Hi there! I am a PhD student at the RootSec lab. My research explores the security of microarchitecture and TEEs. I am a big fan of Coke Zero.
CV
PhD Student
CISPA / Saarland University
2022 – today
PhD Preparation
Saarbrücken Graduate School of CS
2021 – 2022
Security Researcher
PeckShield
2018 – 2021
Cybersecurity B.Sc.
University of Electronic Science and Technology of China
2015 – 2019
Publications
2026
SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs
Ruiyi Zhang,
Albert Cheu,
Adria Gascon,
Daniel Moghimi,
Phillipp Schoppmann, Michael Schwarz,
Octavian Suciu
NDSS
San Diego, CA, USA, February 23-27, 2026
2025
RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs
Fabian Thomas,
Eric García Arribas, Lorenz Hetterich, Daniel Weber, Lukas Gerlach, Ruiyi Zhang, Michael Schwarz
CCS
Taipei, Taiwan, October 13-17, 2025
Taming the Linux Memory Allocator for Rapid Prototyping
DIMVA
Graz University of Technology, Austria, July 9-11, 2025
ShadowLoad: Injecting State into Hardware Prefetchers
Lorenz Hetterich, Fabian Thomas, Lukas Gerlach, Ruiyi Zhang,
Nils Bernsdorf, Eduard Ebert, Michael Schwarz
ASPLOS
Rotterdam, Netherlands, March 30 - April 13, 2025
2024
CacheWarp: Software-based Fault Injection using Selective State Reset
Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich,
Youheng Lü,
Andreas Kogler, Michael Schwarz
USENIX Security
Philadelphia, PA, USA, August 14-16, 2024
2023
Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks
ESORICS
The Hague, The Netherlands, September 25-29, 2023
Reviving Meltdown 3a
ESORICS
The Hague, The Netherlands, September 25-29, 2023
(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels
USENIX Security
Anaheim, California, USA, August 9-11, 2023
A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs
S&P
San Francisco, California, USA, May 22-25, 2023
BibTeX Citation
@misc{zhang2026snpeek,
title={SNPeek: Side-Channel Analysis for Privacy Applications on Confidential VMs},
howpublished={NDSS},
author={Ruiyi Zhang and Albert Cheu and Adria Gascon and Daniel Moghimi and Phillipp Schoppmann and Michael Schwarz and Octavian Suciu},
year={2026}
}BibTeX Citation
@misc{thomas2025riscover,
title={RISCover: Automatic Discovery of User-exploitable Architectural Security Vulnerabilities in Closed-Source RISC-V CPUs},
howpublished={CCS},
author={Fabian Thomas and Eric García Arribas and Lorenz Hetterich and Daniel Weber and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
year={2025}
}BibTeX Citation
@misc{zhang2025mapalloc,
title={Taming the Linux Memory Allocator for Rapid Prototyping},
howpublished={DIMVA},
author={Ruiyi Zhang and Tristan Hornetz and Lukas Gerlach and Michael Schwarz},
year={2025}
}BibTeX Citation
@misc{hetterich2025shadowload,
title={ShadowLoad: Injecting State into Hardware Prefetchers},
howpublished={ASPLOS},
author={Lorenz Hetterich and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Nils Bernsdorf and Eduard Ebert and Michael Schwarz},
year={2025}
}BibTeX Citation
@misc{zhang2024cachewarp,
title={CacheWarp: Software-based Fault Injection using Selective State Reset},
howpublished={USENIX Security},
author={Ruiyi Zhang and Lukas Gerlach and Daniel Weber and Lorenz Hetterich and Youheng Lü and Andreas Kogler and Michael Schwarz},
year={2024}
}BibTeX Citation
@misc{weber2023masc,
title={Indirect Meltdown: Building Novel Side-Channel Attacks from Transient Execution Attacks},
howpublished={ESORICS},
author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
year={2023}
}BibTeX Citation
@misc{weber2023meltdown3a,
title={Reviving Meltdown 3a},
howpublished={ESORICS},
author={Daniel Weber and Fabian Thomas and Lukas Gerlach and Ruiyi Zhang and Michael Schwarz},
year={2023}
}BibTeX Citation
@misc{zhang2023mwait,
title={(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels},
howpublished={USENIX Security},
author={Ruiyi Zhang and Taehyun Kim and Daniel Weber and Michael Schwarz},
year={2023}
}BibTeX Citation
@misc{gerlach2023riscv,
title={A Security RISC: Microarchitectural Attacks on Hardware RISC-V CPUs},
howpublished={S\&P},
author={Lukas Gerlach and Daniel Weber and Ruiyi Zhang and Michael Schwarz},
year={2023}
}Blog Posts
StackWarp: Exploiting Stack Layout Vulnerabilities in Modern Processors
January 14, 2026
CPU Security
Trusted Execution Environments
Talks
2022
(M)Wait For It: Bridging the Gap Between Microarchitectural and Architectural Side Channels
Black Hat MEA
Riyadh, Saudi Arabia, November 17, 2022
BibTeX Citation
@misc{zhang2022m,
title={(M)Wait For It: Bridging the Gap Between Microarchitectural and Architectural Side Channels},
howpublished={Black Hat MEA},
author={Ruiyi Zhang and Daniel Weber},
year={2022}
}