Michael Schwarz

Michael Schwarz

Faculty

I'm a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany, with a focus on microarchitectural side-channel attacks and system security. I obtained my PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology (advised by Daniel Gruss).

CV

Faculty

CISPA Helmholtz Center for Information Security

2020 - current

Postdoctoral researcher

Graz University of Technology

2019 - 2020

PhD

Graz University of Technology

2016 - 2019

Publications


2025
Cascading Spy Sheets: Exploiting the Complexity of Modern CSS for Email and Browser Fingerprinting

Leon Trampert, Daniel Weber, Lukas Gerlach, Christian Rossow, Michael Schwarz

NDSS

San

Diego,

California,

USA,

February 23-28

2025


2024
No Leakage Without State Change: Repurposing Configurable CPU Exceptions to Prevent Microarchitectural Attacks

Daniel Weber, Leonard Niemann, Lukas Gerlach, Jan Reineke, Michael Schwarz

ACSAC

Waikiki,

Hawaii,

USA,

December 9-13

2024

Switchpoline: A Software Mitigation for Spectre-BTB and Spectre-BHB on ARMv8

Markus Bauer, Lorenz Hetterich, Christian Rossow, Michael Schwarz

ASIACCS

Singapore,

July 1-5

2024

CacheWarp: Software-based Fault Injection using Selective State Reset

Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Youheng Lü, Andreas Kogler, Michael Schwarz

USENIX Security

Philadelphia,

PA,

USA,

August 14-16

2024

Efficient and Generic Microarchitectural Hash-Function Recovery

Lukas Gerlach, Simon Schwarz, Nicolas Faroß, Michael Schwarz

S&P

San

Francisco,

California,

USA,

May 20-23

2024


2023
FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers

Till Schlüter, Amit Choudhari, Lorenz Hetterich, Leon Trampert, Hamed Nemati, Ahmad Ibrahim, Michael Schwarz, Christian Rossow, Nils Ole Tippenhauer

CCS

Copenhagen,

Denmark,

November 26-30

2023

Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS

The

Hague,

The

Netherlands,

September 25-29

2023

Reviving Meltdown 3a

Daniel Weber, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz

ESORICS

The

Hague,

The

Netherlands,

September 25-29

2023

A Rowhammer Reproduction Study Using the Blacksmith Fuzzer

Lukas Gerlach, Fabian Thomas, Robert Pietsch, Michael Schwarz

ESORICS

The

Hague,

The

Netherlands,

September 25-29

2023

PDFCITE
Collide+Power: Leaking Inaccessible Data with Software-based Power Side Channels

Andreas Kogler, Jonas Juffinger, Lukas Giner, Lukas Gerlach, Martin Schwarzl, Michael Schwarz, Daniel Gruss, Stefan Mangard

USENIX Security

Anaheim,

California,

USA,

August 9-11

2023

Hammulator: Simulate Now - Exploit Later

Fabian Thomas, Lukas Gerlach, Michael Schwarz

DRAMSec

Virtual,

June 17

2023

A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs

Lukas Gerlach, Daniel Weber, Ruiyi Zhang, Michael Schwarz

S&P

San

Francisco,

California,

USA,

May 22-25

2023

Practical Timing Side-Channel Attacks on Memory Compression

Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, Daniel Gruss

S&P

San

Francisco,

California,

USA,

May 22-25

2023

PDFCITE
CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode

Pietro Borrello, Catherine Easdon, Martin Schwarzl, Roland Czerny, Michael Schwarz

WOOT

San

Francisco,

California,

USA,

May 25

2023

(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels

Ruiyi Zhang, Taehyun Kim, Daniel Weber, Michael Schwarz

USENIX Security

Anaheim,

California,

USA,

August 9-11

2023

PDFCITE
TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors

Dhiman Chakraborty, Michael Schwarz, Sven Bugiel

FC

Bol,

Brač,

Croatia,

May 1-5

2023

PDFCITE

2022
ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Pietro Borrello, Andreas Kogler, Martin Schwarzl, Moritz Lipp, Daniel Gruss, Michael Schwarz

USENIX Security

Boston,

Massachusetts,

USA,

August 10-12

2022

HyperDbg: Reinventing Hardware-Assisted Debugging

Mohammad Sina Karvandi, MohammadHossein Gholamrezaei, Saleh Khalaj Monfared, Soroush Meghdadizanjani, Behrooz Abbassi, Ali Amini, Reza Mortazavi, Saeid Gorgin, Dara Rahmati, Michael Schwarz

CCS

Los

Angeles,

California,

USA,

November 7-11

2022

Robust and Scalable Process Isolation against Spectre in the Cloud

Martin Schwarzl, Pietro Borrello, Andreas Kogler, Kenton Varda, Thomas Schuster, Michael Schwarz, Daniel Gruss

ESORICS

Copenhagen,

Denmark,

September 26 - 30

2022

PDFCITE
Browser-based CPU Fingerprinting

Leon Trampert, Christian Rossow, Michael Schwarz

ESORICS

Copenhagen,

Denmark,

September 26 - 30

2022

CPU Port Contention Without SMT

Thomas Rokicki, Clémentine Maurice, Michael Schwarz

ESORICS

Copenhagen,

Denmark,

September 26 - 30

2022

Branch Different - Spectre Attacks on Apple Silicon

Lorenz Hetterich, Michael Schwarz

DIMVA

Cagliari,

Italy,

June 29 - July 1

2022

Finding and Exploiting CPU Features using MSR Templating

Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz

S&P

San

Francisco,

California,

USA,

May 23-26

2022

Minefield: A Software-only Protection for SGX Enclaves against DVFS Attacks

Andreas Kogler, Daniel Gruss, Michael Schwarz

USENIX Security

Boston,

Massachusetts,

USA,

August 10-12

2022

AMD Prefetch Attacks through Power and Time

Moritz Lipp, Daniel Gruss, Michael Schwarz

USENIX Security

Boston,

Massachusetts,

USA,

August 10-12

2022

Repurposing Segmentation as a Practical LVI-NULL Mitigation in SGX

Lukas Giner, Andreas Kogler, Claudio Canella, Michael Schwarz, Daniel Gruss

USENIX Security

Boston,

Massachusetts,

USA,

August 10-12

2022

Rapid Prototyping for Microarchitectural Attacks

Catherine Easdon, Michael Schwarz, Martin Schwarzl, Daniel Gruss

USENIX Security

Boston,

Massachusetts,

USA,

August 10-12

2022


2021
Automating Seccomp Filter Generation for Linux Applications

Claudio Canella, Mario Werner, Daniel Gruss, Michael Schwarz

CCSW

Virtual,

November 14

2021

Osiris: Automated Discovery of Microarchitectural Side Channels

Daniel Weber, Ahmad Ibrahim, Hamed Nemati, Michael Schwarz, Christian Rossow

USENIX Security

Virtual,

August 11-13

2021

PLATYPUS: Software-based Power Side-Channel Attacks on x86

Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, Daniel Gruss

S&P

Virtual,

May 23-27

2021

Speculative Dereferencing of Registers: Reviving Foreshadow

Martin Schwarzl, Thomas Schuster, Michael Schwarz, Daniel Gruss

FC

Virtual,

March 1-5

2021

PDFCITE
Specfuscator: Evaluating Branch Removal as a Spectre Mitigation

Martin Schwarzl, Claudio Canella, Daniel Gruss, Michael Schwarz

FC

Virtual,

March 1-5

2021

PDFCITE

Talks


2024
Arbitrary Data Manipulation and Leakage with CPU Zero-Day Bugs on RISC-V

Fabian Thomas, Ruiyi Zhang, Michael Schwarz

Black Hat USA

Las

Vegas,

USA,

August 3-8

2024

CITEINFO

2023
With Great Power Comes Great Potential

Michael Schwarz

Tsinghua University

Beijing,

China,

December 11

2023

PDFCITE
A Security RISC? The State of Microarchitectural Attacks on RISC-V

Lukas Gerlach, Daniel Weber, Michael Schwarz

BlackHat Europe

London,

United

Kingdom,

December 7

2023

CITE
Keine Frage des ob, sondern des wann...

Michael Schwarz

Cyber Security Tag

Saarbruecken,

Germany,

September 27

2023

PDFCITE
Unsichere Webseiten Erkennen

Michael Schwarz

CISPA <3 IGB

St.

Ingbert,

Germany,

September 16

2023

PDFCITE
Beyond the Noise: Automated Discovery of Microarchitectural Security Leaks

Michael Schwarz

CISPA Summer School

Saarbruecken,

Germany,

August 23

2023

CITEINFO
Sichere die digitale Zukunft! - Smart Home und Passwortsicherheit

Michael Schwarz

Otto-Hahn-Gymnasium

Saarbruecken,

Germany,

March 1

2023

PDFCITE
Transient Execution Attacks

Moritz Lipp, Michael Schwarz, Daniel Gruss

IT-Defense

Mainz,

Germany,

February 9

2023


2022
From Random Observations to Automated Leakage Discovery

Michael Schwarz

International Winter School on Microarchitectural Security

Paris,

France,

December 5-9

2022

Bug-Free Software but Insecure Systems?

Michael Schwarz

Airbus & CISPA Day

Saarbrücken,

Germany,

November 30

2022

CITEINFO
Automated CPU-vulnerability Discovery

Michael Schwarz

EC Visit CISPA

Saarbrücken,

Germany,

November 16

2022

PDFCITE
From Random Timings to Data Leakage

Michael Schwarz

Mathematics Preparatory Course UdS

Saarbrücken,

Germany,

October 13

2022

PDFCITE
Sicherheit von Prozessoren

Michael Schwarz

Tag der offenen Tür | Universität des Saarlandes

Saarbruecken,

Germany,

May 21

2022

CPU Fuzzing for Discovering Hardware-caused Information Leakage

Michael Schwarz

hardwear.io

Virtual,

January 11

2022


2021
Learning Security through Gamified Challenges

Michael Schwarz

Best-Practice E-Learning an der UdS

Virtual,

November 17

2021

CITE
Unsichere Systeme trotz fehlerfreier Software? Wie Hardware die Sicherheit von Software untergräbt

Michael Schwarz

Regionaltagung des Senior Experten Service

IHK

Saarland,

October 21

2021

PDFCITE
Seitenkanal-Angriffe: Wie Seiteneffekte Geheimnisse Verraten

Michael Schwarz

CISPA Roadshow

Virtual

Event,

September 18

2021

CITEINFO
Pubquiz zur Informatik und Cybersicherheit

Michael Schwarz

CISPA Roadshow

Virtual

Event,

September 18

2021

CITEINFO
Pubquiz rund um Informatik und Cybersicherheit

Michael Schwarz

Digitaltag

Virtual

Event,

June 18

2021

CITEINFO
Enter Sandbox

Claudio Canella, Mario Werner, Michael Schwarz

BlackHat Asia

Virtual

Event,

May 6-7

2021