Lorenz Hetterich

PhD Student

Hi! I am a PhD student at Saarland University working for the CISPA Helmholtz Center for Information Security under the supervision of Dr. Michael Schwarz. My main focus is on transient execution attacks and microachitectural side channels on Arm processors, especially the Apple M1.

CV

PhD Student

CISPA / Saarland University

2023 – today

PhD Preparation

Saarbrücken Graduate School of CS

2021 – 2023

Cybersecurity B.Sc.

Saarland University

2018 – 2021

Publications

2026

InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions

Lorenz Hetterich, Fabian Thomas, Tristan Hornetz, Michael Schwarz

USENIX Security Baltimore, Maryland, USA, August 12-14, 2026

PDF

2025

RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs

Fabian Thomas, Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

CCS Taipei, Taiwan, October 13-17, 2025

PDF GITHUB INFO

Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage

Mikka Rainer, Lorenz Hetterich, Fabian Thomas, Tristan Hornetz, Leon Trampert, Lukas Gerlach, Michael Schwarz

S&P San Francisco, California, USA, May 12-15, 2025

PDF GITHUB

Peripheral Instinct: How External Devices Breach Browser Sandboxes

Leon Trampert, Lorenz Hetterich, Lukas Gerlach, Mona Schappert, Christian Rossow, Michael Schwarz

WWW Sydney, Australia, April 8 - May 2, 2025

PDF GITHUB

ShadowLoad: Injecting State into Hardware Prefetchers

Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Nils Bernsdorf, Eduard Ebert, Michael Schwarz

ASPLOS Rotterdam, Netherlands, March 30 - April 13, 2025

PDF GITHUB

2024

CacheWarp: Software-based Fault Injection using Selective State Reset

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz

USENIX Security Philadelphia, PA, USA, August 14-16, 2024

PDF GITHUB INFO

Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8

Markus Bauer, Lorenz Hetterich, Christian Rossow, Michael Schwarz

ASIACCS Singapore, July 1-5, 2024

PDF GITHUB

2023

FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers

Till Schlüter, Amit Choudhari, Lorenz Hetterich, Leon Trampert, Hamed Nemati, Ahmad Ibrahim, Michael Schwarz, Christian Rossow, Nils Ole Tippenhauer

CCS Copenhagen, Denmark, November 26-30, 2023

PDF GITHUB

2022

Branch Different - Spectre Attacks on Apple Silicon

Lorenz Hetterich, Michael Schwarz

DIMVA Cagliari, Italy, June 29 - July 1, 2022

PDF GITHUB

@misc{hetterich2026instrsem,
  title={InstrSem: Automatically and Generically Inferring Semantics of (Undocumented) CPU Instructions},
  howpublished={USENIX Security},
  author={Lorenz Hetterich and Fabian Thomas and Tristan Hornetz and Michael Schwarz},
  year={2026}
}

@misc{thomas2025riscover,
  title={RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs},
  howpublished={CCS},
  author={Fabian Thomas and Eric García Arribas and Lorenz Hetterich and Daniel Weber and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
  year={2025}
}

@misc{rainer2025rapid,
  title={Rapid Reversing of Non-Linear CPU Cache Slice Functions: Unlocking Physical Address Leakage},
  howpublished={S\&P},
  author={Mikka Rainer and Lorenz Hetterich and Fabian Thomas and Tristan Hornetz and Leon Trampert and Lukas Gerlach and Michael Schwarz},
  year={2025}
}

@misc{trampert2025peripheralinstinct,
  title={Peripheral Instinct: How External Devices Breach Browser Sandboxes},
  howpublished={WWW},
  author={Leon Trampert and Lorenz Hetterich and Lukas Gerlach and Mona Schappert and Christian Rossow and Michael Schwarz},
  year={2025}
}

@misc{hetterich2025shadowload,
  title={ShadowLoad: Injecting State into Hardware Prefetchers},
  howpublished={ASPLOS},
  author={Lorenz Hetterich and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Nils Bernsdorf and Eduard Ebert and Michael Schwarz},
  year={2025}
}

@misc{zhang2024cachewarp,
  title={CacheWarp: Software-based Fault Injection using Selective State Reset},
  howpublished={USENIX Security},
  author={Ruiyi Zhang and Lukas Gerlach and Daniel Weber and Lorenz Hetterich and Youheng Lü and Andreas Kogler and Michael Schwarz},
  year={2024}
}

@misc{bauer2024switchpoline,
  title={Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8},
  howpublished={ASIACCS},
  author={Markus Bauer and Lorenz Hetterich and Christian Rossow and Michael Schwarz},
  year={2024}
}

@misc{schlueter2023fetchbench,
  title={FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers},
  howpublished={CCS},
  author={Till Schlüter and Amit Choudhari and Lorenz Hetterich and Leon Trampert and Hamed Nemati and Ahmad Ibrahim and Michael Schwarz and Christian Rossow and Nils Ole Tippenhauer},
  year={2023}
}

@misc{hetterich2022applespectre,
  title={Branch Different - Spectre Attacks on Apple Silicon},
  howpublished={DIMVA},
  author={Lorenz Hetterich and Michael Schwarz},
  year={2022}
}

Talks

2024

Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V

Fabian Thomas, Lorenz Hetterich

Black Hat USA Las Vegas, USA, August 7, 2024

INFO

@misc{thomas2024arbitrary,
  title={Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V},
  howpublished={Black Hat USA},
  author={Fabian Thomas and Lorenz Hetterich},
  year={2024}
}