My research explores the security of the interface between the software and the hardware. In particular, I am interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. I work on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.
Contact Information
Email: yuval.yarom [at] rub [dot] deNews
14 May 2025
SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon received a Distinguished Paper Award at IEEE SP 2025.
8 May 2025
Published a preprint
and the Code Artifact
for Reverse-Engineering the Address Translation Caches.17 Apr 2025
Source artifact available Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye, co-authored with .16 Apr 2025
Preprint available Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye, co-authored with .10 Mar 2025
The paper Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye with will appear in IEEE SP 202528 Feb 2025
Congratulations to who completed a PhD on The Security Impact of Microarchitecture Optimizations.11 Feb 2025
The paper HyperHammer: Breaking Free from KVM-Enforced Isolation with will appear in ASPLOS 202510 Feb 2025
The paper Protecting cryptographic code against Spectre-RSB (and, in fact, all known Spectre variants) with will appear in ASPLOS 202528 Jan 2025
The paper SLAP: Data Speculation Attacks via Load Address Prediction on Apple Silicon with will appear in IEEE SP 202528 Jan 2025
The paper FLOP: Breaking the Apple M3 CPU via False Load Output Predictions with will appear in USENIX Security 2025More news...
Service
Program Chair: SEED 2022, WOOT 2020, Kangacrypt 2018, SPACE 2018.
Event Organisation:
uASC 2025,
SSS2 2023,
CHES 2020
,
Kangacrypt 2018,
ASEC 2018.
Steering Committees: CHES 2019–2020, uASC 2025–, WOOT 2020–.
Editorial Board: Communications in Cryptography 2024
Program Committees:
- 2025: CHES, DRAMSec, IEEE EuroS&P, IEEE S&P, uASC, USENIX Security
- 2024: ASPLOS (ERC), CHES, DRAMSec, IEEE EuroS&P, IEEE S&P, RWC, USENIX Security, WOOT
- 2023: ACISP, CCS, IEEE S&P (Associate Chair), RWC, SecDev, SILM, USENIX Security, WOOT
- 2022: ACISP, CARDIS, CCS, CFAIL, CHES, DRAMSec, HASP, IEEE S&P, RWC, SecDev, SILM, Top in HES, USENIX Security
- 2021: ACISP, ACSAC, AsiaCCS, CARDIS, CHES, CT-RSA, DATE, DRAMSec, ESORICS, IEEE S&P, SEED, SILM, USENIX Security
- 2020: ACSAC, CARDIS, CHES, IEEE S&P, SCAM, SILM, SPACE, USENIX Security
- 2019: ASPLOS (ERC), CARDIS, CCS, CHES, IEEE EuroS&P, Latincrypt, RWC, SAC, SPACE, USENIX ATC, USENIX Security, WOOT
- 2018: CARDIS, CHES, SysTEX
- 2017: Latincrypt, SPACE, USENIX Security
- 2015: SYSTOR
Awards
- Distinguished Paper Award — IEEE SP 2025
- iLeakage awarded Top Picks in Hardware and Embedded Security — 2024
- German IT Security Prize; 2024
- Distinguished paper award — CCS 2024
- Distinguished paper award — CCS 2024
- Excellent Teaching Award Nominee — RUB 2024
- Humies Gold Award — GECCO 2023
- Distinguished Paper Award — PLDI 2023
- NSA Best Scientific Cybersecurity Paper Competition 2020
- SA Young Tall Poppy Award — 2020
- Best student paper award — ICEIS 2020
- Chris Wallace Award for Outstanding Research — 2020
- Honorable Mention — NSA Best Scientific Cybersecurity Paper Competition 2019
- Distinguished Paper Award — IEEE SP 2019
- Best Paper Award — EuroSys 2019
- Foreshadow chosen for IEEE Micro Top Pick — 2019
- Best Paper Award — APSys 2018
- Pwnie Award — Most Innovative Research — Black Hat 2018
- Pwnie Award — Best Privilege Escalation Bug — Black Hat 2018
- Knuth Reward Cheque — 1999
- Mifal Hapayis Research Prize — 1994
Misc
- My Erdös number is 2.
- PhD Thesis: Software-based Reference Protection for Component Isolation
- Master Thesis: The Deputy Mechanism for Transparent Process Migration
- Simulated Annealing for Standard-Cell Sizing (An Amirim—Science project report — in Hebrew).