
My research explores the security of the interface between the software and the hardware. In particular, I am interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. I work on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.
Contact Information
Email: yuval.yarom [at] rub [dot] deNews
28 Jan 2025
The paper SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon with will appear in IEEE 202528 Jan 2025
The paper FLOP: Breaking the Apple M3 CPU via False Load Output Predictions with will appear in USENIX Security 202527 Jan 2025
The paper Reverse-Engineering the Address Translation Caches with will appear in DIMVA 202526 Jan 2025
iLeakage: Browser-based Timerless Speculative Execution Attacks on Apple Devices is crowned as Top Picks in Hardware and Embedded Security in 202424 Jan 2025
Two presentations accepted to RWC 2025.
One on Stealing Cryptographic Keys with Weird Gates, based on two papers,
and the other on Testing Side-Channel Security of Cryptographic Implementations against Future Microarchitectures.9 Jan 2025
The paper Leaky McEliece: Secret Key Recovery From Highly Erroneous Side-Channel Information with will appear in TCHES9 Dec 2024
Published a preprint

22 Nov 2024
The paper On Borrowed Time – Preventing Static Side-Channel Analysis with will appear in NDSS 20257 Nov 2024
Our work CryptOpt: Verified Compilation with Randomized Program Search for Cryptographic Primitives won the 2024 German IT Security Prize 

29 Oct 2024
Congratulations to who completed a PhD on Enhancing State-of-the-Art Techniques Generating Low-Level Code for Cryptographic Arithmetic.More news...
Service
Program Chair: SEED 2022, WOOT 2020, Kangacrypt 2018, SPACE 2018.
Event Organisation:
uASC 2025,
SSS2 2023,
CHES 2020,
Kangacrypt 2018,
ASEC 2018.
Steering Committees: CHES 2019–2020, uASC 2025–, WOOT 2020–.
Editorial Board: Communications in Cryptography 2024
Program Committees:
- 2025: CHES, IEEE EuroS&P, IEEE S&P, uASC, USENIX Security
- 2024: ASPLOS (ERC), CHES, IEEE EuroS&P, IEEE S&P, RWC, USENIX Security, WOOT
- 2023: ACISP, CCS, IEEE S&P (Associate Chair), RWC, SecDev, SILM, USENIX Security, WOOT
- 2022: ACISP, CARDIS, CCS, CFAIL, CHES, DRAMSec, HASP, IEEE S&P, RWC, SecDev, SILM, Top in HES, USENIX Security
- 2021: ACISP, ACSAC, AsiaCCS, CARDIS, CHES, CT-RSA, DATE, DRAMSec, ESORICS, IEEE S&P, SEED, SILM, USENIX Security
- 2020: ACSAC, CARDIS, CHES, IEEE S&P, SCAM, SILM, SPACE, USENIX Security
- 2019: ASPLOS (ERC), CARDIS, CCS, CHES, IEEE EuroS&P, Latincrypt, RWC, SAC, SPACE, USENIX ATC, USENIX Security, WOOT
- 2018: CARDIS, CHES, SysTEX
- 2017: Latincrypt, SPACE, USENIX Security
- 2015: SYSTOR
Awards
- iLeakage awarded Top Picks in Hardware and Embedded Security — 2024
- German IT Security Prize; 2024
- Distinguished paper award — CCS 2024
- Distinguished paper award — CCS 2024
- Excellent Teaching Award Nominee — RUB 2024
- Humies Gold Award — GECCO 2023
- Distinguished Paper Award — PLDI 2023
- NSA Best Scientific Cybersecurity Paper Competition 2020
- SA Young Tall Poppy Award — 2020
- Best student paper award — ICEIS 2020
- Chris Wallace Award for Outstanding Research — 2020
- Honorable Mention — NSA Best Scientific Cybersecurity Paper Competition 2019
- Distinguished Paper Award — IEEE SP 2019
- Best Paper Award — EuroSys 2019
- Foreshadow chosen for IEEE Micro Top Pick — 2019
- Best Paper Award — APSys 2018
- Pwnie Award — Most Innovative Research — Black Hat 2018
- Pwnie Award — Best Privilege Escalation Bug — Black Hat 2018
- Knuth Reward Cheque — 1999
- Mifal Hapayis Research Prize — 1994
Misc
- My Erdös number is 2.
- PhD Thesis: Software-based Reference Protection for Component Isolation
- Master Thesis: The Deputy Mechanism for Transparent Process Migration
- Simulated Annealing for Standard-Cell Sizing (An Amirim—Science project report — in Hebrew).