (RecSys), Silicon Valley, California, USA, October 6, 2014


Presentations

2019
  Are Microarchitectural Attacks still possible on Flawless Hardware?
Michael Schwarz, Erik Kraft
RuhrSec, Bochum, Germany, May 28-29, 2019

  A Christmas Carol - The Spectres of the Past, Present, and Future
Claudio Canella, Daniel Gruss, Michael Schwarz, Moritz Lipp
Grazer Linuxtage, Graz, Austria, April 26-27, 2019
Info

  Exploiting the Microarchitecture: Transient Execution Attacks
Michael Schwarz
Invited Talk @ MooseCon, Sofia, Bulgaria, April 11, 2019

  NetSpectre: A Truly Remote Spectre Variant
Michael Schwarz, Martin Schwarzl
BlackHat Asia, Marina Bay Sands, Singapore, March 28-29, 2019
Info

2018
  A Christmas Carol: The Spectres of the Past, Present, and Future
Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella
35th Chaos Communication Congress (35C3), Leipzig, Germany, December 27-30, 2018
Info Recording Demo

  Red Team vs Blue Team: Memory Safety, Exploitation, and Countermeasures
Michael Schwarz
Graz Security Days for Industry, Graz, Austria, September 4-5, 2018
Info

  Hacking (in) Games - Protecting your Games and your Gamers
Michael Schwarz, Daniel Gruss
Invited Talk @ Game Dev Days, Graz, Austria, August 31 - September 2, 2018
Info

  Another Flip in the Row
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Info Recording Whitepaper Demo

  Meltdown: Basics, Details, Consequences
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Media: Reuters, CNBC
Info Recording

  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Shortlisted Candidate Talk @ Forum Technik und Gesellschaft, Graz, Austria, June 6, 2018
Info

  Fehlerfreie Software und trotzdem unsicher? Eine Einführung in die Mikroarchitekturangriffe anhand von Meltdown, Spectre, und Rowhammer
Daniel Gruss, Moritz Lipp, Michael Schwarz
Invited Talk @ Monat der freien Bildung, Graz, Austria, May 25, 2018
Info

  Flush+Reload, Meltdown, Spectre, Rowhammer
Michael Schwarz
Guest Talk @ BORG Monsberger, Graz, Austria, May 25, 2018

  Meltdown and Spectre: Side-channels considered hARMful
Moritz Lipp, Michael Schwarz
Qualcomm Mobile Security Summit, San Diego, California, USA, May 16-18, 2018
Info

  X-Factor: Das Unfassbare - Die Geschichte von Meltdown und Spectre
Michael Schwarz
Grazer Linuxtage, Graz, Austria, April 27-28, 2018
Info Recording

  When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
Michael Schwarz, Moritz Lipp
BlackHat Asia, Marina Bay Sands, Singapore, March 20-23, 2018
Media: DARKReading
Info Recording Whitepaper Demo

  Rowhammer: From the Basics to Sophisticated New Variants
Moritz Lipp, Michael Schwarz
Guest Talk @ Qualcomm, San Diego, California, USA, February 21, 2018

  Spectre and Meltdown on x86 and ARM
Michael Schwarz, Moritz Lipp, Stefan Mangard
Guest Talk @ NXP, Gratkorn, Austria, February 15, 2018

  Microarchitectural Attacks and Defenses in JavaScript
Michael Schwarz, Daniel Gruss, Moritz Lipp
Guest Talk @ Google, Munich, Germany, January 25, 2018

  Beyond Belief: The Case of Spectre and Meltdown
Daniel Gruss, Moritz Lipp, Michael Schwarz
Keynote @ BlueHat IL, Tel Aviv, Israel, January 24, 2018
Info Recording

  Prozessorlücken: Wer ist betroffen und was ist zu tun?
Michael Schwarz, Wolfgang Prentner, Benjamin Borchers
Webinar @ colited, January 16, 2018

2017
  Hello from the Other Side: Reliable Communication over Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
Invited Talk @ ISACA Venice V Conference on Application Security and Modern Technologies, Mestre, Venice, Italy, October 6, 2017
Info

  Cash Attacks on SGX
Daniel Gruss, Michael Schwarz
Invited Talk @ Breaking Bitcoin, Paris, France, September 9-10, 2017
Info Recording

  Robust Cache Covert Channels in the Cloud
Michael Schwarz
Rump Session @ Financial Cryptography, Sliema, Malta, April 2-7, 2017

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
BlackHat Asia, Marina Bay Sands, Singapore, March 30-31, 2017
Media: The Register
Info GitHub Recording Whitepaper Demo

2016
  DRAMA: How your DRAM becomes a security problem
Michael Schwarz, Anders Fogh
BlackHat Europe, London, United Kingdom, November 3-4, 2016
Media: The Register
Info GitHub Recording Whitepaper Demo


Trainings

2019
  Microarchitectural Attacks
Daniel Gruss, Moritz Lipp, Michael Schwarz
RuhrSec, Bochum, Germany, May 27, 2019
Info

2018
  Runtime Security Lab
Michael Schwarz
School on Security & Correctness in the Internet of Things, Graz, Austria, September 3-7, 2018
Info

2017
  Programming Lab Binary Exploitation (ARM)
Michael Schwarz
IACR Cryptology School 2017 Security & Correctness in the IoT, Graz, Austria, May 8-12, 2017
Info

2016
  CTF Training Session: Easy Crypto & ECDSA
Michael Schwarz
LosFuzzys CTF Training, Graz, Austria, September 13, 2016


Awards

2019
  S&P Distinguished Paper Award - Spectre
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
40th IEEE Symposium on Security and Privacy, San Francisco, California, USA, May 20-22, 2019

  CVE-2019-11091
Moritz Lipp, Michael Schwarz, Daniel Gruss, Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Volodrmyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
MDSUM - Meltdown on uncachable memory, April 11, 2019

  CVE-2019-5489
Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh
Page Cache Attacks - A software-cache attack on the operating system's page cache, January 7, 2019

2018
  CSAW Best Paper Award - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
CSAW Applied Research Competition, Valence, France, November 10, 2018

  Pwnie Award for Best Privilege Escalation Bug - Meltdown
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
BlackHat USA, Las Vegas, USA, August 8, 2018

  Pwnie Award for Most Innovative Research - Spectre
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 8, 2018

  CVE-2018-12130
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Giorgi Maisuradze, Dan Horea Lutas, Andrei Lutas, Volodymyr Pikhur, Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Moritz Lipp, Michael Schwarz, Daniel Gruss
ZombieLoad / RIDL / MFBDS - Leaking data from the line-fill buffer, June 11, 2018

  CVE-2018-12126
Ke Sun, Henrique Kawakami, Kekai Hu, Rodrigo Branco, Lei Shi, Marina Minkin, Daniel Moghimi, Moritz Lipp, Michael Schwarz, Jo Van Bulck, Daniel Genkin, Daniel Gruss, Berk Sunar, Frank Piessens, Yuval Yarom
Fallout / MSBDS - Leaking data from the store buffer, June 11, 2018


  CVE-2017-5754
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
Meltdown - CPU vulnerability allowing to leak kernel memory from user space, January 4, 2018

  CVE-2017-5753, CVE-2017-5715
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018

2017
  Pwnie Award for Best Song
Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner
BlackHat USA, Las Vegas, USA, July 26, 2017

2016
  IAIK Student Research Excellence Awards
Michael Schwarz
IAIK Graz University of Technology, Graz, Austria, December 2, 2016


Projects

2018
  LaTeX Beamer Preview
Recompile only modified slides (in parallel) for LaTeX Beamer presentations.
GitHub

  PTEditor
A small library to modify all page-table levels of all processes from user space for x86_64 and ARMv8.
GitHub

  Colorful printf
A printf wrapper supporting color tags, spinners, and progress bars.
GitHub

2017
  asciicast2vector
Convert asciicast (asciinema recordings) to vector graphics (SVG and TikZ).
GitHub

  LiveTikZ
A live preview for TikZ drawings.
GitHub

  ProcDetails
The ProcDetails kernel module shows details about procfs files.
GitHub

  libattopng
libattopng is a minimal C library to create uncompressed PNG images.
GitHub

2016
  Amazon Dash Button Fun
Make the Amazon Dash button useful using this IoT framework.
GitHub

  FAINT - FAult INjection Tester
FAINT is a fully automated tool to dynamically check the out of memory handling in C and C++ programs.
GitHub

  Configurable DES
Configurable DES provides a fully customizable DES implementation especially designed to test attacks against DES.
GitHub

  Jackbox Party Pack - Drawful Question Editor
A question editor for the Drawful game of Jackbox Party Pack based on my reverse-engineering of the file format.
GitHub

2015
  Universal Header Decoder
This tool decoded file headers based on a description file.
GitHub

  BF.js
A simple Javascript Brainfuck implementation for educational purposes.
GitHub

  ESP Trainer (German)
An interactive web application for learning C programming.
Run

2014
  TU Graz Newsreader
TU Graz Newsreader is an Android newsgroup reader for Graz University of Technology.
Info Play Store

2013
  Raspberry Webradio
Raspberry Webradio, a do-it-yourself internet streaming client using the Raspberry Pi.
Info GitHub

  C Declaration Explainer
This little tool can translate C variable declarations to human readable definitions.
Run

  AVR Fuse Calculator
An offline AVR fuse calculator, supporting 144 devices.
Play Store

  TU Graz Raumsuche (German)
App that provides a search functionality to find and locate rooms on the TU Graz Campus.
GitHub Play Store