Our main research goal is the construction of reliable and secure computing systems. To this end, our research often touches on all layers of the computing stack, from software, all the way down to hardware. We use novel analysis techniques to better understand the attack surface of modern systems and when appropriate, we build systems that can withstand different classes of attacks. We regularly publish our results at top computer architecture, systems and security conferences, and our work ...| comsec.ethz.ch
VMScape (CVE-2025-40300) brings Spectre branch target injection (Spectre-BTI) to the cloud, revealing a critical gap in how branch predictor states are isolated in virtualized environments. Our systematic analysis of protection-domain isolation shows that current mechanisms are too coarse-grained: on all AMD Zen CPUs, including the latest Zen 5, the branch predictor cannot distinguish between host and guest execution, enabling practical cross-virtualization BTI (vBTI) attack primitives. Altho...| comsec.ethz.ch
Branch Privilege Injection (CVE-2024-45332) brings back the full might of branch target injection attacks (Spectre-BTI) on Intel. Intel’s hardware mitigations against these types of attacks have held their ground for almost 6 years. In our work, we demonstrate how these mitigations can be broken due to a race condition in Intel CPUs.| comsec.ethz.ch