Michael Schwarz

I am an infosec Ph.D. student at Graz University of Technology. I am part of the Secure Systems group at the Institute of Applied Information Processing and Communications.
As part of the university's CTF team I frequently participate in CTFs.
During the semester I teach Systems Programming, Operating Systems and Security Aspects in Software Development.


Publications

2019
  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom
40th IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 20-22, 2019
E-print arXiv:1801.01203, January 2018
CVE: CVE-2017-5753, CVE-2017-5715
Info Wikipedia

2018
  NetSpectre: Read Arbitrary Memory over Network
Michael Schwarz, Martin Schwarzl, Moritz Lipp, Daniel Gruss
E-print arXiv:1807.10535, July 2018
Media: The Register, GBHackers, SecurityWeek, Heise, BleepingComputer
Wikipedia

  Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg
27th USENIX Security Symposium (USESEC), Baltimore, Maryland, USA, August 15-17, 2018
E-print arXiv:1801.01207, January 2018
CVE: CVE-2017-5754
Info Wikipedia GitHub Slides

  Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clémentine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard
13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS), Songdo, Incheon, Korea, June 4-8, 2018 (AR: 20.0%)
E-print arXiv:1711.01254, November 2017
GitHub Slides

  Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services
Daniel Gruss, Michael Schwarz, Matthias Wübbeling, Simon Guggi, Timo Malderle, Stefan More, Moritz Lipp
13th ACM ASIA Conference on Information, Computer and Communications Security (AsiaCCS), Songdo, Incheon, Korea, June 4-8, 2018 (AR: 20.0%)

  Another Flip in the Wall of Rowhammer Defenses
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom
39th IEEE Symposium on Security and Privacy (S&P), San Francisco, California, USA, May 21-23, 2018 (AR: 10.0%)
Media: BleepingComputer, SecurityNow, TU Graz, The Register
GitHub Recording

  JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss
Network and Distributed System Security Symposium 2018 (NDSS), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)
Media: BleepingComputer, TechGig, Medium
GitHub Slides Recording

  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard
Network and Distributed System Security Symposium 2018 (NDSS), San Diego, California, USA, February 18-21, 2018 (AR: 21.5%)
GitHub Slides Recording

2017
  Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard
22nd European Symposium on Research in Computer Security (ESORICS), Oslo, Norway, September 11-15, 2017 (AR: 15.9%)
GitHub Slides

  Quality Assurance for Human Computation Based Recommendation
Michael Schwarz
Master's Thesis, Graz University of Technology, June 13, 2017
Slides

  KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard
International Symposium on Engineering Secure Software and Systems (ESSoS), Bonn, Germany, July 4-5, 2017 (AR: 46.9%)
Wikipedia GitHub Slides

  Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard
14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Bonn, Germany, July 6-7, 2017 (AR: 26.9%)
E-print arXiv:1702.08719, February 2017
Media: The Register, Schneier on Security, Information Security Newspaper, SecurityIntelligence, Digital Trends, BleepingComputer, SecurityWeek
Wikipedia Slides

  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Michael Schwarz, Clémentine Maurice, Daniel Gruss and Stefan Mangard
Financial Cryptography and Data Security 2017 (FC), Sliema, Malta, April 3-7, 2017
Media: Mozilla Security Blog
Slides

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Römer, Stefan Mangard
Network and Distributed System Security Symposium 2017 (NDSS), San Diego, California, USA, February 26 - March 1, 2017 (AR: 16.1%)
Media: The Register
Info Slides Recording

2016
  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Master's Thesis, Graz University of Technology, October 13, 2016
Slides

  Human computation for constraint-based recommenders
Thomas Ulz, Michael Schwarz, Alexander Felfernig, Sarah Haas, Amal Shehadeh, Stefan Reiterer, Martin Stettinger
Journal of Intelligent Information Systems (JIIS), September 28, 2016

  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard
25th USENIX Security Symposium (USESEC), Austin, Texas, USA, August 10-12, 2016 (AR: 15.6%)
Info GitHub Slides Recording

2015
  Peopleviews: Human computation for constraint-based recommendation
Alexander Felfernig, Thomas Ulz, Sarah Haas, Michael Schwarz, Stefan Reiterer, Martin Stettinger
ACM RecSys 2015 CrowdRec Workshop (RecSys), Vienna, Austria, September 19, 2015
Slides

  Human computation based acquisition of financial service advisory practices
Alexander Felfernig, Michael Jeran, Martin Stettinger, Thomas Absenger, Thomas Gruber, Sarah Haas, Emanuel Kirchengast, Michael Schwarz, Lukas Skofitsch, Thomas Ulz
1st International Workshop on Personalization & Recommender Systems in Financial Services (FinRec), Graz, Austria, April 16, 2015

2014
  Recturk: Constraint-based recommendation based on human computation
Alexander Felfernig, Sarah Haas, Gerald Ninaus, Michael Schwarz, Thomas Ulz, Martin Stettinger, Klaus Isak, Michael Jeran, Stefan Reiterer
ACM RecSys 2014 CrowdRec Workshop (RecSys), Silicon Valley, California, USA, October 6, 2014


Presentations

2018
  Red Team vs Blue Team: Memory Safety, Exploitation, and Countermeasures
Michael Schwarz
Graz Security Days for Industry, Graz, Austria, September 4-5, 2018
Info

  Runtime Security Lab
Michael Schwarz
Training @ School on Security & Correctness in the Internet of Things, Graz, Austria, September 3-7, 2018
Info

  Hacking (in) Games - Protecting your Games and your Gamers
Michael Schwarz, Daniel Gruss
Invited Talk @ Game Dev Days, Graz, Austria, August 31 - September 2, 2018
Info

  Another Flip in the Row
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Info Whitepaper Demo

  Meltdown: Basics, Details, Consequences
Daniel Gruss, Michael Schwarz, Moritz Lipp
BlackHat USA, Mandalay Bays, Las Vegas, USA, August 4-9, 2018
Media: Reuters, CNBC
Info

  DRAMA: Exploiting DRAM Buffers for Fun and Profit
Michael Schwarz
Shortlisted Candidate Talk @ Forum Technik und Gesellschaft, Graz, Austria, June 6, 2018
Info

  Fehlerfreie Software und trotzdem unsicher? Eine Einführung in die Mikroarchitekturangriffe anhand von Meltdown, Spectre, und Rowhammer
Daniel Gruss, Moritz Lipp, Michael Schwarz
Invited Talk @ Monat der freien Bildung, Graz, Austria, May 25, 2018
Info

  Flush+Reload, Meltdown, Spectre, Rowhammer
Michael Schwarz
Guest Talk @ BORG Monsberger, Graz, Austria, May 25, 2018

  Meltdown and Spectre: Side-channels considered hARMful
Moritz Lipp, Michael Schwarz
Qualcomm Mobile Security Summit, San Diego, California, USA, May 16-18, 2018
Info

  X-Factor: Das Unfassbare - Die Geschichte von Meltdown und Spectre
Michael Schwarz
Grazer Linuxtage, Graz, Austria, April 27-28, 2018
Info Recording

  When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
Michael Schwarz, Moritz Lipp
BlackHat Asia, Marina Bay Sands, Singapore, March 20-23, 2018
Media: DARKReading
Info Whitepaper Demo

  Rowhammer: From the Basics to Sophisticated New Variants
Moritz Lipp, Michael Schwarz
Guest Talk @ Qualcomm, San Diego, California, USA, February 21, 2018

  Spectre and Meltdown on x86 and ARM
Michael Schwarz, Moritz Lipp, Stefan Mangard
Guest Talk @ NXP, Gratkorn, Austria, February 15, 2018

  Microarchitectural Attacks and Defenses in JavaScript
Michael Schwarz, Daniel Gruss, Moritz Lipp
Guest Talk @ Google, Munich, Germany, January 25, 2018

  Beyond Belief: The Case of Spectre and Meltdown
Daniel Gruss, Moritz Lipp, Michael Schwarz
Keynote @ BlueHat IL, Tel Aviv, Israel, January 24, 2018
Info Recording

  Prozessorlücken: Wer ist betroffen und was ist zu tun?
Michael Schwarz, Wolfgang Prentner, Benjamin Borchers
Webinar @ colited, January 16, 2018

2017
  Hello from the Other Side: Reliable Communication over Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
Invited Talk @ ISACA Venice V Conference on Application Security and Modern Technologies, Mestre, Venice, Italy, October 6, 2017
Info

  Cash Attacks on SGX
Daniel Gruss, Michael Schwarz
Invited Talk @ Breaking Bitcoin, Paris, France, September 9-10, 2017
Info Recording

  Programming Lab Binary Exploitation (ARM)
Michael Schwarz
Training @ IACR Cryptology School 2017 Security & Correctness in the IoT, Graz, Austria, May 8-12, 2017
Info

  Robust Cache Covert Channels in the Cloud
Michael Schwarz
Rump Session @ Financial Cryptography, Sliema, Malta, April 2-7, 2017

  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Michael Schwarz, Manuel Weber
BlackHat Asia, Marina Bay Sands, Singapore, March 30-31, 2017
Media: The Register
Info GitHub Recording Whitepaper Demo

2016
  DRAMA: How your DRAM becomes a security problem
Michael Schwarz, Anders Fogh
BlackHat Europe, London, United Kingdom, November 3-4, 2016
Media: The Register
Info GitHub Recording Whitepaper Demo

  CTF Training Session: Easy Crypto & ECDSA
Michael Schwarz
Training @ LosFuzzys CTF Training, Graz, Austria, September 13, 2016


Awards

2018
  Pwnie Award for Best Privilege Escalation Bug
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg, Jann Horn, Anders Fogh
BlackHat USA, Las Vegas, USA, August 8, 2018

  Pwnie Award for Most Innovative Research
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
BlackHat USA, Las Vegas, USA, August 8, 2018


  CVE-2017-5754
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Meltdown - CPU vulnerability allowing to leak kernel memory from user space, January 4, 2018

  CVE-2017-5753, CVE-2017-5715
Jann Horn, Paul Kocher, Daniel Genkin, Mike Hamburg, Moritz Lipp, Yval Yarom, Werner Haas, Thomas Prescher, Daniel Gruss, Stefan Mangard, Michael Schwarz
Spectre - Speculative execution CPU vulnerability, January 4, 2018

2017
  Pwnie Award for Best Song
Manuel Weber, Daniel Gruss, Michael Schwarz, Moritz Lipp, Rebekka Aigner
BlackHat USA, Las Vegas, USA, July 26, 2017

2016
  IAIK Student Research Excellence Awards
Michael Schwarz
IAIK Graz University of Technology, Graz, Austria, December 2, 2016


Projects

2018
  Colorful printf
A printf wrapper supporting color tags, spinners, and progress bars.
GitHub

2017
  asciicast2vector
Convert asciicast (asciinema recordings) to vector graphics (SVG and TikZ).
GitHub

  LiveTikZ
A live preview for TikZ drawings.
GitHub

  ProcDetails
The ProcDetails kernel module shows details about procfs files.
GitHub

  libattopng
libattopng is a minimal C library to create uncompressed PNG images.
GitHub

2016
  Amazon Dash Button Fun
Make the Amazon Dash button useful using this IoT framework.
GitHub

  FAINT - FAult INjection Tester
FAINT is a fully automated tool to dynamically check the out of memory handling in C and C++ programs.
GitHub

  Configurable DES
Configurable DES provides a fully customizable DES implementation especially designed to test attacks against DES.
GitHub

  Jackbox Party Pack - Drawful Question Editor
A question editor for the Drawful game of Jackbox Party Pack based on my reverse-engineering of the file format.
GitHub

2015
  Universal Header Decoder
This tool decoded file headers based on a description file.
GitHub

  BF.js
A simple Javascript Brainfuck implementation for educational purposes.
GitHub

  ESP Trainer (German)
An interactive web application for learning C programming.
Run

2014
  TU Graz Newsreader
TU Graz Newsreader is an Android newsgroup reader for Graz University of Technology.
Info Play Store

2013
  Raspberry Webradio
Raspberry Webradio, a do-it-yourself internet streaming client using the Raspberry Pi.
Info GitHub

  C Declaration Explainer
This little tool can translate C variable declarations to human readable definitions.
Run

  AVR Fuse Calculator
An offline AVR fuse calculator, supporting 144 devices.
Play Store

  TU Graz Raumsuche (German)
App that provides a search functionality to find and locate rooms on the TU Graz Campus.
GitHub Play Store