Daniel Gruß

Ass.Prof. Dipl.-Ing. Dr.techn., BSc

20132020
If you made any changes in Pure these will be visible here soon.

Research Output 2014 2019

  • 25 Conference contribution
  • 9 Article
  • 2 Master's Thesis
  • 1 Doctoral Thesis
2019

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted Exploits

Schwarz, M., Lackner, F. & Gruss, D., 24 Feb 2019, NDSS.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

NetSpectre: Read Arbitrary Memory over Network

Schwarz, M., Schwarzl, M., Lipp, M., Masters, J. & Gruß, D., Sep 2019, Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Cham: Springer, Vol. 1. p. 279-299 (Lecture Notes in Computer Science; vol. 11735).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Data storage equipment

Practical Enclave Malware with Intel SGX

Schwarz, M., Weiser, S. & Gruss, D., 8 Feb 2019, In : arXiv.org e-Print archive. arXiv:1902.03256 .

Research output: Contribution to journalArticleResearch

Electronic mail
Mountings
Personal computers
Program processors
Malware

SGXJail: Defeating Enclave Malware via Confinement

Weiser, S., Mayr, L., Schwarz, M. & Gruß, D., Sep 2019, (Accepted/In press) Research in Attacks, Intrusions and Defenses 2019.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Spectre Attacks: Exploiting Speculative Execution

Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M. & Yarom, Y., 20 May 2019, 40th IEEE Symposium on Security and Privacy.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

ZombieLoad: Cross-Privilege-Boundary Data Sampling

Schwarz, M., Lipp, M., Moghimi, D., Bulck, J. V., Stecklina, J., Prescher, T. & Gruss, D., 12 Nov 2019, (Accepted/In press) CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Program processors
Sampling
Faulting
Data storage equipment
Virtual machine
2018

Another Flip in the Wall of Rowhammer Defenses

Gruss, D., Lipp, M., Schwarz, M., Genkin, D., Juffinger, J., O'Connell, S., Schoechl, W. & Yarom, Y., 31 Jan 2018, 39th IEEE Symposium on Security and Privacy 2018.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File

A Systematic Evaluation of Transient Execution Attacks and Defenses

Canella, C., Bulck, J. V., Schwarz, M., Lipp, M., Berg, B. V., Ortner, P., Piessens, F., Evtyushkin, D. & Gruss, D., 13 Nov 2018, In : arXiv.org e-Print archive.

Research output: Contribution to journalArticleResearch

File
Core meltdown
Firmware
Program processors
Acoustic waves
Industry

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features

Schwarz, M., Gruss, D., Lipp, M., Maurice, C., Schuster, T., Fogh, A. & Mangard, S., 4 Jun 2018, AsiaCCS' 18, Proceedings of the 2018 on Asia Conference on Computer and Communications Security . New York, NY: Association of Computing Machinery, p. 587-600

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

JavaScript Zero: Real JavaScript and Zero Side-Channel Attacks

Schwarz, M., Lipp, M. & Gruss, D., 18 Feb 2018, Network and Distributed System Security Symposium 2018. p. 15

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Websites
Web browsers
World Wide Web
Interfaces (computer)
Hardware

Kernel Isolation: From an Academic Idea to an Efficient Patch for Every Computer

Gruss, D., Hansen, D. & Gregg, B., Dec 2018, In : ;login: the USENIX Magazine. 43, 4, p. 10-14 5 p.

Research output: Contribution to journalArticleResearch

KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks

Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C. L. N., Spreitzer, R. & Mangard, S., 18 Feb 2018, Network and Distributed System Security Symposium 2018. p. 15

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Smartphones
Websites
Side channel attack
Processing
Android (operating system)

Meltdown

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y. & Hamburg, M., 3 Jan 2018, In : arXiv.org e-Print archive.

Research output: Contribution to journalArticleResearch

Data storage equipment
Data privacy
Personal computers
Computer systems
Hardware

Meltdown: Reading Kernel Memory from User Space

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y. & Hamburg, M., 15 Aug 2018, 27th USENIX Security Symposium. p. 973-990 19 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Nethammer: Inducing Rowhammer Faults through Network Requests

Lipp, M., Aga, M. T., Schwarz, M., Gruss, D., Maurice, C., Raab, L. & Lamster, L., 13 May 2018, In : arXiv.org e-Print archive. 15 p.

Research output: Contribution to journalArticleResearch

File
Data storage equipment
Dynamic random access storage
Landslides
Mobile phones
Personal computers

NetSpectre: Read Arbitrary Memory over Network

Schwarz, M., Schwarzl, M., Lipp, M. & Gruss, D., 27 Jul 2018, In : arXiv.org e-Print archive.

Research output: Contribution to journalArticleResearch

File

ProcHarvester: Fully Automated Analysis of Procfs Side-Channel Leaks on Android

Spreitzer, R., Kirchengast, F., Gruss, D. & Mangard, S., 2018, ASIACCS '18 - Proceedings of the 2018 on Asia Conference on Computer and Communications Security . p. 749-763

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Application programs
Mobile devices
Learning systems
Websites
Statistics

Software-based microarchitectural attacks

Gruss, D., Sep 2018, In : IT - Information technology.

Research output: Contribution to journalArticleResearch

Software-basierte Mikroarchitekturangriffe

Gruss, D., 26 Sep 2018, (Accepted/In press) In : GI-Edition / Proceedings : lecture notes in informatics.

Research output: Contribution to journalArticleResearch

Use-after-FreeMail: Generalizing the use-after-free problem and applying it to email services

Gruss, D., Schwarz, M., Wübbeling, M., Guggi, S., Malderle, T., More, S. & Lipp, M., 29 May 2018, ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security. Association of Computing Machinery, p. 297-311 15 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Electronic mail
Data storage equipment
Gain control
Chemical analysis
2017

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features

Schwarz, M., Gruss, D., Lipp, M., Maurice, C., Schuster, T., Fogh, A. & Mangard, S., 3 Nov 2017, In : arXiv.org e-Print archive.

Research output: Contribution to journalArticleResearch

Program processors
Hazards and race conditions
Data storage equipment
Retrofitting
Flow control

Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript

Schwarz, M., Maurice, C., Gruss, D. & Mangard, S., 1 Jan 2017, Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers. Springer Verlag Wien, Vol. 10322 LNCS. p. 247-267 21 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10322 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
JavaScript
Websites
High Resolution
Attack
Dynamic random access storage

KASLR is Dead: Long Live KASLR

Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C. & Mangard, S., 2017, Engineering Secure Software and Systems - 9th International Symposium, ESSoS 2017, Proceedings. Springer-Verlag Italia, Vol. 10379 LNCS. p. 161-176 16 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10379 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
kernel
Hardware
Plant shutdowns
Flow control
Side Channel Attacks

Malware guard extension: Using SGX to conceal cache attacks

Schwarz, M., Weiser, S., Gruss, D., Maurice, C. & Mangard, S., 2017, Detection of Intrusions and Malware, and Vulnerability Assessment - 14th International Conference, DIMVA 2017, 2017. Springer-Verlag Italia, Vol. 10327 LNCS. p. 3-24 22 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10327 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Malware
Cache
Physical addresses
Attack
Hardware

Practical Keystroke Timing Attacks in Sandboxed JavaScript

Lipp, M., Gruss, D., Schwarz, M., Bidner, D., Maurice, C. & Mangard, S., 2017, Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings. Springer-Verlag Italia, Vol. 10493 LNCS. p. 191-209 19 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10493 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Timing Attack
JavaScript
Attack
Timing
Websites

Software-based Microarchitectural Attacks

Gruss, D., 14 Jun 2017

Research output: ThesisDoctoral ThesisResearch

Open Access
File

Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory

Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I. & Costa, M., 16 Aug 2017, 2017 Proceedings of the 26th USENIX Security Symposium.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
2016

ARMageddon: Last-Level Cache Attacks on Mobile Devices

Lipp, M., Gruss, D., Spreitzer, R., Maurice, C. & Mangard, S., 2016, 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, p. 549-564 16 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Mobile devices
Program processors
Smartphones
Touch screens

Cache Attacks and Rowhammer on ARM

Lipp, M., 2016, 105 p.

Research output: ThesisMaster's ThesisResearch

Mobile devices
Personal computing

DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks

Peßl, P., Gruss, D., Maurice, C. L. N., Schwarz, M. & Mangard, S., 2016, Proceedings of the 25th USENIX Security Symposium. p. 565-581 18 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Dynamic random access storage
Program processors
Data storage equipment
Cloud computing
Computer hardware

Drammer: Deterministic Rowhammer attacks on mobile platforms

Van Der Veen, V., Fratantonio, Y., Lindorfer, M., Gruss, D., Maurice, C. L. N., Vigna, G., Bos, H., Razavi, K. & Giuffrida, C., 24 Oct 2016, CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Association of Computing Machinery, Vol. 24-28-October-2016. p. 1675-1689 15 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Data storage equipment
Dynamic random access storage
Smartphones
Concretes
Hardware

Flush+Flush: A fast and stealthy cache attack

Gruss, D., Maurice, C., Wagner, K. & Mangard, S., 2016, Detection of Intrusions and Malware, and Vulnerability Assessment - 13th International Conference, DIMVA 2016, Proceedings. Springer-Verlag Italia, Vol. 9721. p. 279-299 21 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 9721).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Cache
Program processors
Attack
Hardware
Data storage equipment

Prefetch Side-Channel Attacks: Bypassing SMAP and kernel ASLR

Gruss, D., Maurice, C., Fogh, A., Lipp, M. & Mangard, S., 24 Oct 2016, CCS 2016 - Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Association of Computing Machinery, Vol. 24-28-October-2016. p. 368-379 12 p.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
Virtual addresses
Physical addresses
Binary codes
Flow control
Program processors

Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript

Gruss, D., Maurice, C. & Mangard, S., 1 Jul 2016, Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer Vieweg, (DIMVA).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
2015

Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches

Gruss, D., Spreitzer, R. & Mangard, S., 2015, 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. USENIX Association, p. 897-912

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
User interfaces
Program processors
Information systems
Entropy
Processing

Practical memory deduplication attacks in sandboxed javascript

Gruss, D., Bidner, D. & Mangard, S., 1 Jan 2015, Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Springer Verlag Wien, Vol. 9326. p. 108-122 15 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 9326).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Open Access
File
JavaScript
Smartphones
Attack
Data storage equipment
Personal computers
2014

Multi-platform Operating System Kernels

Gruss, D., 2014

Research output: ThesisMaster's ThesisResearch

Open Access
File