I'm an infosec researcher working as a postdoc in the Secure Systems group at the Graz University of Technology, Institute of Applied Information Processing and Communications (see my profile there), where I also obtained my PhD in June 2017. In summer 2016 I've been an intern at Microsoft Research Cambridge. In my research I explore software-based microarchitectural attacks and operating system features.

I teach undergraduate courses (Operating Systems, System-Level Programming) and graduate courses (Embedded Security, Security Aspects in Software Development).

 

Publications

2019
May
  Spectre Attacks: Exploiting Speculative Execution
Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.    
S&P'19, San Francisco, California, USA, May 20-22, 2019.     [Conference] [Pre-print (Jan'18)] [Wikipedia]
2018
August
  Meltdown: Reading Kernel Memory from User Space
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, Mike Hamburg.    
(conditionally accepted to) 27th USENIX Security Symposium, Baltimore, MD, USA, August 15-17, 2018 (AR: 19.2%).     [Conference] [Code Examples] [Wikipedia]
June   Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Michael Schwarz, Daniel Gruss, Moritz Lipp, Clémentine Maurice, Thomas Schuster, Anders Fogh, Stefan Mangard.    
AsiaCCS'18, Songdo, Incheon, Korea, Jun 4-8, 2018 (AR: 20.0%).     [Conference]
  Use-After-FreeMail: Generalizing the Use-After-Free Problem and Applying it to Email Services
Daniel Gruss, Michael Schwarz, Matthias Wübbeling, Simon Guggi, Timo Malderle, Stefan More, Moritz Lipp.    
AsiaCCS'18, Songdo, Incheon, Korea, Jun 4-8, 2018 (AR: 20.0%).     [Conference]
  ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android
Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, Stefan Mangard.    
AsiaCCS'18, Songdo, Incheon, Korea, Jun 4-8, 2018 (AR: 20.0%).     [Conference]
May   Another Flip in the Wall of Rowhammer Defenses
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, Yuval Yarom.    
S&P'18, San Francisco, California, USA, May 21-23, 2018 (AR: 11.5%).     [Conference] [Code Examples] [Pre-print (Oct'17)]
February   JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss.    
NDSS'18, San Diego, California, USA, February 18-21, 2018 (AR: 21.5%).     [Program] [Github]
  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks
Michael Schwarz, Moritz Lipp, Daniel Gruss, Samuel Weiser, Clémentine Maurice, Raphael Spreitzer, Stefan Mangard.    
NDSS'18, San Diego, California, USA, February 18-21, 2018 (AR: 21.5%).     [Program] [Github] [Pre-print (Jun'17)]
2017
September
  Practical Keystroke Timing Attacks in Sandboxed JavaScript
Moritz Lipp, Daniel Gruss, Michael Schwarz, David Bidner, Clémentine Maurice, Stefan Mangard.    
ESORICS'17, Oslo, Norway, September 11-15, 2017 (AR: 15.9%).     [Program]
August   Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory
Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, Manuel Costa.    
26th USENIX Security Symposium, Vancouver, BC, Canada, August 16-18, 2017 (AR: 16.3%).     [Session]
July   KASLR is Dead: Long Live KASLR
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, Stefan Mangard.    
ESSoS'17, Bonn, Germany, July 2017 (AR: 46.9%).     [Program] [Github] [Wikipedia]
  Malware Guard Extension: Using SGX to Conceal Cache Attacks
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, Stefan Mangard.    
DIMVA'17, Bonn, Germany, July 6-7, 2017 (AR: 26.9%).     [Program] [Slides] [Extended Version]
June   Software-based Microarchitectural Attacks
Daniel Gruss.    
PhD Thesis, Graz University of Technology. June 14, 2017.     [Slides] [Part I only]
April   Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript
Michael Schwarz, Clémentine Maurice, Daniel Gruss, Stefan Mangard.    
FC'17, Malta, April 2017.     [Program] [Slides]
February   Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud
Clémentine Maurice, Manuel Weber, Michael Schwarz, Lukas Giner, Daniel Gruss, Carlo Alberto Boano, Kay Römer, Stefan Mangard.    
NDSS'17, San Diego, California, USA, February 2017 (AR: 16.1%).     [Session] [Slides] [Github] [BlackHat Asia] [BlackHat Asia Recording] [Live Demo] [Pwnie Award for Best Song]
2016
October
  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR
Daniel Gruss, Anders Fogh, Clémentine Maurice, Moritz Lipp, Stefan Mangard.    
CCS'16, Vienna, Austria, October 24-28, 2016 (AR: 16.4%).     [Slides] [Github]
  Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida.    
CCS'16, Vienna, Austria, October 24-28, 2016 (AR: 16.4%).     [Project Website]
August   DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard.    
25th USENIX Security Symposium, Austin, Texas, USA, August 10-12, 2016 (AR: 15.6%).     [Session] [Pre-print (Nov'15)] [Slides] [Github] [BlackHat Europe]
  ARMageddon: Cache Attacks on Mobile Devices
Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, Stefan Mangard.    
25th USENIX Security Symposium, Austin, Texas, USA, August 10-12, 2016 (AR: 15.6%).     [Session] [Pre-print (Nov'15)] [Slides] [Github] [BlackHat Europe]
July   Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript
Daniel Gruss, Clémentine Maurice, Stefan Mangard.    
DIMVA'16, Donostia-San Sebastián, Spain, July 7-8, 2016 (AR: 31.8%).     [Conference] [Github] [Pre-print (Jul'15)] [Golem] [Slate] [Heise] [c't] [Vice] [Wikipedia]
  Flush+Flush: A Fast and Stealthy Cache Attack
Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard.    
DIMVA'16, Donostia-San Sebastián, Spain, July 7-8, 2016 (AR: 31.8%).     [Conference] [Pre-print (Nov'15)] [Github]
2015
September
  Practical Memory Deduplication Attacks in Sandboxed Javascript
Daniel Gruss, David Bidner, Stefan Mangard.    
ESORICS'15, Vienna, Austria, September 23-25, 2015 (AR: 20.1%).     [Conference] [Slides] [PoC by David Bidner]
August   Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches
Daniel Gruss, Raphael Spreitzer, Stefan Mangard.    
24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015 (AR: 15.7%).     [Session] [Lightning Talk] [Slides] [Github]

Presentations

2018
August
  Another Flip in the Row
Joint presentation with Moritz Lipp and Michael Schwarz @ BlackHat USA 2018, Las Vegas, USA, August 4 - August 9, 2018
  Meltdown: Basics, Details, Consequences
Joint presentation with Moritz Lipp and Michael Schwarz @ BlackHat USA 2018, Las Vegas, USA, August 4 - August 9, 2018
June   Microarchitectural Attacks: From the Basics to Arbitrary Read and Write Primitives without any Software Bugs
Talk @ Radboud University Digital Security Group, Nijmegen, Netherlands, June 19, 2018
  Microarchitectural Attacks: From the Basics to Arbitrary Read and Write Primitives without any Software Bugs
Invited Talk @ Austrian Computer Science Day, Salzburg, Austria, June 15, 2018
  Software-based Microarchitectural Attacks
Shortlisted Candidate Talk @ Forum Technik und Gesellschaft, Graz, Austria, June 6, 2018
May   Software-based Microarchitectural Attacks
Shortlisted Candidate Talk @ Oesterreichische Computer Gesellschaft, Vienna, Austria, May 30, 2018
  Fehlerfreie Software und trotzdem unsicher? Eine Einführung in die Mikroarchitekturangriffe anhand von Meltdown, Spectre, und Rowhammer
Talk @ Monat der freien Bildung, Graz, Austria, May 25, 2018
  The Story of Meltdown and Spectre
Talk @ RuhrSec, Bochum, Germany, May 17-18, 2018
  Software-basierte Mikroarchitekturangriffe
Shortlisted Candidate Talk @ GI-Dissertationspreis 2017 Kolloquium, Dagstuhl, Germany, May 6-9, 2018
April   Microarchitectural Attacks: Meltdown and Spectre
Invited Talk @ Natixis Open Day, Porto, Portugal, April 21, 2018
  How to have a Meltdown
Training @ CRYPTACUS Training School, Azores, Portugal, April 16-20, 2018
  Software-based Microarchitectural Attacks
Invited Talk @ CRYPTACUS Training School, Azores, Portugal, April 16-20, 2018
  Microarchitectural Attacks: From the Basics to Arbitrary Read and Write Primitives without any Software Bugs
Invited Talk @ Symposium and Bootcamp on the Science of Security (HotSoS), Raleigh, NC, USA, April 10-11, 2018
March   Software-based Microarchitectural Attacks
Invited Talk @ RISE Spring School, Cambridge, UK, March 28-29, 2018
  Software-based Microarchitectural Attacks: What do we learn from Meltdown and Spectre?
Guest Talk @ Apple, Cupertino, California, USA, March 27, 2018
  Microarchitectural Attacks and the Case of Meltdown and Spectre
Invited Talk @ Insomni'hack, Geneva, Switzerland, March 22-23, 2018
  Software-based Microarchitectural Attacks
Talk @ Security and Privacy Group, University of Birmingham, UK, March 21, 2018
  Microarchitectural Attacks: Meltdown, Spectre, Rowhammer
Talk @ King's College London, UK, March 20, 2018
  Microarchitectural Attacks: From the Basics to Arbitrary Read and Write Primitives without any Software Bugs
Talk @ CISPA Saarland, Saarbrücken, Germany, March 16, 2018
  Microarchitectural Attacks: Meltdown, Spectre, Rowhammer
Invited Talk @ Austrian Trust Circle der öffentlichen Verwaltung, Salzburg, Austria, March 1, 2018
February   Kurzüberblick zu Meltdown und Spectre
Invited Talk @ Digitaldialog, Graz, Austria, February 27, 2018
  Software-based Microarchitectural Attacks
Invited Talk @ NeCS Cyber Security Winter School, Trento, Italy, February 12-16, 2018
  Microarchitectural Attacks: From the Basics to Arbitrary Read and Write Primitives
Guest Talk @ Microsoft Research Cambridge, UK, February 05, 2018
January   Brief Overview on Meltdown and Spectre
Talk @ European Government CERT Meeting, Vienna, Austria, January 26, 2018
  Microarchitectural Attacks and Defenses in JavaScript
Guest Talk (Joint presentation with Moritz Lipp and Michael Schwarz) @ Google, Munich, Germany, January 25, 2018
  Beyond Belief: The Case of Spectre and Meltdown
Keynote (Joint presentation with Moritz Lipp and Michael Schwarz) @ BlueHat IL, Tel Aviv, Israel, January 24, 2018
  Software-based Microarchitectural Attacks
Invited Talk @ CERT.at IT Security Stammtisch, Vienna, Austria, January 10, 2018
2017
November
  Why SGX design flaws hinder its application in cloud computing
Invited Talk @ Workshop on Cryptography for the Internet of Things and Cloud, Bochum, Germany, November 06-07, 2017
October   Oh my Cache! 2 - More fun with caches.
Guest Talk @ QSP Lab, University of Innsbruck, Innsbruck, Austria, October 13, 2017
September   Cash Attacks on SGX
Invited Talk (Joint presentation with Michael Schwarz) @ Breaking Bitcoin, Paris, France, September 09-10, 2017
June   Rowhammer Attacks: An Extended Walkthrough Guide
Guest Talk @ SBA Research, Vienna, Austria, June 27, 2017
May   How processor performance is tied to side-channel leakage: With great speed comes great leakage
Joint presentation with Moritz Lipp @ Qualcomm Mobile Security Summit, San Diego, CA, USA, May 18-19, 2017
  Rowhammer Attacks: A Walkthrough Guide
Joint presentation with Clémentine Maurice @ RuhrSec, Bochum, Germany, May 4-5, 2017
2016
October
  Microarchitectural Incontinence - You would leak too if you were so fast!
Invited talk @ 13th Hacktivity conference, Budapest, Hungary, October 21-22, 2016
  Oh my Cache! - Introduction to having fun with your Cache.
Guest Talk @ QSP Lab, University of Innsbruck, Innsbruck, Austria, October 21, 2016
August   Microarchitectural Attacks (and what we can do against them)
Guest Talk @ Constructive Security Group, Microsoft Research Cambridge, UK, August 25, 2016
  Software-based Microarchitectural Attacks
Guest Talk @ Qualcomm, San Diego, California, USA, August 8, 2016
  Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process
Joint presentation with Anders Fogh @ BlackHat USA 2016, Las Vegas, USA, July 30 - August 4, 2016
April   Cache Side-Channel Attacks and the case of Rowhammer
Invited talk @ RuhrSec, Bochum, Germany, April 28-29, 2016
2015
December
  Rowhammer.js: Root privileges for web apps?
Joint presentation with Clémentine Maurice @ 32nd Chaos Communication Congress, Hamburg, Germany, December 27-30, 2015
November   Software-based Side-Channel and Fault Attacks
Invited Talk @ MooseCon 2015, Palo Alto, California, USA, November 19-20, 2015

Service

  • Technical Program Committee: CCS'18, WOOT '18, SPACE'18, WoSSCA'18
  • Reviewer: AJSE, PLOS ONE, IET Information Security
  • External Reviewer: PoPETS'18, DIMVA'17, EUROCRYPT'17, CHES'16, CT-RSA'16, DATE'16, CT-RSA'15, DATE'15, Indocrypt'15
  • On-site organization: COSADE'16