Large language model supply chain: A research agenda
The rapid advancement of large language models (LLMs) has revolutionized artificial
intelligence, introducing unprecedented capabilities in natural language processing and …
intelligence, introducing unprecedented capabilities in natural language processing and …
Ileakage: Browser-based timerless speculative execution attacks on apple devices
Over the past few years, the high-end CPU market is undergoing a transformational change.
Moving away from using x86 as the sole architecture for high performance devices, we have …
Moving away from using x86 as the sole architecture for high performance devices, we have …
DVFS frequently leaks secrets: Hertzbleed attacks beyond SIKE, cryptography, and CPU-only data
Y Wang, R Paccagnella, A Wandke… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
The recent Hertzbleed disclosure demonstrates how remote-timing analysis can reveal
secret information previously only accessible to local-power analysis. At worst, this …
secret information previously only accessible to local-power analysis. At worst, this …
Testing side-channel security of cryptographic implementations against future microarchitectures
How will future microarchitectures impact the security of existing cryptographic
implementations? As we cannot keep reducing the size of transistors, chip vendors have …
implementations? As we cannot keep reducing the size of transistors, chip vendors have …
Generic and Automated Drive-by GPU Cache Attacks from the Browser
In recent years, the use of GPUs for general-purpose computations has steadily increased.
As security-critical computations like AES are becoming more common on GPUs, the …
As security-critical computations like AES are becoming more common on GPUs, the …
[PDF][PDF] Power-Related Side-Channel Attacks using the Android Sensor Framework
M Oberhuber, M Unterguggenberger… - … 2025: NDSS 2025, 2025 - andreaskogler.com
Software-based power side-channel attacks are a significant security threat to modern
computer systems, enabling adversaries to extract confidential information. Existing attacks …
computer systems, enabling adversaries to extract confidential information. Existing attacks …
[PDF][PDF] GoFetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers
Microarchitectural side-channel attacks have shaken the foundations of modern processor
design. The cornerstone defense against these attacks has been to ensure that security …
design. The cornerstone defense against these attacks has been to ensure that security …
Remote scheduler contention attacks
In this paper, we investigate unexplored aspects of scheduler contention: We systematically
study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We …
study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We …
Pixel Thief: Exploiting {SVG} Filter Leakage in Firefox and Chrome
S O'Connell, LA Sour, R Magen, D Genkin… - 33rd USENIX Security …, 2024 - usenix.org
Web privacy is challenged by pixel-stealing attacks, which allow attackers to extract content
from embedded iframes and to detect visited links. To protect against multiple pixelstealing …
from embedded iframes and to detect visited links. To protect against multiple pixelstealing …
SysBumps: Exploiting Speculative Execution in System Calls for Breaking KASLR in macOS for Apple Silicon
Apple silicon is the proprietary ARM-based processor that powers the mainstream of Apple
devices. The move to this proprietary architecture presents unique challenges in addressing …
devices. The move to this proprietary architecture presents unique challenges in addressing …